Problem/Motivation

While reviewed patch #2473875-75: Convert uses of $_SESSION to symfony session retrieved from the request
\Drupal\user\AccountForm using pass-reset-token from request instead of query string

Proposed resolution

Consume pass-reset-token from query string

Remaining tasks

- patch and add tests for token (may need CR
- review/commit

User interface changes

no

API changes

no

Data model changes

no

Release notes snippet

CommentFileSizeAuthor
#24 3150876-24.patch3.88 KBandypost
#24 interdiff.txt752 bytesandypost
#19 interdiff-15-18.txt1.03 KBhardik_patel_12
#18 3150876-18-test-only.patch2.95 KBhardik_patel_12
#8 interdiff_05-08.txt802 byteskunalgautam
#18 3150876-18.patch3.91 KBhardik_patel_12
#8 wrong_usage_request_views-3109109-08.patch2.83 KBkunalgautam
#15 3150876-15-test-only.patch3.12 KBvijaycs85
#5 3109109-5.patch2.83 KBandypost
#15 3150876-15.patch4.08 KBvijaycs85
#5 interdiff.txt1.88 KBandypost
#12 3109109-12.patch979 bytesandypost
#2 3109109-2.patch979 bytesandypost

Comments

andypost created an issue. See original summary.

andypost’s picture

andypost
he/him
Primary language Russian
commented
Status: Active » Needs review
StatusFileSize
new 3109109-2.patch979 bytes

Not clear hot to add tests

andypost’s picture

andypost
he/him
Primary language Russian
commented
Issue summary: View changes
Parent issue: #2473875: Convert uses of $_SESSION to symfony session retrieved from the request »

Filed #3109110: Deprecate request argument for view time cache plugin

Version: 8.9.x-dev » 9.1.x-dev

Drupal 8.9.0-beta1 was released on March 20, 2020. 8.9.x is the final, long-term support (LTS) minor release of Drupal 8, which means new developments and disruptive changes should now be targeted against the 9.1.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

andypost’s picture

andypost
he/him
Primary language Russian
commented
StatusFileSize
new interdiff.txt1.88 KB
new 3109109-5.patch2.83 KB

Fix cache, probably it should use assert()

Status: Needs review » Needs work

The last submitted patch, 5: 3109109-5.patch, failed testing. View results

kunalgautam’s picture

kunalgautam commented
Assigned: Unassigned » kunalgautam
kunalgautam’s picture

kunalgautam commented
StatusFileSize
new wrong_usage_request_views-3109109-08.patch2.83 KB
new interdiff_05-08.txt802 bytes

Some change in #5 patch

kunalgautam’s picture

kunalgautam commented
Assigned: kunalgautam » Unassigned
Status: Needs work » Needs review
andypost’s picture

andypost
he/him
Primary language Russian
commented
Status: Needs review » Reviewed & tested by the community

Thank you, it counts from 0) btw maybe commiters will ask to split account form changes....

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
commented
Status: Reviewed & tested by the community » Needs work

In the issue summary it says:
- pass-reset-token should be checked in query string
- \Drupal\views\Plugin\views\cache\Time stores request object [3109110]
Can these be broken into two separate issues. They are completely different scopes even though they were detected in the same review.

andypost’s picture

andypost
he/him
Primary language Russian
commented
Issue summary: View changes
Status: Needs work » Needs review
StatusFileSize
new 3109109-12.patch979 bytes

Updated IS and filed views part to #3109110: Deprecate request argument for view time cache plugin

Thinking about how to write test for that

andypost’s picture

andypost
he/him
Primary language Russian
commented
Title: Fix wrong usage of request in views » AccountForm should read pass-reset-token only from query string
Component: views.module » user.module

Fix title and component

andypost’s picture

andypost
he/him
Primary language Russian
commented
Issue tags: +Bug Smash Initiative
vijaycs85’s picture

vijaycs85
Location London, UK
commented
StatusFileSize
new 3150876-15.patch4.08 KB
new 3150876-15-test-only.patch3.12 KB

Here is some test coverage based on the account settings form.

