Commit 91ae64ac authored by alexpott's avatar alexpott

Revert "Issue #2229145 by znerol, neclimdul, larowlan, joelpittet, almaudoh:...

Revert "Issue #2229145 by znerol, neclimdul, larowlan, joelpittet, almaudoh: Register symfony session components in the DIC and inject the session service into the request object"

This reverts commit b926f5d8.
parent 834c5a29
...@@ -51,6 +51,7 @@ ...@@ -51,6 +51,7 @@
* TRUE if the current user can run authorize.php, and FALSE if not. * TRUE if the current user can run authorize.php, and FALSE if not.
*/ */
function authorize_access_allowed() { function authorize_access_allowed() {
\Drupal::service('session_manager')->start();
return Settings::get('allow_authorize_operations', TRUE) && \Drupal::currentUser()->hasPermission('administer software updates'); return Settings::get('allow_authorize_operations', TRUE) && \Drupal::currentUser()->hasPermission('administer software updates');
} }
......
...@@ -475,11 +475,6 @@ services: ...@@ -475,11 +475,6 @@ services:
arguments: ['@kernel'] arguments: ['@kernel']
tags: tags:
- { name: http_middleware, priority: 100 } - { name: http_middleware, priority: 100 }
http_middleware.session:
class: Drupal\Core\StackMiddleware\Session
arguments: ['@session']
tags:
- { name: http_middleware, priority: 50 }
language_manager: language_manager:
class: Drupal\Core\Language\LanguageManager class: Drupal\Core\Language\LanguageManager
arguments: ['@language.default'] arguments: ['@language.default']
...@@ -998,7 +993,7 @@ services: ...@@ -998,7 +993,7 @@ services:
arguments: ['@module_handler', '@cache.discovery', '@language_manager', '@cache_tags.invalidator'] arguments: ['@module_handler', '@cache.discovery', '@language_manager', '@cache_tags.invalidator']
batch.storage: batch.storage:
class: Drupal\Core\Batch\BatchStorage class: Drupal\Core\Batch\BatchStorage
arguments: ['@database', '@session', '@csrf_token'] arguments: ['@database', '@session_manager', '@csrf_token']
tags: tags:
- { name: backend_overridable } - { name: backend_overridable }
replica_database_ignore__subscriber: replica_database_ignore__subscriber:
...@@ -1094,15 +1089,6 @@ services: ...@@ -1094,15 +1089,6 @@ services:
session_configuration: session_configuration:
class: Drupal\Core\Session\SessionConfiguration class: Drupal\Core\Session\SessionConfiguration
arguments: ['%session.storage.options%'] arguments: ['%session.storage.options%']
session:
class: Symfony\Component\HttpFoundation\Session\Session
arguments: ['@session_manager', '@session.attribute_bag', '@session.flash_bag']
session.flash_bag:
class: Symfony\Component\HttpFoundation\Session\Flash\FlashBag
public: false
session.attribute_bag:
class: Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag
public: false
session_manager: session_manager:
class: Drupal\Core\Session\SessionManager class: Drupal\Core\Session\SessionManager
arguments: ['@request_stack', '@database', '@session_manager.metadata_bag', '@session_configuration'] arguments: ['@request_stack', '@database', '@session_manager.metadata_bag', '@session_configuration']
......
...@@ -21,11 +21,9 @@ ...@@ -21,11 +21,9 @@
use Drupal\Core\DependencyInjection\ContainerBuilder; use Drupal\Core\DependencyInjection\ContainerBuilder;
use Drupal\Core\Url; use Drupal\Core\Url;
use Drupal\language\Entity\ConfigurableLanguage; use Drupal\language\Entity\ConfigurableLanguage;
use Symfony\Cmf\Component\Routing\RouteObjectInterface;
use Symfony\Component\DependencyInjection\Reference; use Symfony\Component\DependencyInjection\Reference;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Route;
use GuzzleHttp\Exception\RequestException; use GuzzleHttp\Exception\RequestException;
...@@ -398,6 +396,7 @@ function install_begin_request($class_loader, &$install_state) { ...@@ -398,6 +396,7 @@ function install_begin_request($class_loader, &$install_state) {
$kernel->setSitePath($site_path); $kernel->setSitePath($site_path);
$kernel->boot(); $kernel->boot();
$container = $kernel->getContainer(); $container = $kernel->getContainer();
$container->get('request_stack')->push($request);
// Register the file translation service. // Register the file translation service.
