Ubiquity 2.5.2
php rapid development framework
Loading...
Searching...
No Matches
UCsrfHttp.php
Go to the documentation of this file.
1<?php
2namespace Ubiquity\security\csrf;
3
4use Ubiquity\utils\http\UCookie;
5use Ubiquity\controllers\Startup;
6
15class UCsrfHttp {
16
17 private const COOKIE_KEY = 'X-XSRF-TOKEN';
18
25 public static function isValidPost(string $name): bool {
26 $id = CsrfManager::getSelector($name);
27 if (isset($_POST[$id])) {
28 return CsrfManager::isValid($id, $_POST[$id]);
29 }
30 return false;
31 }
32
39 public static function isValidCookie(string $name): bool {
40 $id = CsrfManager::getSelector($name);
41 $value = UCookie::get(self::COOKIE_KEY, [
42 $id => null
43 ])[$id];
44 if (isset($value)) {
45 return CsrfManager::isValid($id, $value);
46 }
47 return false;
48 }
49
55 public static function isValidMeta(string $name):bool{
56 $headers=Startup::getHttpInstance ()->getAllHeaders ();
57 if(isset($headers['csrf-token'])){
58 list($id,$value)=explode(':', $headers['csrf-token']);
59 return $id===CsrfManager::getSelector($name) && CsrfManager::isValidByName($name, $value);
60 }
61 }
62
68 public static function getTokenMeta(string $name): string {
69 $token = CsrfManager::getToken($name);
70 return "<meta name='csrf-token' content='{$token->getId()}:{$token->getValue()}'>";
71 }
72
79 public static function getTokenField(string $name): string {
80 $token = CsrfManager::getToken($name);
81 return "<input type='hidden' value='{$token->getValue()}' name='{$token->getId()}'>";
82 }
83
93 public static function addCookieToken(string $name, string $path = '/', bool $secure = true, bool $httpOnly = true): bool {
94 $token = CsrfManager::getToken($name);
95 return UCookie::set(self::COOKIE_KEY . '[' . $token->getId() . ']', $token->getValue(), null, $path, $secure, $httpOnly);
96 }
97}
98
Ubiquity\controllers\Startup
Starts the framework.
Definition Startup.php:19
Ubiquity\security\csrf\CsrfManager
Ubiquity\security\csrf$CsrfManager This class is part of Ubiquity.
Definition CsrfManager.php:18
Ubiquity\security\csrf\CsrfManager\isValid
static isValid(string $id, string $value)
Returns whether the given CSRF token is valid, given his id.
Definition CsrfManager.php:78
Ubiquity\security\csrf\UCsrfHttp
Ubiquity\security\csrf$UCsrfHttp This class is part of Ubiquity.
Definition UCsrfHttp.php:15
Ubiquity\security\csrf\UCsrfHttp\getTokenMeta
static getTokenMeta(string $name)
Adds a token in headers.
Definition UCsrfHttp.php:68
Ubiquity\security\csrf\UCsrfHttp\getTokenField
static getTokenField(string $name)
Returns an input field with a generated token.
Definition UCsrfHttp.php:79
Ubiquity\security\csrf\UCsrfHttp\isValidMeta
static isValidMeta(string $name)
Returns whether the given CSRF token is present and valid in header meta csrf-token,...
Definition UCsrfHttp.php:55
Ubiquity\security\csrf\UCsrfHttp\addCookieToken
static addCookieToken(string $name, string $path='/', bool $secure=true, bool $httpOnly=true)
Adds a token in cookies.
Definition UCsrfHttp.php:93
Ubiquity\security\csrf\UCsrfHttp\isValidPost
static isValidPost(string $name)
Returns whether the given CSRF token is present and valid in POST values, given his name.
Definition UCsrfHttp.php:25
Ubiquity\security\csrf\UCsrfHttp\isValidCookie
static isValidCookie(string $name)
Returns whether the given CSRF token is present and valid in cookies, given his name.
Definition UCsrfHttp.php:39