Ubiquity 2.5.2
php rapid development framework
Loading...
Searching...
No Matches
VerifyCsrfToken.php
Go to the documentation of this file.
1<?php
2
3namespace Ubiquity\utils\http\session\protection;
4
5use Ubiquity\utils\http\session\AbstractSession;
6use Ubiquity\utils\http\UCookie;
7use Ubiquity\log\Logger;
8
17class VerifyCsrfToken implements VerifySessionCsrfInterface {
18 private AbstractSession $sessionInstance;
19 private const TOKEN_KEY = 'X-XSRF-TOKEN';
20
21 public function __construct(AbstractSession $sessionInstance) {
22 $this->sessionInstance = $sessionInstance;
23 }
24
25 protected function csrfErrorLog() {
26 $context = [];
27 $context ['HOST'] = $_SERVER ['HTTP_HOST'];
28 $context ['REQUEST_URI'] = $_SERVER ['REQUEST_URI'];
29 $context ['REQUEST_METHOD'] = $_SERVER ['REQUEST_METHOD'];
30 $context ['cookie'] = $_COOKIE;
31 Logger::error ( 'Session', 'CSRF protector validation failure!', 'startSession', $context );
32 }
33
34 public function init(): void {
35 $token = new CsrfToken ();
36 $this->sessionInstance->set ( self::TOKEN_KEY, $token );
37 UCookie::set ( $token->getName (), $token->getValue (), null );
38 }
39
40 public function clear(): void {
41 $token = $this->sessionInstance->get ( self::TOKEN_KEY );
42 $this->sessionInstance->delete ( self::TOKEN_KEY );
43 if (isset ( $token )) {
44 UCookie::delete ( $token->getName () );
45 }
46 }
47
48 public function start(): void {
49 $token = $this->sessionInstance->get ( self::TOKEN_KEY );
50 if (isset ( $token )) {
51 if (! $token instanceof CsrfToken || ! hash_equals ( $token->getValue (), '' . UCookie::get ( $token->getName () ) )) {
52 if (Logger::isActive ()) {
53 $this->csrfErrorLog ();
54 }
55 $this->clear();
56 $this->sessionInstance->terminate ();
57 }
58 return;
59 }
60 $this->init ();
61 }
62
63 public static function getLevel(): int {
64 return 1;
65 }
66}
67
Ubiquity\log\Logger
Abstract class for logging Ubiquity\log$Logger This class is part of Ubiquity.
Definition Logger.php:14
Ubiquity\utils\http\session\AbstractSession
Ubiquity\utils\http\session$AbstractSession This class is part of Ubiquity.
Definition AbstractSession.php:16
Ubiquity\utils\http\session\protection\CsrfToken
Ubiquity\utils\http\session\protection$CsrfToken This class is part of Ubiquity.
Definition CsrfToken.php:13
Ubiquity\utils\http\session\protection\VerifyCsrfToken
Ubiquity\utils\http\session\protection$VerifyCsrfToken This class is part of Ubiquity.
Definition VerifyCsrfToken.php:17
Ubiquity\utils\http\session\protection\VerifyCsrfToken\init
init()
Creates the Csrf token and adds it to the session.
Definition VerifyCsrfToken.php:34
Ubiquity\utils\http\session\protection\VerifySessionCsrfInterface
Ubiquity\utils\http\session\protection$VerifyCsrfInterface This class is part of Ubiquity.
Definition VerifySessionCsrfInterface.php:13