if (isset($GLOBALS['config']['locale.settings']['translation']['path'])) { if (isset($GLOBALS['config']['locale.settings']['translation']['path'])) {
...@@ -443,15 +442,13 @@ function install_begin_request($class_loader, &$install_state) { ...@@ -443,15 +442,13 @@ function install_begin_request($class_loader, &$install_state) {
if ($profile && !$module_handler->moduleExists($profile)) { if ($profile && !$module_handler->moduleExists($profile)) {
$module_handler->addProfile($profile, $install_state['profiles'][$profile]->getPath()); $module_handler->addProfile($profile, $install_state['profiles'][$profile]->getPath());
} }
// After setting up a custom and finite module list in a custom low-level
// bootstrap like here, ensure to use ModuleHandler::loadAll() so that
// ModuleHandler::isLoaded() returns TRUE, since that is a condition being
// checked by other subsystems (e.g., the theme system).
$module_handler->loadAll();
// Load all modules and perform request related initialization. $kernel->prepareLegacyRequest($request);
$kernel->preHandle($request);
// Initialize a route on this legacy request similar to
// \Drupal\Core\DrupalKernel::prepareLegacyRequest() since normal routing
// will not happen.
$request->attributes->set(RouteObjectInterface::ROUTE_OBJECT, new Route('<none>'));
$request->attributes->set(RouteObjectInterface::ROUTE_NAME, '<none>');
// Prepare for themed output. We need to run this at the beginning of the // Prepare for themed output. We need to run this at the beginning of the
// page request to avoid a different theme accidentally getting set. (We also // page request to avoid a different theme accidentally getting set. (We also
...@@ -596,7 +593,7 @@ function install_run_task($task, &$install_state) { ...@@ -596,7 +593,7 @@ function install_run_task($task, &$install_state) {
$response = batch_process($url, clone $url); $response = batch_process($url, clone $url);
if ($response instanceof Response) { if ($response instanceof Response) {
// Save $_SESSION data from batch. // Save $_SESSION data from batch.
\Drupal::service('session')->save(); \Drupal::service('session_manager')->save();
// Send the response. // Send the response.
$response->send(); $response->send();
exit; exit;
...@@ -1551,7 +1548,7 @@ function install_load_profile(&$install_state) { ...@@ -1551,7 +1548,7 @@ function install_load_profile(&$install_state) {
* An array of information about the current installation state. * An array of information about the current installation state.
*/ */
function install_bootstrap_full() { function install_bootstrap_full() {
\Drupal::service('session')->start(); \Drupal::service('session_manager')->start();
} }
/** /**
......
...@@ -17,11 +17,28 @@ ...@@ -17,11 +17,28 @@
*/ */
class Cookie implements AuthenticationProviderInterface { class Cookie implements AuthenticationProviderInterface {
/**
* The session manager.
*
* @var \Drupal\Core\Session\SessionManagerInterface
*/
protected $sessionManager;
/**
* Constructs a new Cookie authentication provider instance.
*
* @param \Drupal\Core\Session\SessionManagerInterface $session_manager
* The session manager.
