Having this warning when I clear the cache.

Warning: hash_equals(): Expected user_string to be a string, null given in Drupal\Component\Utility\Crypt::hashEquals() (line 126 of core/lib/Drupal/Component/Utility/Crypt.php).
Drupal\Component\Utility\Crypt::hashEquals('2C83gsjbW0D2se61UOgXvzmc-giagWfV6mcQPh2ipxY', NULL) (Line: 90)
Drupal\Core\Access\CsrfTokenGenerator->validate(NULL, 'focal_point_preview') (Line: 239)
Drupal\focal_point\Plugin\Field\FieldWidget\FocalPointImageWidget::validatePreviewToken(NULL) (Line: 204)
Drupal\focal_point\Controller\FocalPointPreviewController->validTokenProvided() (Line: 122)
Drupal\focal_point\Controller\FocalPointPreviewController->access(Object, '531')
call_user_func_array(Array, Array) (Line: 68)
Drupal\Core\Access\CustomAccessCheck->access(Object, Object, Object)
call_user_func_array(Array, Array) (Line: 159)
Drupal\Core\Access\AccessManager->performCheck('access_check.custom', Object) (Line: 135)
Drupal\Core\Access\AccessManager->check(Object, Object, Object, 1) (Line: 112)
Drupal\Core\Access\AccessManager->checkRequest(Object, Object, 1) (Line: 107)
Drupal\Core\Routing\AccessAwareRouter->checkAccess(Object) (Line: 92)
Drupal\Core\Routing\AccessAwareRouter->matchRequest(Object) (Line: 115)
Symfony\Component\HttpKernel\EventListener\RouterListener->onKernelRequest(Object, 'kernel.request', Object)
call_user_func(Array, Object, 'kernel.request', Object) (Line: 111)
Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch('kernel.request', Object) (Line: 127)
Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object, 1) (Line: 68)
Symfony\Component\HttpKernel\HttpKernel->handle(Object, 1, 1) (Line: 57)
Drupal\Core\StackMiddleware\Session->handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\KernelPreHandle->handle(Object, 1, 1) (Line: 99)
Drupal\page_cache\StackMiddleware\PageCache->pass(Object, 1, 1) (Line: 78)
Drupal\page_cache\StackMiddleware\PageCache->handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle(Object, 1, 1) (Line: 52)
Drupal\Core\StackMiddleware\NegotiationMiddleware->handle(Object, 1, 1) (Line: 23)
Stack\StackedHttpKernel->handle(Object, 1, 1) (Line: 666)
Drupal\Core\DrupalKernel->handle(Object) (Line: 19)

I have a fix. I will post a patch here.

CommentFileSizeAuthor
#15 beta-6.png37.92 KBesod
#4 validTokenProvided-warning-no-param-2881280-3.patch857 bytesNikolay Borisov
#2 validTokenProvided-warning-no-param-2881280-1.patch0 bytesNikolay Borisov
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

flesheater created an issue. See original summary.

Nikolay Borisov’s picture

Nikolay Borisov CreditAttribution: Nikolay Borisov commented
FileSize
validTokenProvided-warning-no-param-2881280-1.patch0 bytes
Nikolay Borisov’s picture

Nikolay Borisov CreditAttribution: Nikolay Borisov commented

Ups. This one should work :)

Nikolay Borisov’s picture

Nikolay Borisov CreditAttribution: Nikolay Borisov commented
FileSize
validTokenProvided-warning-no-param-2881280-3.patch857 bytes

This should work.

bleen’s picture

bleen CreditAttribution: bleen at NBCUniversal commented

This looks fine to me ... but I'm curious as to the steps to reproduce. Under what circumstance does this happen exactly?

Nikolay Borisov’s picture

Nikolay Borisov CreditAttribution: Nikolay Borisov commented

I tried to reproduce it on a freshly installed Drupal instance but was not quite able to reproduce it. On my setup with quite some modules - it is showing the warning every time I clear the cache and is also filling the Drupal logs.

Not quite sure why because the warning appears when I clear the cache. It registers the route for the preview and since there is no focal_point_token parameter - it tries to verify it without it being present, which results in the warning.

Cheers and thanks for the response!

bleen’s picture

bleen CreditAttribution: bleen at NBCUniversal commented

It's especially strange because the tokens are only checked as part of the access checks to the preview page. That said ... this is an entirely valid improvement to the validTokenProvided method.

My biggest hesitation is that (ideally) the drupal request object could be passed in using dependency injection... thoughts?

Nikolay Borisov’s picture

Nikolay Borisov CreditAttribution: Nikolay Borisov commented

Ooh, I found out ... someone had a shortcut to a preview page of a focal point.

Something like this:
http://domain/en/admin/focal_point/preview/FID/FOCAL_POINT_VALUE

And it was without the parameter. But the patch still makes sense if someone removes the parameter and opens the page.

