Issue #2245117 by znerol: Remove the optional $skip_anonymous parameter from CsrfTokenGenerator::validate and remove the dependency on current_user service.
parent
5d05703adc
commit
c9ec67d60e
|
@ -499,8 +499,6 @@ services:
|
|||
csrf_token:
|
||||
class: Drupal\Core\Access\CsrfTokenGenerator
|
||||
arguments: ['@private_key']
|
||||
calls:
|
||||
- [setCurrentUser, ['@?current_user']]
|
||||
access_manager:
|
||||
class: Drupal\Core\Access\AccessManager
|
||||
arguments: ['@router.route_provider', '@url_generator', '@paramconverter_manager']
|
||||
|
|
|
@ -2893,20 +2893,17 @@ function drupal_get_token($value = '') {
|
|||
* The token to be validated.
|
||||
* @param string $value
|
||||
* An additional value to base the token on.
|
||||
* @param bool $skip_anonymous
|
||||
* Set to true to skip token validation for anonymous users.
|
||||
*
|
||||
* @return bool
|
||||
* True for a valid token, false for an invalid token. When $skip_anonymous
|
||||
* is true, the return value will always be true for anonymous users.
|
||||
* True for a valid token, false for an invalid token.
|
||||
*
|
||||
* @see \Drupal\Core\Access\CsrfTokenGenerator
|
||||
*
|
||||
* @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
|
||||
* Use return \Drupal::csrfToken()->validate().
|
||||
*/
|
||||
function drupal_valid_token($token, $value = '', $skip_anonymous = FALSE) {
|
||||
return \Drupal::csrfToken()->validate($token, $value, $skip_anonymous);
|
||||
function drupal_valid_token($token, $value = '') {
|
||||
return \Drupal::csrfToken()->validate($token, $value);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -25,13 +25,6 @@ class CsrfTokenGenerator {
|
|||
*/
|
||||
protected $privateKey;
|
||||
|
||||
/**
|
||||
* The current user.
|
||||
*
|
||||
* @var \Drupal\Core\Session\AccountInterface
|
||||
*/
|
||||
protected $currentUser;
|
||||
|
||||
/**
|
||||
* Constructs the token generator.
|
||||
*
|
||||
|
@ -42,16 +35,6 @@ class CsrfTokenGenerator {
|
|||
$this->privateKey = $private_key;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the current user.
|
||||
*
|
||||
* @param \Drupal\Core\Session\AccountInterface|null $current_user
|
||||
* The current user service.
|
||||
*/
|
||||
public function setCurrentUser(AccountInterface $current_user = NULL) {
|
||||
$this->currentUser = $current_user;
|
||||
}
|
||||
|
||||
/**
|
||||
* Generates a token based on $value, the user session, and the private key.
|
||||
*
|
||||
|
@ -82,15 +65,12 @@ class CsrfTokenGenerator {
|
|||
* The token to be validated.
|
||||
* @param string $value
|
||||
* (optional) An additional value to base the token on.
|
||||
* @param bool $skip_anonymous
|
||||
* (optional) Set to TRUE to skip token validation for anonymous users.
|
||||
*
|
||||
* @return bool
|
||||
* TRUE for a valid token, FALSE for an invalid token. When $skip_anonymous
|
||||
* is TRUE, the return value will always be TRUE for anonymous users.
|
||||
* TRUE for a valid token, FALSE for an invalid token.
|
||||
*/
|
||||
public function validate($token, $value = '', $skip_anonymous = FALSE) {
|
||||
return ($skip_anonymous && $this->currentUser->isAnonymous()) || ($token === $this->get($value));
|
||||
public function validate($token, $value = '') {
|
||||
return $token === $this->get($value);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -71,23 +71,6 @@ class CsrfTokenGeneratorTest extends UnitTestCase {
|
|||
|
||||
$token = $this->generator->get('bar');
|
||||
$this->assertTrue($this->generator->validate($token, 'bar'));
|
||||
|
||||
// Check the skip_anonymous option with both a anonymous user and a real
|
||||
// user.
|
||||
$account = $this->getMock('Drupal\Core\Session\AccountInterface');
|
||||
$account->expects($this->once())
|
||||
->method('isAnonymous')
|
||||
->will($this->returnValue(TRUE));
|
||||
$this->generator->setCurrentUser($account);
|
||||
$this->assertTrue($this->generator->validate($token, 'foo', TRUE));
|
||||
|
||||
$account = $this->getMock('Drupal\Core\Session\AccountInterface');
|
||||
$account->expects($this->once())
|
||||
->method('isAnonymous')
|
||||
->will($this->returnValue(FALSE));
|
||||
$this->generator->setCurrentUser($account);
|
||||
|
||||
$this->assertFalse($this->generator->validate($token, 'foo', TRUE));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in New Issue