Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
D
drupal
Manage
Activity
Members
Labels
Plan
Wiki
Custom issue tracker
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Model registry
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
project
drupal
Merge requests
!7777
Add a new method for negotiating the active workspace.
Code
Review changes
Check out branch
Open in Workspace
Download
Patches
Plain diff
Expand sidebar
Closed
Add a new method for negotiating the active workspace.
issue/drupal-3443761:3443761-10.3.x
into
10.3.x
Overview
0
Commits
4
Pipelines
4
Changes
8
Closed
Add a new method for negotiating the active workspace.
Andrei Mateescu
requested to merge
issue/drupal-3443761:3443761-10.3.x
into
10.3.x
Apr 26, 2024
Overview
0
Commits
4
Pipelines
4
Changes
8
Closes
#3443761
for 10.3.x
0
0
Merge request reports
Compare
10.3.x
version 3
173b36fb
May 2, 2024
version 2
76314f9b
Apr 26, 2024
version 1
dd88e396
Apr 26, 2024
10.3.x (base)
and
latest version
latest version
38c10ac0
4 commits,
May 3, 2024
version 3
173b36fb
3 commits,
May 2, 2024
version 2
76314f9b
2 commits,
Apr 26, 2024
version 1
dd88e396
1 commit,
Apr 26, 2024
8 files
+
232
−
54
Inline
Compare changes
Side-by-side
Inline
Show whitespace changes
Show one file at a time
Files
8
core/modules/workspaces/src/Negotiator/QueryParameterWorkspaceNegotiator.php
+
28
−
9
View file @ 38c10ac0
Edit in single-file editor
Open in Web IDE
Show full file
@@ -2,6 +2,8 @@
namespace
Drupal\workspaces\Negotiator
;
use
Drupal\Component\Utility\Crypt
;
use
Drupal\Core\Site\Settings
;
use
Symfony\Component\HttpFoundation\Request
;
/**
@@ -13,21 +15,38 @@ class QueryParameterWorkspaceNegotiator extends SessionWorkspaceNegotiator {
* {@inheritdoc}
*/
public
function
applies
(
Request
$request
)
{
return
is_string
(
$request
->
query
->
get
(
'workspace'
))
&&
parent
::
applies
(
$request
);
return
is_string
(
$request
->
query
->
get
(
'workspace'
))
&&
is_string
(
$request
->
query
->
get
(
'token'
))
&&
parent
::
applies
(
$request
);
}
/**
* {@inheritdoc}
*/
public
function
getActiveWorkspace
(
Request
$request
)
{
$workspace_id
=
$request
->
query
->
get
(
'workspace'
);
if
(
$workspace_id
&&
(
$workspace
=
$this
->
workspaceStorage
->
load
(
$workspace_id
)))
{
$this
->
setActiveWorkspace
(
$workspace
);
return
$workspace
;
}
public
function
getActiveWorkspaceId
(
Request
$request
):
?string
{
$workspace_id
=
(
string
)
$request
->
query
->
get
(
'workspace'
);
$token
=
(
string
)
$request
->
query
->
get
(
'token'
);
$is_valid_token
=
hash_equals
(
$this
->
getQueryToken
(
$workspace_id
),
$token
);
// This negotiator receives a workspace ID from user input, so a minimal
// validation is needed to ensure that we protect against fake input before
// the workspace manager fully validates the negotiated workspace ID.
// @see \Drupal\workspaces\WorkspaceManager::getActiveWorkspace()
return
$is_valid_token
?
$workspace_id
:
NULL
;
}
return
NULL
;
/**
* Calculates a token based on a workspace ID.
*
* @param string $workspace_id
* The workspace ID.
*
* @return string
* An 8 char token based on the given workspace ID.
*/
protected
function
getQueryToken
(
string
$workspace_id
):
string
{
// Return the first 8 characters.
return
substr
(
Crypt
::
hmacBase64
(
$workspace_id
,
Settings
::
getHashSalt
()),
0
,
8
);
}
}
Loading