*/
public function __construct(SessionManagerInterface $session_manager) {
$this->sessionManager = $session_manager;
}
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
public function applies(Request $request) { public function applies(Request $request) {
return $request->hasSession(); return TRUE;
} }
/** /**
...@@ -30,11 +47,10 @@ public function applies(Request $request) { ...@@ -30,11 +47,10 @@ public function applies(Request $request) {
public function authenticate(Request $request) { public function authenticate(Request $request) {
// Global $user is deprecated, but the session system is still based on it. // Global $user is deprecated, but the session system is still based on it.
global $user; global $user;
$this->sessionManager->start();
if ($request->getSession()->start()) { if ($this->sessionManager->isStarted()) {
return $user; return $user;
} }
return NULL; return NULL;
} }
...@@ -42,6 +58,7 @@ public function authenticate(Request $request) { ...@@ -42,6 +58,7 @@ public function authenticate(Request $request) {
* {@inheritdoc} * {@inheritdoc}
*/ */
public function cleanup(Request $request) { public function cleanup(Request $request) {
$this->sessionManager->save();
} }
/** /**
......
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
namespace Drupal\Core\Batch; namespace Drupal\Core\Batch;
use Drupal\Core\Database\Connection; use Drupal\Core\Database\Connection;
use Symfony\Component\HttpFoundation\Session\SessionInterface; use Drupal\Core\Session\SessionManager;
use Drupal\Core\Access\CsrfTokenGenerator; use Drupal\Core\Access\CsrfTokenGenerator;
class BatchStorage implements BatchStorageInterface { class BatchStorage implements BatchStorageInterface {
...@@ -21,11 +21,11 @@ class BatchStorage implements BatchStorageInterface { ...@@ -21,11 +21,11 @@ class BatchStorage implements BatchStorageInterface {
protected $connection; protected $connection;
/** /**
* The session. * The session manager.
* *
* @var \Symfony\Component\HttpFoundation\Session\SessionInterface * @var \Drupal\Core\Session\SessionManager
*/ */
protected $session; protected $sessionManager;
/** /**
* The CSRF token generator. * The CSRF token generator.
...@@ -39,14 +39,14 @@ class BatchStorage implements BatchStorageInterface { ...@@ -39,14 +39,14 @@ class BatchStorage implements BatchStorageInterface {
* *
* @param \Drupal\Core\Database\Connection $connection * @param \Drupal\Core\Database\Connection $connection
* The database connection. * The database connection.
* @param \Symfony\Component\HttpFoundation\Session\SessionInterface $session * @param \Drupal\Core\Session\SessionManager $session_manager
* The session. * The session manager.
* @param \Drupal\Core\Access\CsrfTokenGenerator $csrf_token * @param \Drupal\Core\Access\CsrfTokenGenerator $csrf_token
* The CSRF token generator. * The CSRF token generator.
*/ */
public function __construct(Connection $connection, SessionInterface $session, CsrfTokenGenerator $csrf_token) { public function __construct(Connection $connection, SessionManager $session_manager, CsrfTokenGenerator $csrf_token) {
$this->connection = $connection; $this->connection = $connection;
$this->session = $session; $this->sessionManager = $session_manager;
$this->csrfToken = $csrf_token; $this->csrfToken = $csrf_token;
} }
...@@ -55,7 +55,7 @@ public function __construct(Connection $connection, SessionInterface $session, C ...@@ -55,7 +55,7 @@ public function __construct(Connection $connection, SessionInterface $session, C
*/ */
public function load($id) { public function load($id) {
// Ensure that a session is started before using the CSRF token generator. // Ensure that a session is started before using the CSRF token generator.
$this->session->start(); $this->sessionManager->start();
$batch = $this->connection->query("SELECT batch FROM {batch} WHERE bid = :bid AND token = :token", array( $batch = $this->connection->query("SELECT batch FROM {batch} WHERE bid = :bid AND token = :token", array(
':bid' => $id, ':bid' => $id,
':token' => $this->csrfToken->get($id), ':token' => $this->csrfToken->get($id),
...@@ -100,7 +100,7 @@ public function cleanup() { ...@@ -100,7 +100,7 @@ public function cleanup() {
*/ */
public function create(array $batch) { public function create(array $batch) {
// Ensure that a session is started before using the CSRF token generator. // Ensure that a session is started before using the CSRF token generator.
$this->session->start(); $this->sessionManager->start();
$this->connection->insert('batch') $this->connection->insert('batch')
->fields(array( ->fields(array(
'bid' => $batch['id'], 'bid' => $batch['id'],
......
