Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2201919 by damiankloip: Replace drupal_get_hash_salt() with direct Settings call in CsrfTokenGenerator.

8.0.x
Nathaniel Catchpole 2014-02-28 10:57:22 +00:00
parent 52a40a7dab
commit aad87a80b1
3 changed files with 18 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/core.services.yml
View File

@ -460,9 +460,9 @@ services:
arguments: ['@state'] arguments: ['@state']
csrf_token: csrf_token:
class: Drupal\Core\Access\CsrfTokenGenerator class: Drupal\Core\Access\CsrfTokenGenerator
arguments: ['@private_key'] arguments: ['@private_key', '@settings']
calls: calls:
- [setCurrentUser, ['@?current_user']] - [setCurrentUser, ['@?current_user=']]
access_manager: access_manager:
class: Drupal\Core\Access\AccessManager class: Drupal\Core\Access\AccessManager
arguments: ['@router.route_provider', '@url_generator', '@paramconverter_manager'] arguments: ['@router.route_provider', '@url_generator', '@paramconverter_manager']

15
core/lib/Drupal/Core/Access/CsrfTokenGenerator.php
View File

@ -8,6 +8,7 @@
namespace Drupal\Core\Access; namespace Drupal\Core\Access;
use Drupal\Component\Utility\Crypt; use Drupal\Component\Utility\Crypt;
use Drupal\Component\Utility\Settings;
use Drupal\Core\PrivateKey; use Drupal\Core\PrivateKey;
use Drupal\Core\Session\AccountInterface; use Drupal\Core\Session\AccountInterface;
@ -32,14 +33,24 @@ class CsrfTokenGenerator {
*/ */
protected $currentUser; protected $currentUser;
/**
* The settings instance.
*
* @var \Drupal\Component\Utility\Settings
*/
protected $settings;
/** /**
* Constructs the token generator. * Constructs the token generator.
* *
* @param \Drupal\Core\PrivateKey $private_key * @param \Drupal\Core\PrivateKey $private_key
* The private key service. * The private key service.
* @param \Drupal\Component\Utility\Settings $settings
* The settings instance.
*/ */
public function __construct(PrivateKey $private_key) { public function __construct(PrivateKey $private_key, Settings $settings) {
$this->privateKey = $private_key; $this->privateKey = $private_key;
$this->settings = $settings;
} }
/** /**
@ -72,7 +83,7 @@ class CsrfTokenGenerator {
* @see drupal_session_start() * @see drupal_session_start()
*/ */
public function get($value = '') { public function get($value = '') {
return Crypt::hmacBase64($value, session_id() . $this->privateKey->get() . drupal_get_hash_salt()); return Crypt::hmacBase64($value, session_id() . $this->privateKey->get() . $this->settings->get('hash_salt'));
} }
/** /**

19
core/tests/Drupal/Tests/Core/Access/CsrfTokenGeneratorTest.php
View File

@ -5,12 +5,12 @@
* Contains \Drupal\Tests\Core\Access\CsrfTokenGeneratorTest. * Contains \Drupal\Tests\Core\Access\CsrfTokenGeneratorTest.
*/ */
namespace Drupal\Tests\Core\Access { namespace Drupal\Tests\Core\Access;
use Drupal\Tests\UnitTestCase; use Drupal\Tests\UnitTestCase;
use Drupal\Core\Access\CsrfTokenGenerator; use Drupal\Core\Access\CsrfTokenGenerator;
use Drupal\Component\Utility\Crypt; use Drupal\Component\Utility\Crypt;
use Symfony\Component\HttpFoundation\Request; use Drupal\Component\Utility\Settings;
/** /**
* Tests the CSRF token generator. * Tests the CSRF token generator.
@ -48,7 +48,7 @@ class CsrfTokenGeneratorTest extends UnitTestCase {
->method('get') ->method('get')
->will($this->returnValue($this->key)); ->will($this->returnValue($this->key));
$this->generator = new CsrfTokenGenerator($private_key); $this->generator = new CsrfTokenGenerator($private_key, new Settings(array('hash_salt' => 'test')));
} }
/** /**
@ -153,16 +153,3 @@ class CsrfTokenGeneratorTest extends UnitTestCase {
} }
} }
}
/**
* @todo Remove this when https://drupal.org/node/2036259 is resolved.
*/
namespace {
if (!function_exists('drupal_get_hash_salt')) {
function drupal_get_hash_salt() {
return hash('sha256', 'test_hash_salt');
}
}
}