Disable token verification when drafts are disabled.

quantcdn · Nov 1, 2023 · 2bca4a7 · 2bca4a7
1 parent 0718ee7
commit 2bca4a7
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/src/TokenManager.php b/src/TokenManager.php
@@ -38,6 +38,13 @@ class TokenManager {
    */
   protected $settings;
 
+  /**
+   * Global Quant configuration.
+   *
+   * @var \Drupal\Core\Config\ImmutableConfig
+   */
+  protected $quantSettings;
+
   /**
    * Construct a TokenManager instance.
    *
@@ -52,6 +59,7 @@ public function __construct(Connection $connection, RequestStack $request, Confi
     $this->connection = $connection;
     $this->request = $request;
     $this->settings = $config_factory->get('quant.token_settings');
+    $this->quantSettings = $config_factory->get('quant.settings');
   }
 
   /**
@@ -148,6 +156,13 @@ public function validate($route = NULL, $strict = TRUE) {
       throw new TokenValidationDisabledException();
     }
 
+    if ($this->quantSettings->get('disable_content_drafts')) {
+      // When content drafts are disabled the token is irrelevant.
+      // It may not even be included in the internal HTTP request.
+      // Bypass validation altogether, as the token is only required for draft access.
+      throw new TokenValidationDisabledException();
+    }
+
     $secret = $this->settings->get('secret');
     $current_time = new \DateTime();
     $token = $this->request->getCurrentRequest()->headers->get('quant-token');