PHP Symfony\Component\Security\Csrf CsrfTokenManager::isTokenValid Beispiele

Beispiel #1

Datei: CsrfProtectedControllerTrait.php Projekt: smichaelsen/php-salad-bowl

 /**
  * @param string $tokenId
  * @param string $value
  * @throws \Exception
  */
 protected function validateCsrfToken($tokenId, $value)
 {
     if ($this->csrfTokenManager->isTokenValid(new CsrfToken($tokenId, $value))) {
         return;
     }
     throw new \Exception('Invalid csrf token. Please try again', 1465918041);
 }

Beispiel #2

Datei: FileUploadHandler.php Projekt: reskume/file-bundle

 /**
  * @param Request $request
  *
  * @return bool
  */
 private function hasValidCsrfToken(Request $request) : bool
 {
     // @important verify that each AJAX POST request has a valid CSRF token
     $csrfToken = new CsrfToken($this->formName, $this->formToken);
     if (!$this->tokenManager->isTokenValid($csrfToken)) {
         $this->setResponseDetails(403, 'Invalid upload token.');
         return false;
     }
     return true;
 }

Beispiel #3

Datei: MainTest.php Projekt: jeanpasqualini-lesson/lesson-security-csrf

 public function runTest()
 {
     $tokenStorage = new ArrayTokenStorage();
     $crsfTokenManager = new CsrfTokenManager(null, $tokenStorage);
     $token = $crsfTokenManager->getToken("montest");
     if ($crsfTokenManager->isTokenValid($token)) {
         echo "[VALIDATION] OK" . PHP_EOL;
     } else {
         echo "[VALIDATION] KO" . PHP_EOL;
     }
     echo "Tokens stockés : " . print_r($tokenStorage->all(), true) . PHP_EOL;
 }

Beispiel #4

Datei: SessionController.php Projekt: ezsystems/ezpublish-kernel

 /**
  * Checks the presence / validity of the CSRF token.
  *
  * @param Request $request
  *
  * @throws UnauthorizedException if the token is missing or invalid.
  */
 private function checkCsrfToken(Request $request)
 {
     if ($this->csrfTokenManager === null) {
         return;
     }
     $exception = new UnauthorizedException('Missing or invalid CSRF token', $request->getMethod() . ' ' . $request->getPathInfo());
     if (!$request->headers->has('X-CSRF-Token')) {
         throw $exception;
     }
     $csrfToken = new CsrfToken($this->csrfTokenIntention, $request->headers->get('X-CSRF-Token'));
     if (!$this->csrfTokenManager->isTokenValid($csrfToken)) {
         throw $exception;
     }
 }

Beispiel #5

Datei: CsrfTokenProvider.php Projekt: comphppuebla/easy-forms

 /**
  * @param string $tokenId
  * @param string $token
  * @return bool
  */
 public function isTokenValid($tokenId, $token)
 {
     return $this->tokenManager->isTokenValid(new CsrfToken($tokenId, $token));
 }

Beispiel #6

Datei: CsrfTokenManagerTest.php Projekt: symfony/symfony

 public function testNonExistingTokenIsNotValid()
 {
     $this->storage->expects($this->once())->method('hasToken')->with('token_id')->will($this->returnValue(false));
     $this->storage->expects($this->never())->method('getToken');
     $this->assertFalse($this->manager->isTokenValid(new CsrfToken('token_id', 'FOOBAR')));
 }