Status: Needs review » Needs work

The last submitted patch, 15: 3150876-15-test-only.patch, failed testing. View results
- codesniffer_fixes.patch Interdiff of automated coding standards fixes only.

vijaycs85’s picture

vijaycs85
Location London, UK
commented
Status: Needs work » Needs review
hardik_patel_12’s picture

hardik_patel_12 commented
StatusFileSize
new 3150876-18.patch3.91 KB
new 3150876-18-test-only.patch2.95 KB 
-   * @var \Drupal\Core\Entity\EntityBase|\Drupal\Core\Entity\EntityInterface
+   * @var \Drupal\user\UserInterface

changing the type hint of $user variable

-  protected static $modules = ['system', 'user', 'field'];
+  protected static $modules = ['system', 'user'];

removing field module

-    $this->container->get('entity_type.manager')
-      ->getFormObject($entity_type, $operation)
-      ->setEntity($entity);

About this i am not sure , but we are not using this anywhere . So can you please me to understand this get container use-case in buildAccountForm().

Kindly review a patch.

hardik_patel_12’s picture

hardik_patel_12 commented
StatusFileSize
new interdiff-15-18.txt1.03 KB

Sorry forgot to upload interdiff.

Status: Needs review » Needs work

The last submitted patch, 18: 3150876-18-test-only.patch, failed testing. View results
- codesniffer_fixes.patch Interdiff of automated coding standards fixes only.

vijaycs85’s picture

vijaycs85
Location London, UK
commented
Status: Needs work » Needs review

#18good catch @Hardik_Patel_12. We might not need field related features given we are testing the entity behaviour. I will clean up.

hardik_patel_12’s picture

hardik_patel_12 commented

Created new issue for removing getFormObject call from UserAccountFormFieldsTest file kindly look #3154461: Removing getFormObject call from UserAccountFormFieldsTest

andypost’s picture

andypost
he/him
Primary language Russian
commented
Component: user.module » views.module

Only 1 code style fix left here, otherwise RTBC++

andypost’s picture

andypost
he/him
Primary language Russian
commented
Component: views.module » user.module
StatusFileSize
new interdiff.txt752 bytes
new 3150876-24.patch3.88 KB

Fix CS

andypost’s picture

andypost
he/him
Primary language Russian
commented

Related CR is https://www.drupal.org/node/2743809

andypost’s picture

andypost
he/him
Primary language Russian
commented

And the first one https://www.drupal.org/node/2150267
Explains why should use query of request

Version: 9.1.x-dev » 9.2.x-dev

Drupal 9.1.0-alpha1 will be released the week of October 19, 2020, which means new developments and disruptive changes should now be targeted for the 9.2.x-dev branch. For more information see the Drupal 9 minor version schedule and the Allowed changes during the Drupal 9 release cycle.

mxr576’s picture

mxr576
Primary language Hungarian
Location Hungary
commented
Status: Needs review » Reviewed & tested by the community

LGTM

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
commented
Version: 9.2.x-dev » 9.1.x-dev
Status: Reviewed & tested by the community » Fixed

Committed and pushed 361ae1cb71 to 9.2.x and a6e7eeef22 to 9.1.x. Thanks!

  • alexpott committed 361ae1c on 9.2.x 
    Issue #3109109 by andypost, Hardik_Patel_12, vijaycs85, kkalashnikov,...

  • alexpott committed a6e7eee on 9.1.x 
    Issue #3109109 by andypost, Hardik_Patel_12, vijaycs85, kkalashnikov,...
andypost’s picture

andypost
he/him
Primary language Russian
commented

Thank you! Now the only leftover for meta is #2484991: Add the session to the request in KernelTestBase, BrowserTestBase, and drush

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.