Commit c9ec67d6 authored by catch's avatar catch

Issue #2245117 by znerol: Remove the optional $skip_anonymous parameter from...

Issue #2245117 by znerol: Remove the optional $skip_anonymous parameter from CsrfTokenGenerator::validate and remove the dependency on current_user service.
parent 5d05703a
......@@ -499,8 +499,6 @@ services:
csrf_token:
class: Drupal\Core\Access\CsrfTokenGenerator
arguments: ['@private_key']
calls:
- [setCurrentUser, ['@?current_user']]
access_manager:
class: Drupal\Core\Access\AccessManager
arguments: ['@router.route_provider', '@url_generator', '@paramconverter_manager']
......
......@@ -2893,20 +2893,17 @@ function drupal_get_token($value = '') {
* The token to be validated.
* @param string $value
* An additional value to base the token on.
* @param bool $skip_anonymous
* Set to true to skip token validation for anonymous users.
*
* @return bool
* True for a valid token, false for an invalid token. When $skip_anonymous
* is true, the return value will always be true for anonymous users.
* True for a valid token, false for an invalid token.
*
* @see \Drupal\Core\Access\CsrfTokenGenerator
*
* @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
* Use return \Drupal::csrfToken()->validate().
*/
function drupal_valid_token($token, $value = '', $skip_anonymous = FALSE) {
return \Drupal::csrfToken()->validate($token, $value, $skip_anonymous);
function drupal_valid_token($token, $value = '') {
return \Drupal::csrfToken()->validate($token, $value);
}
/**
......
......@@ -25,13 +25,6 @@ class CsrfTokenGenerator {
*/
protected $privateKey;
/**
* The current user.
*
* @var \Drupal\Core\Session\AccountInterface
*/
protected $currentUser;
/**
* Constructs the token generator.
*
......@@ -42,16 +35,6 @@ public function __construct(PrivateKey $private_key) {
$this->privateKey = $private_key;
}
/**
* Sets the current user.
*
* @param \Drupal\Core\Session\AccountInterface|null $current_user
* The current user service.
*/
public function setCurrentUser(AccountInterface $current_user = NULL) {
$this->currentUser = $current_user;
}
/**
* Generates a token based on $value, the user session, and the private key.
*
......@@ -82,15 +65,12 @@ public function get($value = '') {
* The token to be validated.
* @param string $value
* (optional) An additional value to base the token on.
* @param bool $skip_anonymous
* (optional) Set to TRUE to skip token validation for anonymous users.
*
* @return bool
* TRUE for a valid token, FALSE for an invalid token. When $skip_anonymous
* is TRUE, the return value will always be TRUE for anonymous users.
* TRUE for a valid token, FALSE for an invalid token.
*/
public function validate($token, $value = '', $skip_anonymous = FALSE) {
return ($skip_anonymous && $this->currentUser->isAnonymous()) || ($token === $this->get($value));
public function validate($token, $value = '') {
return $token === $this->get($value);
}
}
......@@ -71,23 +71,6 @@ public function testValidate() {
$token = $this->generator->get('bar');
$this->assertTrue($this->generator->validate($token, 'bar'));
// Check the skip_anonymous option with both a anonymous user and a real
// user.
$account = $this->getMock('Drupal\Core\Session\AccountInterface');
$account->expects($this->once())
->method('isAnonymous')
->will($this->returnValue(TRUE));
$this->generator->setCurrentUser($account);
$this->assertTrue($this->generator->validate($token, 'foo', TRUE));
$account = $this->getMock('Drupal\Core\Session\AccountInterface');
$account->expects($this->once())
->method('isAnonymous')
->will($this->returnValue(FALSE));
$this->generator->setCurrentUser($account);
$this->assertFalse($this->generator->validate($token, 'foo', TRUE));
}
/**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment