diff --git a/core/core.services.yml b/core/core.services.yml
index c3bb8d209a6d95cf3c93e7a57332206cdbd3361b..46ca46a773c16cda17cd48a05acc3e204ec1ed06 100644
--- a/core/core.services.yml
+++ b/core/core.services.yml
@@ -499,8 +499,6 @@ services:
csrf_token:
class: Drupal\Core\Access\CsrfTokenGenerator
arguments: ['@private_key']
- calls:
- - [setCurrentUser, ['@?current_user']]
access_manager:
class: Drupal\Core\Access\AccessManager
arguments: ['@router.route_provider', '@url_generator', '@paramconverter_manager']
diff --git a/core/includes/common.inc b/core/includes/common.inc
index 46a93560c0dc1fb7ea89e4a1f6dbc213eabea0fb..107e51592b1258ae56fcc360d1ce86f81513d30c 100644
--- a/core/includes/common.inc
+++ b/core/includes/common.inc
@@ -2893,20 +2893,17 @@ function drupal_get_token($value = '') {
* The token to be validated.
* @param string $value
* An additional value to base the token on.
- * @param bool $skip_anonymous
- * Set to true to skip token validation for anonymous users.
*
* @return bool
- * True for a valid token, false for an invalid token. When $skip_anonymous
- * is true, the return value will always be true for anonymous users.
+ * True for a valid token, false for an invalid token.
*
* @see \Drupal\Core\Access\CsrfTokenGenerator
*
* @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
* Use return \Drupal::csrfToken()->validate().
*/
-function drupal_valid_token($token, $value = '', $skip_anonymous = FALSE) {
- return \Drupal::csrfToken()->validate($token, $value, $skip_anonymous);
+function drupal_valid_token($token, $value = '') {
+ return \Drupal::csrfToken()->validate($token, $value);
}
/**
diff --git a/core/lib/Drupal/Core/Access/CsrfTokenGenerator.php b/core/lib/Drupal/Core/Access/CsrfTokenGenerator.php
index 2e4e44d9cb65acfd4c5a24024df16b42468256b8..9918610ae2caf2e71ee1ed8bfad9f116b82677e9 100644
--- a/core/lib/Drupal/Core/Access/CsrfTokenGenerator.php
+++ b/core/lib/Drupal/Core/Access/CsrfTokenGenerator.php
@@ -25,13 +25,6 @@ class CsrfTokenGenerator {
*/
protected $privateKey;
- /**
- * The current user.
- *
- * @var \Drupal\Core\Session\AccountInterface
- */
- protected $currentUser;
-
/**
* Constructs the token generator.
*
@@ -42,16 +35,6 @@ public function __construct(PrivateKey $private_key) {
$this->privateKey = $private_key;
}
- /**
- * Sets the current user.
- *
- * @param \Drupal\Core\Session\AccountInterface|null $current_user
- * The current user service.
- */
- public function setCurrentUser(AccountInterface $current_user = NULL) {
- $this->currentUser = $current_user;
- }
-
/**
* Generates a token based on $value, the user session, and the private key.
*
@@ -82,15 +65,12 @@ public function get($value = '') {
* The token to be validated.
* @param string $value
* (optional) An additional value to base the token on.
- * @param bool $skip_anonymous
- * (optional) Set to TRUE to skip token validation for anonymous users.
*
* @return bool
- * TRUE for a valid token, FALSE for an invalid token. When $skip_anonymous
- * is TRUE, the return value will always be TRUE for anonymous users.
+ * TRUE for a valid token, FALSE for an invalid token.
*/
- public function validate($token, $value = '', $skip_anonymous = FALSE) {
- return ($skip_anonymous && $this->currentUser->isAnonymous()) || ($token === $this->get($value));
+ public function validate($token, $value = '') {
+ return $token === $this->get($value);
}
}
diff --git a/core/tests/Drupal/Tests/Core/Access/CsrfTokenGeneratorTest.php b/core/tests/Drupal/Tests/Core/Access/CsrfTokenGeneratorTest.php
index 766d6413275513e4d59756b78dd1d71383c17b45..8607304753439359620562aff3ef423b6303c2a1 100644
--- a/core/tests/Drupal/Tests/Core/Access/CsrfTokenGeneratorTest.php
+++ b/core/tests/Drupal/Tests/Core/Access/CsrfTokenGeneratorTest.php
@@ -71,23 +71,6 @@ public function testValidate() {
$token = $this->generator->get('bar');
$this->assertTrue($this->generator->validate($token, 'bar'));
-
- // Check the skip_anonymous option with both a anonymous user and a real
- // user.
- $account = $this->getMock('Drupal\Core\Session\AccountInterface');
- $account->expects($this->once())
- ->method('isAnonymous')
- ->will($this->returnValue(TRUE));
- $this->generator->setCurrentUser($account);
- $this->assertTrue($this->generator->validate($token, 'foo', TRUE));
-
- $account = $this->getMock('Drupal\Core\Session\AccountInterface');
- $account->expects($this->once())
- ->method('isAnonymous')
- ->will($this->returnValue(FALSE));
- $this->generator->setCurrentUser($account);
-
- $this->assertFalse($this->generator->validate($token, 'foo', TRUE));
}
/**