...@@ -571,9 +571,8 @@ public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = ...@@ -571,9 +571,8 @@ public function handle(Request $request, $type = self::MASTER_REQUEST, $catch =
public function prepareLegacyRequest(Request $request) { public function prepareLegacyRequest(Request $request) {
$this->boot(); $this->boot();
$this->preHandle($request); $this->preHandle($request);
// Setup services which are normally initialized from within stack // Enter the request scope so that current_user service is available for
// middleware or during the request kernel event. // locale/translation sake.
$request->setSession($this->container->get('session'));
$request->attributes->set(RouteObjectInterface::ROUTE_OBJECT, new Route('<none>')); $request->attributes->set(RouteObjectInterface::ROUTE_OBJECT, new Route('<none>'));
$request->attributes->set(RouteObjectInterface::ROUTE_NAME, '<none>'); $request->attributes->set(RouteObjectInterface::ROUTE_NAME, '<none>');
$this->container->get('request_stack')->push($request); $this->container->get('request_stack')->push($request);
...@@ -719,16 +718,6 @@ protected function initializeContainer($rebuild = FALSE) { ...@@ -719,16 +718,6 @@ protected function initializeContainer($rebuild = FALSE) {
if ($session_manager_started) { if ($session_manager_started) {
$this->container->get('session_manager')->start(); $this->container->get('session_manager')->start();
} }
// The request stack is preserved accross container rebuilds. Reinject the
// new session into the master request if one was present before.
if (($request_stack = $this->container->get('request_stack', ContainerInterface::NULL_ON_INVALID_REFERENCE))) {
if ($request = $request_stack->getMasterRequest()) {
if ($request->hasSession()) {
$request->setSession($this->container->get('session'));
}
}
}
\Drupal::setContainer($this->container); \Drupal::setContainer($this->container);
// If needs dumping flag was set, dump the container. // If needs dumping flag was set, dump the container.
......
...@@ -111,11 +111,6 @@ protected function makeSubrequest(GetResponseForExceptionEvent $event, $path, $s ...@@ -111,11 +111,6 @@ protected function makeSubrequest(GetResponseForExceptionEvent $event, $path, $s
// Persist the 'exception' attribute to the subrequest. // Persist the 'exception' attribute to the subrequest.
$sub_request->attributes->set('exception', $request->attributes->get('exception')); $sub_request->attributes->set('exception', $request->attributes->get('exception'));
// Carry over the session to the subrequest.
if ($session = $request->getSession()) {
$sub_request->setSession($session);
}
$response = $this->httpKernel->handle($sub_request, HttpKernelInterface::SUB_REQUEST); $response = $this->httpKernel->handle($sub_request, HttpKernelInterface::SUB_REQUEST);
$response->setStatusCode($status_code); $response->setStatusCode($status_code);
$event->setResponse($response); $event->setResponse($response);
......
...@@ -59,6 +59,9 @@ public function register(ContainerBuilder $container) { ...@@ -59,6 +59,9 @@ public function register(ContainerBuilder $container) {
// @todo Convert installer steps into routes; add an installer.routing.yml. // @todo Convert installer steps into routes; add an installer.routing.yml.
$definition = $container->getDefinition('router.builder'); $definition = $container->getDefinition('router.builder');
$definition->setClass('Drupal\Core\Installer\InstallerRouteBuilder'); $definition->setClass('Drupal\Core\Installer\InstallerRouteBuilder');
// Remove dependencies on Drupal's default session handling.
$container->removeDefinition('authentication.cookie');
} }
/** /**
......
...@@ -338,7 +338,7 @@ protected function getSessionDataMask() { ...@@ -338,7 +338,7 @@ protected function getSessionDataMask() {
// Ignore attribute bags when they do not contain any data. // Ignore attribute bags when they do not contain any data.
foreach ($this->bags as $bag) { foreach ($this->bags as $bag) {
$key = $bag->getStorageKey(); $key = $bag->getStorageKey();
$mask[$key] = !empty($_SESSION[$key]); $mask[$key] = empty($_SESSION[$key]);
} }
return array_intersect_key($mask, $_SESSION); return array_intersect_key($mask, $_SESSION);
......