Cheers!

bleen’s picture

bleen CreditAttribution: bleen at NBCUniversal commented
Status: Active » Needs work

bleen’s picture

bleen CreditAttribution: bleen at NBCUniversal commented
Status: Needs work » Fixed

Its a pretty edge-y edge case, but it makes sense

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

esod’s picture

esod CreditAttribution: esod at Memorial Sloan Kettering Cancer Center commented

We are seeing what looks like the same error on every page load:

Warning: hash_equals(): Expected user_string to be a string, null given in Drupal\Component\Utility\Crypt::hashEquals() (line 126 of core/lib/Drupal/Component/Utility/Crypt.php).
Drupal\Component\Utility\Crypt::hashEquals('UMB-yYQYrgtR7xVHEV3_JtSTCdfUSK16e7ZX06sXnQ8', NULL) (Line: 90)
Drupal\Core\Access\CsrfTokenGenerator->validate(NULL, 'focal_point_preview') (Line: 239)
Drupal\focal_point\Plugin\Field\FieldWidget\FocalPointImageWidget::validatePreviewToken(NULL) (Line: 204)
Drupal\focal_point\Controller\FocalPointPreviewController->validTokenProvided() (Line: 122)
Drupal\focal_point\Controller\FocalPointPreviewController->access(Object, '4')
call_user_func_array(Array, Array) (Line: 75)
Drupal\Core\Access\CustomAccessCheck->access(Object, Object, Object)
call_user_func_array(Array, Array) (Line: 159)
Drupal\Core\Access\AccessManager->performCheck('access_check.custom', Object) (Line: 135)
Drupal\Core\Access\AccessManager->check(Object, Object, NULL, ) (Line: 92)
Drupal\Core\Access\AccessManager->checkNamedRoute('focal_point.preview', Array, NULL) (Line: 809)
Drupal\Core\Url->access() (Line: 269)
shortcut_renderable_links() (Line: 392)
shortcut_toolbar()
call_user_func_array('shortcut_toolbar', Array) (Line: 403)
Drupal\Core\Extension\ModuleHandler->invokeAll('toolbar') (Line: 81)
Drupal\toolbar\Element\Toolbar::preRenderToolbar(Array)
call_user_func(Array, Array) (Line: 378)
Drupal\Core\Render\Renderer->doRender(Array) (Line: 450)
Drupal\Core\Render\Renderer->doRender(Array, ) (Line: 195)
Drupal\Core\Render\Renderer->render(Array) (Line: 490)
Drupal\Core\Template\TwigExtension->escapeFilter(Object, Array, 'html', NULL, 1) (Line: 84)
__TwigTemplate_48acc268f67695731fb27550492174f187f471d0b3c1f7e5d5af87e53db88e0f->doDisplay(Array, Array) (Line: 428)
Twig_Template->displayWithErrorHandling(Array, Array) (Line: 399)
Twig_Template->display(Array) (Line: 407)
Twig_Template->render(Array) (Line: 64)
twig_render_template('themes/mskcc/templates/html.html.twig', Array) (Line: 384)
Drupal\Core\Theme\ThemeManager->render('html', Array) (Line: 437)
Drupal\Core\Render\Renderer->doRender(Array, ) (Line: 195)
Drupal\Core\Render\Renderer->render(Array) (Line: 147)
Drupal\Core\Render\MainContent\HtmlRenderer->Drupal\Core\Render\MainContent\{closure}() (Line: 582)
Drupal\Core\Render\Renderer->executeInRenderContext(Object, Object) (Line: 148)
Drupal\Core\Render\MainContent\HtmlRenderer->renderResponse(Array, Object, Object) (Line: 90)
Drupal\Core\EventSubscriber\MainContentViewSubscriber->onViewRenderArray(Object, 'kernel.view', Object)
call_user_func(Array, Object, 'kernel.view', Object) (Line: 111)
Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch('kernel.view', Object) (Line: 156)
Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object, 1) (Line: 68)
Symfony\Component\HttpKernel\HttpKernel->handle(Object, 1, 1) (Line: 57)
Drupal\Core\StackMiddleware\Session->handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\KernelPreHandle->handle(Object, 1, 1) (Line: 49)
Asm89\Stack\Cors->handle(Object, 1, 1) (Line: 50)
Drupal\ban\BanMiddleware->handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle(Object, 1, 1) (Line: 52)
Drupal\Core\StackMiddleware\NegotiationMiddleware->handle(Object, 1, 1) (Line: 23)
Stack\StackedHttpKernel->handle(Object, 1, 1) (Line: 693)
Drupal\Core\DrupalKernel->handle(Object) (Line: 19)

The patch fixes it.

bleen’s picture

bleen CreditAttribution: bleen at NBCUniversal commented

The patch fixes it

I'm confused ... the patch has been committed. What version of the module are you using?

esod’s picture

esod CreditAttribution: esod at Memorial Sloan Kettering Cancer Center commented
FileSize
beta-6.png37.92 KB

8.x-1.0-beta6.

focal point 8.x-1.0-beta6

In a composer based build "drupal/focal_point": "1.0-beta6"

The patch is in the dev branch.