Commit aad87a80 authored by catch's avatar catch

Issue #2201919 by damiankloip: Replace drupal_get_hash_salt() with direct...

Issue #2201919 by damiankloip: Replace drupal_get_hash_salt() with direct Settings call in CsrfTokenGenerator.
parent 52a40a7d
......@@ -460,9 +460,9 @@ services:
arguments: ['@state']
csrf_token:
class: Drupal\Core\Access\CsrfTokenGenerator
arguments: ['@private_key']
arguments: ['@private_key', '@settings']
calls:
- [setCurrentUser, ['@?current_user']]
- [setCurrentUser, ['@?current_user=']]
access_manager:
class: Drupal\Core\Access\AccessManager
arguments: ['@router.route_provider', '@url_generator', '@paramconverter_manager']
......
......@@ -8,6 +8,7 @@
namespace Drupal\Core\Access;
use Drupal\Component\Utility\Crypt;
use Drupal\Component\Utility\Settings;
use Drupal\Core\PrivateKey;
use Drupal\Core\Session\AccountInterface;
......@@ -32,14 +33,24 @@ class CsrfTokenGenerator {
*/
protected $currentUser;
/**
* The settings instance.
*
* @var \Drupal\Component\Utility\Settings
*/
protected $settings;
/**
* Constructs the token generator.
*
* @param \Drupal\Core\PrivateKey $private_key
* The private key service.
* @param \Drupal\Component\Utility\Settings $settings
* The settings instance.
*/
public function __construct(PrivateKey $private_key) {
public function __construct(PrivateKey $private_key, Settings $settings) {
$this->privateKey = $private_key;
$this->settings = $settings;
}
/**
......@@ -72,7 +83,7 @@ public function setCurrentUser(AccountInterface $current_user = NULL) {
* @see drupal_session_start()
*/
public function get($value = '') {
return Crypt::hmacBase64($value, session_id() . $this->privateKey->get() . drupal_get_hash_salt());
return Crypt::hmacBase64($value, session_id() . $this->privateKey->get() . $this->settings->get('hash_salt'));
}
/**
......
......@@ -5,12 +5,12 @@
* Contains \Drupal\Tests\Core\Access\CsrfTokenGeneratorTest.
*/
namespace Drupal\Tests\Core\Access {
namespace Drupal\Tests\Core\Access;
use Drupal\Tests\UnitTestCase;
use Drupal\Core\Access\CsrfTokenGenerator;
use Drupal\Component\Utility\Crypt;
use Symfony\Component\HttpFoundation\Request;
use Drupal\Component\Utility\Settings;
/**
* Tests the CSRF token generator.
......@@ -48,7 +48,7 @@ function setUp() {
->method('get')
->will($this->returnValue($this->key));
$this->generator = new CsrfTokenGenerator($private_key);
$this->generator = new CsrfTokenGenerator($private_key, new Settings(array('hash_salt' => 'test')));
}
/**
......@@ -153,16 +153,3 @@ public function providerTestInvalidParameterTypes() {
}
}
}
/**
* @todo Remove this when https://drupal.org/node/2036259 is resolved.
*/
namespace {
if (!function_exists('drupal_get_hash_salt')) {
function drupal_get_hash_salt() {
return hash('sha256', 'test_hash_salt');
}
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment