Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
The CsrfTokenGenerator service currently gets the request set, just to get the _account attribute. Now that we have a current_user service, we can just inject this instead. This should be more reliable as well as being able to remove the setRequest() method.
Proposed resolution
Inject current_user service, remove request usage, convert tests
Remaining tasks
See above, Resolve current_user request scope issues.
User interface changes
None
API changes
None
Comment | File | Size | Author |
---|---|---|---|
#10 | 2076703-10.patch | 5.33 KB | damiankloip |
#10 | interdiff-2076703-10.txt | 584 bytes | damiankloip |
#8 | 2076703-8.patch | 5.53 KB | damiankloip |
#8 | interdiff-20767038-8.txt | 510 bytes | damiankloip |
#4 | 2076703-4.patch | 5.53 KB | damiankloip |
Comments
Comment #1
damiankloip CreditAttribution: damiankloip commentedProbably dependent on #2076411: Remove the request scope from the current user service
Comment #2
damiankloip CreditAttribution: damiankloip commentedComment #3
dawehnerNote: this won't work when we put back the request scope back as the token generator is used outside of the request response. Maybe we could try to make the user service optional as only the generate method is used outside of the request scope.
Comment #4
damiankloip CreditAttribution: damiankloip commentedYes, I like that idea. Let's do that.
Comment #6
damiankloip CreditAttribution: damiankloip commented#4: 2076703-4.patch queued for re-testing.
Comment #8
damiankloip CreditAttribution: damiankloip commentedComment #9
dawehnerUnneeded...
Comment #10
damiankloip CreditAttribution: damiankloip commentedTotally.
Comment #12
dawehner#10: 2076703-10.patch queued for re-testing.
Comment #14
damiankloip CreditAttribution: damiankloip commentedI just removed a docblock... :(
Comment #15
damiankloip CreditAttribution: damiankloip commentedThis broke after #1975962: Move comment_links() into CommentRenderController. I think this is the reason the tests in #2109433: Replace user_access() through injected user accounts in views. are also failing too.
Comment #16
damiankloip CreditAttribution: damiankloip commented