diff --git a/core/includes/bootstrap.inc b/core/includes/bootstrap.inc index 9e5c50f..4f8b96e 100644 --- a/core/includes/bootstrap.inc +++ b/core/includes/bootstrap.inc @@ -1486,10 +1486,10 @@ function drupal_handle_request($test_only = FALSE) { * Returns the time zone of the current user. */ function drupal_get_user_timezone() { - global $user; $config = \Drupal::config('system.date'); + $user = \Drupal::currentUser(); - if ($user && $config->get('timezone.user.configurable') && $user->isAuthenticated() && $user->getTimezone()) { + if ($user && $config->get('timezone.user.configurable') && $user->hasAccount() && $user->isAuthenticated() && $user->getTimezone()) { return $user->getTimezone(); } else { diff --git a/core/includes/session.inc b/core/includes/session.inc index 839ead8..02c41b6 100644 --- a/core/includes/session.inc +++ b/core/includes/session.inc @@ -72,7 +72,7 @@ function _drupal_session_close() { * The user's session, or an empty string if no session exists. */ function _drupal_session_read($sid) { - global $user; + $user = \Drupal::currentUser(); // Write and Close handlers are called after destructing objects // since PHP 5.0.5. @@ -85,7 +85,7 @@ function _drupal_session_read($sid) { $insecure_session_name = substr(session_name(), 1); $cookies = \Drupal::request()->cookies; if (!$cookies->has(session_name()) && !$cookies->has($insecure_session_name)) { - $user = new UserSession(); + $user->setAccount(new UserSession()); return ''; } @@ -115,19 +115,19 @@ function _drupal_session_read($sid) { // Add roles element to $user. $rids = db_query("SELECT ur.rid FROM {users_roles} ur WHERE ur.uid = :uid", array(':uid' => $values['uid']))->fetchCol(); $values['roles'] = array_merge(array(DRUPAL_AUTHENTICATED_RID), $rids); - $user = new UserSession($values); + $user->setAccount(new UserSession($values)); } elseif ($values) { // The user is anonymous or blocked. Only preserve two fields from the // {sessions} table. - $user = new UserSession(array( + $user->setAccount(new UserSession(array( 'session' => $values['session'], 'access' => $values['access'], - )); + ))); } else { // The session has expired. - $user = new UserSession(); + $user->setAccount(new UserSession()); } // Store the session that was read for comparison in _drupal_session_write(). @@ -159,7 +159,7 @@ function _drupal_session_read($sid) { * Always returns TRUE. */ function _drupal_session_write($sid, $value) { - global $user; + $user = \Drupal::currentUser(); // The exception handler is not active at this point, so we need to do it // manually. @@ -241,7 +241,7 @@ function _drupal_session_write($sid, $value) { * Initializes the session handler, starting a session if needed. */ function drupal_session_initialize() { - global $user; + $user = \Drupal::currentUser(); session_set_save_handler('_drupal_session_open', '_drupal_session_close', '_drupal_session_read', '_drupal_session_write', '_drupal_session_destroy', '_drupal_session_garbage_collection'); @@ -253,7 +253,7 @@ function drupal_session_initialize() { // anonymous users not use a session cookie unless something is stored in // $_SESSION. This allows HTTP proxies to cache anonymous pageviews. drupal_session_start(); - if ($user->isAuthenticated() || !empty($_SESSION)) { + if (($user->hasAccount() && $user->isAuthenticated()) || !empty($_SESSION)) { drupal_page_is_cacheable(FALSE); } } @@ -263,7 +263,7 @@ function drupal_session_initialize() { // processes (like drupal_get_token()) needs to know the future // session ID in advance. $GLOBALS['lazy_session'] = TRUE; - $user = drupal_anonymous_user(); + $user->setAccount(drupal_anonymous_user()); // Less random sessions (which are much faster to generate) are used for // anonymous users than are generated in drupal_session_regenerate() when // a user becomes authenticated. @@ -275,6 +275,9 @@ function drupal_session_initialize() { } } date_default_timezone_set(drupal_get_user_timezone()); + if ($user->hasAccount()) { + return $user->getAccount(); + } } /** @@ -304,7 +307,7 @@ function drupal_session_start() { * If an anonymous user already have an empty session, destroy it. */ function drupal_session_commit() { - global $user; + $user = \Drupal::currentUser(); if (!drupal_save_session()) { // We don't have anything to do if we are not allowed to save the session. @@ -353,7 +356,7 @@ function drupal_session_started($set = NULL) { * @ingroup php_wrappers */ function drupal_session_regenerate() { - global $user; + $user = \Drupal::currentUser(); // Nothing to do if we are not allowed to change the session. if (!drupal_save_session()) { @@ -414,9 +417,11 @@ function drupal_session_regenerate() { // Start the session when it doesn't exist yet. // Preserve the logged in user, as it will be reset to anonymous // by _drupal_session_read. - $account = $user; - drupal_session_start(); - $user = $account; + if ($user->hasAccount()) { + $account = $user->getAccount(); + drupal_session_start(); + $user->setAccount($account); + } } date_default_timezone_set(drupal_get_user_timezone()); } @@ -430,7 +435,7 @@ function drupal_session_regenerate() { * Session ID. */ function _drupal_session_destroy($sid) { - global $user; + $user = \Drupal::currentUser(); // Nothing to do if we are not allowed to change the session. if (!drupal_save_session()) { @@ -446,7 +451,7 @@ function _drupal_session_destroy($sid) { // Reset $_SESSION and $user to prevent a new session from being started // in drupal_session_commit(). $_SESSION = array(); - $user = drupal_anonymous_user(); + $user->setAccount(drupal_anonymous_user()); // Unset the session cookies. _drupal_session_delete_cookie(session_name()); diff --git a/core/lib/Drupal/Core/Authentication/AccountProxy.php b/core/lib/Drupal/Core/Authentication/AccountProxy.php index b67e9d8..74c439d 100644 --- a/core/lib/Drupal/Core/Authentication/AccountProxy.php +++ b/core/lib/Drupal/Core/Authentication/AccountProxy.php @@ -80,13 +80,17 @@ public function setAccount(AccountInterface $account) { * @return \Drupal\Core\Session\AccountInterface * The current account. */ - protected function getAccount() { + public function getAccount() { if (!isset($this->account)) { - $this->account = $this->authenticationManager->authenticate($this->request); + $this->setAccount($this->authenticationManager->authenticate($this->request)); } return $this->account; } + public function hasAccount() { + return isset($this->account); + } + /** * {@inheritdoc} */ @@ -133,7 +137,7 @@ public function getSessionData() { * {@inheritdoc} */ public function isAuthenticated() { - return $this->getAccount()->isAuthenticated(); + return $this->hasAccount() && $this->getAccount()->isAuthenticated(); } /** @@ -185,5 +189,37 @@ public function getLastAccessedTime() { return $this->getAccount()->getLastAccessedTime(); } + /** + * Implements the magic method for getting object properties. + */ + public function &__get($name) { + return $this->getAccount()->{$name}; + } + + /** + * Implements the magic method for setting object properties. + */ + public function __set($name, $value) { + if ($name == '_serviceId') { + $this->{$name} = $value; + return; + } + $this->getAccount()->{$name} = $value; + } + + /** + * Implements the magic method for isset(). + */ + public function __isset($name) { + return isset($this->getAccount()->{$name}); + } + + /** + * Implements the magic method for unset. + */ + public function __unset($name) { + unset($this->getAccount()->{$name}); + } + } diff --git a/core/lib/Drupal/Core/Authentication/Provider/Cookie.php b/core/lib/Drupal/Core/Authentication/Provider/Cookie.php index ae108dc..1a254fd 100644 --- a/core/lib/Drupal/Core/Authentication/Provider/Cookie.php +++ b/core/lib/Drupal/Core/Authentication/Provider/Cookie.php @@ -31,9 +31,8 @@ public function applies(Request $request) { */ public function authenticate(Request $request) { // Global $user is deprecated, but the session system is still based on it. - global $user; require_once DRUPAL_ROOT . '/' . settings()->get('session_inc', 'core/includes/session.inc'); - drupal_session_initialize(); + $user = drupal_session_initialize(); if (drupal_session_started()) { return $user; } diff --git a/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php b/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php index 5ca1d69..45aa93d 100644 --- a/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php +++ b/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php @@ -1028,7 +1028,7 @@ private function prepareEnvironment() { // simpletest directory if a test is executed within a test. $this->originalFileDirectory = settings()->get('file_public_path', conf_path() . '/files'); $this->originalProfile = drupal_get_profile(); - $this->originalUser = isset($user) ? clone $user : NULL; + $this->originalUser = $user->hasAccount() ? clone $user->getAccount() : NULL; // Ensure that the current session is not changed by the new environment. require_once DRUPAL_ROOT . '/' . settings()->get('session_inc', 'core/includes/session.inc'); diff --git a/core/modules/system/lib/Drupal/system/Tests/Session/SessionTest.php b/core/modules/system/lib/Drupal/system/Tests/Session/SessionTest.php index 16d3eec..00e42b6 100644 --- a/core/modules/system/lib/Drupal/system/Tests/Session/SessionTest.php +++ b/core/modules/system/lib/Drupal/system/Tests/Session/SessionTest.php @@ -300,6 +300,7 @@ function assertSessionCookie($sent) { * Assert whether $_SESSION is empty at the beginning of the request. */ function assertSessionEmpty($empty) { + debug($this->drupalGetHeader('X-Session-Empty')); if ($empty) { $this->assertIdentical($this->drupalGetHeader('X-Session-Empty'), '1', 'Session was empty.'); } diff --git a/core/modules/user/user.module b/core/modules/user/user.module index ab9a163..1bf455a 100644 --- a/core/modules/user/user.module +++ b/core/modules/user/user.module @@ -819,8 +819,7 @@ function user_authenticate($name, $password) { * @see hook_user_login() */ function user_login_finalize(UserInterface $account) { - global $user; - $user = $account; + \Drupal::currentUser()->setAccount($account); watchdog('user', 'Session opened for %name.', array('%name' => $account->getUsername())); // Update the user table timestamp noting user has logged in. // This is also used to invalidate one-time login links.