Add an AnonymousUserSession object in favour of using drupal_anonymous_user()

1. +++ b/core/lib/Drupal/Core/Session/AnonymousUserSession.php
   @@ -0,0 +1,29 @@
   +  public function __construct() {
   +    try {
   +      $this->hostname = \Drupal::request()->getClientIP();
   +    }
   +    catch (RuntimeException $e) {
   ...
   +
   +/**
   + *
   + */
   +class AnonymousUserSession extends UserSession {
   +
   

   Is it just me that I am not convinced with this solution? Why do we have to rely on \Drupal and cannot ask the container to give us a proper anonymous user.

2. +++ b/core/lib/Drupal/Core/Session/AnonymousUserSession.php
   @@ -0,0 +1,29 @@
   +      // We are not in a request context.
   +    }
   

   Does that mean that creating a session without a request makes sense? It seems to be (and has been part of the old code), though it just feels dirty.

The comment module already uses the request object directly:
$this->hostname->value = \Drupal::request()->getClientIP();
so I really wonder whether we have to keep this functionality on the anonymous object.

+++ b/core/tests/Drupal/Tests/Core/Session/AnonymousUserSessionTest.php
@@ -7,6 +7,68 @@
+  public function testAnonymousUserSessionWithNoRequest() {
+    $container = new ContainerBuilder();
+
+    // Set a synthetic 'request' definition on the container.
+    $definition = new Definition();
+    $definition->setSynthetic(TRUE);
+
+    $container->setDefinition('request', $definition);
+    \Drupal::setContainer($container);
+
+    $anonymous_user = new AnonymousUserSession();
+
+    $this->assertSame('', $anonymous_user->getHostname());
+  }

WOW!

re-RTBC

+++ b/core/scripts/generate-d7-content.sh
@@ -261,7 +261,7 @@
+    $GLOBALS['user'] = new \Drupal\Core\Session\AnonymousUserSession();// We should have already allowed anon to vote.

While we are here, let's move the comment according to standards.

Leaving as RTBC.

The @deprecated needs to be more explict about when it was deprecated and when it will be removed, see #2183187: [META] Remove or document all obsolete APIs before beta, maybe

* @deprecated in Drupal 8.x-dev. Will be removed before Drupal 8.0 by
*   https://drupal.org/node/xxxxxxx. Use
*   new AnonymousUserSession()
*/

However, this is a fairly simple patch. Why not just replace all the calls in core with new AnonymousUserSession(); and remove the function?

Do you know his reasoning? I'm collating lots of patches like this that remove use of the old functions and need to know if they should remove the functions themselves or not.

+++ b/core/scripts/generate-d7-content.sh
@@ -261,7 +261,8 @@
     $form_state = array();

+++ b/core/modules/user/user.module
@@ -1223,7 +1224,7 @@ function _user_cancel($edit, $account, $method) {
diff --git a/core/scripts/generate-d7-content.sh b/core/scripts/generate-d7-content.sh

diff --git a/core/scripts/generate-d7-content.sh b/core/scripts/generate-d7-content.sh
index 30c61a2..a12138e 100644

index 30c61a2..a12138e 100644
--- a/core/scripts/generate-d7-content.sh

--- a/core/scripts/generate-d7-content.sh
+++ b/core/scripts/generate-d7-content.sh

+++ b/core/scripts/generate-d7-content.sh
+++ b/core/scripts/generate-d7-content.sh
@@ -261,7 +261,8 @@

@@ -261,7 +261,8 @@
   for ($v = 0; $v < ($i % 4); $v++) {
     drupal_static_reset('ip_address');
     $_SERVER['REMOTE_ADDR'] = "127.0.$v.1";
-    $GLOBALS['user'] = drupal_anonymous_user();// We should have already allowed anon to vote.
+    // We should have already allowed anon to vote.
+    $GLOBALS['user'] = new \Drupal\Core\Session\AnonymousUserSession();
     $c = $v % $nbchoices;

I *think* those scripts are supposed to run on a 7.x site, as that's what they generate content for :)

So we shouldn't make changes to them.

That said...
a) The are very likely already completely broken
b) Somewhat useless after https://drupal.org/node/2168011?
c) I also never really understood why the scripts to genreate 6.x and 7.x content are in the 8.x branch...

+++ b/core/lib/Drupal/Core/Session/AnonymousUserSession.php
@@ -0,0 +1,31 @@
+/**
+ *
+ */

Maybe we could document the purpose of this class.

thank you!

2178581-19.patch no longer applies.

Draft change records are now required before commit, so this issue needs one before it can be considered RTBC. The new change record should include an issue reference to #1634280: drupal_anonymous_user() should return a User entity as well as this one -- https://drupal.org/node/1941676 is obsoleted by this change and can be unpublished in favor of the new change record upon commit.

Thanks @damiankloip!

NB: Just re-TBCing; I did not review this patch.

1. +++ b/core/lib/Drupal/Core/Session/AnonymousUserSession.php
   @@ -0,0 +1,31 @@
   +    try {
   +      $this->hostname = \Drupal::request()->getClientIp();
   +    }
   +    catch (RuntimeException $e) {
   +      // We are not in a request context.
   +    }
   

   Maybe try... catch... no longer necessary. We can use \Drupal::has(), no?

2. +++ b/core/modules/user/lib/Drupal/user/Entity/User.php
   @@ -197,6 +197,13 @@ public function getSessionId() {
   +  public function getHostname() {
   +    return NULL;
   +  }
   

   Really? So this is not useful for logged in users? The function doc says "returns hostname for session" - I think this should behave correctly for logged in users - no?

Note: we could adapt the @covers statements in the test class and us coversDefaultClass, but this is not a blocker for a commit.

+1

2178581-38.patch no longer applies.

error: patch failed: core/modules/user/lib/Drupal/user/Entity/User.php:12
error: core/modules/user/lib/Drupal/user/Entity/User.php: patch does not apply

2178581-41.patch no longer applies.

error: patch failed: core/modules/simpletest/lib/Drupal/simpletest/TestBase.php:1007
error: core/modules/simpletest/lib/Drupal/simpletest/TestBase.php: patch does not apply

Rerolled @topdays, hope you don't mind :)

    // If the node's user uid is not specified manually, use the currently
    // logged in user if available, or else the user running the test.
    if (!isset($settings['uid'])) {
      if ($this->loggedInUser) {
        $settings['uid'] = $this->loggedInUser->id();
      }
      else {
        $user = \Drupal::currentUser() ?: drupal_anonymous_user();
        $settings['uid'] = $user->id();
      }
    }

We still have a usage in Drupal\simpletest\WebTestBase::drupalCreateNode()

If we remove all instances why don't we just drop it everywhere? This does not seem to be a major API for contrib.

Okay, this seems to be the new way.

1. +++ b/core/lib/Drupal/Core/Session/AnonymousUserSession.php
   @@ -0,0 +1,28 @@
   +use Symfony\Component\DependencyInjection\Exception\RuntimeException;
   
   +++ b/core/modules/user/lib/Drupal/user/Entity/User.php
   @@ -14,6 +14,7 @@
   +use Symfony\Component\DependencyInjection\Exception\RuntimeException;
   

   No longer needed, should be removed

2. +++ b/core/modules/user/lib/Drupal/user/Entity/User.php
   @@ -199,6 +200,15 @@ public function getSessionId() {
   +  public function getHostname() {
   +    if (\Drupal::hasRequest()) {
   +      $this->hostname = \Drupal::request()->getClientIp();
   +    }
   +  }
   

   shouldn't this return the hostname too?

this addressed my concerns!
+1 for registering the property

Awesome!

2178581-59_0.patch no longer applies.

error: patch failed: core/includes/session.inc:18
error: core/includes/session.inc: patch does not apply

Committed/pushed to 8.x, thanks!