<?php
/**
* @file
* Contains \Drupal\Core\StackMiddleware\Session.
*/
namespace Drupal\Core\StackMiddleware;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Session\SessionInterface;
use Symfony\Component\HttpKernel\HttpKernelInterface;
/**
* Wrap session logic around a HTTP request.
*/
class Session implements HttpKernelInterface {
/**
* The wrapped HTTP kernel.
*
* @var \Symfony\Component\HttpKernel\HttpKernelInterface
*/
protected $httpKernel;
/**
* The session.
*
* @var \Symfony\Component\HttpFoundation\Session\SessionInterface
*/
protected $session;
/**
* Constructs a Session stack middleware object.
*
* @param \Symfony\Component\HttpKernel\HttpKernelInterface $http_kernel
* The decorated kernel.
* @param \Symfony\Component\HttpFoundation\Session\SessionInterface $session
* The session.
*/
public function __construct(HttpKernelInterface $http_kernel, SessionInterface $session) {
$this->httpKernel = $http_kernel;
$this->session = $session;
}
/**
* {@inheritdoc}
*/
public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = TRUE) {
if ($type === self::MASTER_REQUEST) {
$request->setSession($this->session);
}
$result = $this->httpKernel->handle($request, $type, $catch);
if ($type === self::MASTER_REQUEST && $request->hasSession()) {
$request->getSession()->save();
}
return $result;
}
}
...@@ -130,10 +130,6 @@ public function commentPermalink(Request $request, CommentInterface $comment) { ...@@ -130,10 +130,6 @@ public function commentPermalink(Request $request, CommentInterface $comment) {
// @todo: Cleaner sub request handling. // @todo: Cleaner sub request handling.
$redirect_request = Request::create($entity->url(), 'GET', $request->query->all(), $request->cookies->all(), array(), $request->server->all()); $redirect_request = Request::create($entity->url(), 'GET', $request->query->all(), $request->cookies->all(), array(), $request->server->all());
$redirect_request->query->set('page', $page); $redirect_request->query->set('page', $page);
// Carry over the session to the subrequest.
if ($session = $request->getSession()) {
$redirect_request->setSession($session);
}
// @todo: Convert the pager to use the request object. // @todo: Convert the pager to use the request object.
$request->query->set('page', $page); $request->query->set('page', $page);
return $this->httpKernel->handle($redirect_request, HttpKernelInterface::SUB_REQUEST); return $this->httpKernel->handle($redirect_request, HttpKernelInterface::SUB_REQUEST);
......
services: services:
session_test.subscriber: session_test.subscriber:
class: Drupal\session_test\EventSubscriber\SessionTestSubscriber class: Drupal\session_test\EventSubscriber\SessionTestSubscriber
arguments: ['@session_manager']
tags: tags:
- { name: event_subscriber } - { name: event_subscriber }
...@@ -7,6 +7,7 @@ ...@@ -7,6 +7,7 @@
namespace Drupal\session_test\EventSubscriber; namespace Drupal\session_test\EventSubscriber;
use Drupal\Core\Session\SessionManagerInterface;
use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpKernel\KernelEvents; use Symfony\Component\HttpKernel\KernelEvents;
...@@ -18,6 +19,13 @@ ...@@ -18,6 +19,13 @@
*/ */
class SessionTestSubscriber implements EventSubscriberInterface { class SessionTestSubscriber implements EventSubscriberInterface {
/**
* The session manager.
*
* @var \Drupal\Core\Session\SessionManagerInterface
*/
protected $sessionManager;
/** /**
* Stores whether $_SESSION is empty at the beginning of the request. * Stores whether $_SESSION is empty at the beginning of the request.
* *
...@@ -25,6 +33,13 @@ class SessionTestSubscriber implements EventSubscriberInterface { ...@@ -25,6 +33,13 @@ class SessionTestSubscriber implements EventSubscriberInterface {
*/ */
protected $emptySession; protected $emptySession;
/**
* Constructs a new session test subscriber.
*/
public function __construct(SessionManagerInterface $session_manager) {
$this->sessionManager = $session_manager;
}
/** /**
* Set header for session testing. * Set header for session testing.
* *
...@@ -32,8 +47,7 @@ class SessionTestSubscriber implements EventSubscriberInterface { ...@@ -32,8 +47,7 @@ class SessionTestSubscriber implements EventSubscriberInterface {
* The Event to process. * The Event to process.
*/ */
public function onKernelRequestSessionTest(GetResponseEvent $event) { public function onKernelRequestSessionTest(GetResponseEvent $event) {
$session = $event->getRequest()->getSession(); $this->emptySession = (int) !$this->sessionManager->start();
$this->emptySession = (int) !($session && $session->start());
} }
/** /**
......
...@@ -128,7 +128,7 @@ public function postSave(EntityStorageInterface $storage, $update = TRUE) { ...@@ -128,7 +128,7 @@ public function postSave(EntityStorageInterface $storage, $update = TRUE) {
if ($this->pass->value != $this->original->pass->value) { if ($this->pass->value != $this->original->pass->value) {
$session_manager->delete($this->id()); $session_manager->delete($this->id());
if ($this->id() == \Drupal::currentUser()->id()) { if ($this->id() == \Drupal::currentUser()->id()) {
\Drupal::service('session')->migrate(); $session_manager->regenerate();
} }
} }
......
...@@ -609,7 +609,7 @@ function user_login_finalize(UserInterface $account) { ...@@ -609,7 +609,7 @@ function user_login_finalize(UserInterface $account) {
// This is called before hook_user_login() in case one of those functions // This is called before hook_user_login() in case one of those functions
// fails or incorrectly does a redirect which would leave the old session // fails or incorrectly does a redirect which would leave the old session
// in place. // in place.
\Drupal::service('session')->migrate(); \Drupal::service('session_manager')->regenerate();
\Drupal::moduleHandler()->invokeAll('user_login', array($account)); \Drupal::moduleHandler()->invokeAll('user_login', array($account));
} }
...@@ -840,7 +840,7 @@ function _user_cancel($edit, $account, $method) { ...@@ -840,7 +840,7 @@ function _user_cancel($edit, $account, $method) {
function _user_cancel_session_regenerate() { function _user_cancel_session_regenerate() {
// Regenerate the users session instead of calling session_destroy() as we // Regenerate the users session instead of calling session_destroy() as we
// want to preserve any messages that might have been set. // want to preserve any messages that might have been set.
\Drupal::service('session')->migrate(); \Drupal::service('session_manager')->regenerate();
} }
/** /**
...@@ -1484,10 +1484,6 @@ function user_logout() { ...@@ -1484,10 +1484,6 @@ function user_logout() {
\Drupal::moduleHandler()->invokeAll('user_logout', array($user)); \Drupal::moduleHandler()->invokeAll('user_logout', array($user));
// Destroy the current session, and reset $user to the anonymous user. // Destroy the current session, and reset $user to the anonymous user.
// Note: In Symfony the session is intended to be destroyed with
// Session::invalidate(). Regrettably this method is currently broken and may
// lead to the creation of spurious session records in the database.
// @see https://github.com/symfony/symfony/issues/12375
session_destroy(); session_destroy();
} }
......
...@@ -17,6 +17,7 @@ services: ...@@ -17,6 +17,7 @@ services:
- { name: access_check, applies_to: _user_is_logged_in } - { name: access_check, applies_to: _user_is_logged_in }
authentication.cookie: authentication.cookie:
class: Drupal\Core\Authentication\Provider\Cookie class: Drupal\Core\Authentication\Provider\Cookie
arguments: ['@session_manager']
tags: tags:
- { name: authentication_provider, priority: 0 } - { name: authentication_provider, priority: 0 }
cache_context.user: cache_context.user:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment