Tests if the last 40 characters of a given string $string
matches the HMAC of the rest of the string and, if true,
returns the string without the HMAC. In case of a HMAC
validation error, an exception is thrown.
public validateAndStripHmac ( string $string ) : string | ||
$string | string | The string with the HMAC appended (in the format 'string |
return | string | the original string without the HMAC, if validation was successful |
/** * Extracts the WidgetContext from the given $httpRequest. * If the request contains an argument "__widgetId" the context is fetched from the session (AjaxWidgetContextHolder). * Otherwise the argument "__widgetContext" is expected to contain the serialized WidgetContext (protected by a HMAC suffix) * * @param Request $httpRequest * @return WidgetContext */ protected function extractWidgetContext(Request $httpRequest) { if ($httpRequest->hasArgument('__widgetId')) { return $this->ajaxWidgetContextHolder->get($httpRequest->getArgument('__widgetId')); } elseif ($httpRequest->hasArgument('__widgetContext')) { $serializedWidgetContextWithHmac = $httpRequest->getArgument('__widgetContext'); $serializedWidgetContext = $this->hashService->validateAndStripHmac($serializedWidgetContextWithHmac); return unserialize(base64_decode($serializedWidgetContext)); } return null; }
/** * Returns an ActionRequest which referred to this request, if any. * * The referring request is not set or determined automatically but must be * explicitly set through the corresponding internal argument "__referrer". * This mechanism is used by Flow's form and validation mechanisms. * * @return ActionRequest the referring request, or NULL if no referrer found */ public function getReferringRequest() { if ($this->referringRequest !== null) { return $this->referringRequest; } if (!isset($this->internalArguments['__referrer'])) { return null; } if (is_array($this->internalArguments['__referrer'])) { $referrerArray = $this->internalArguments['__referrer']; $referringRequest = new ActionRequest($this->getHttpRequest()); $arguments = []; if (isset($referrerArray['arguments'])) { $serializedArgumentsWithHmac = $referrerArray['arguments']; $serializedArguments = $this->hashService->validateAndStripHmac($serializedArgumentsWithHmac); $arguments = unserialize(base64_decode($serializedArguments)); unset($referrerArray['arguments']); } $referringRequest->setArguments(Arrays::arrayMergeRecursiveOverrule($arguments, $referrerArray)); return $referringRequest; } else { $this->referringRequest = $this->internalArguments['__referrer']; } return $this->referringRequest; }
/** * @test */ public function validateAndStripHmacReturnsTheStringWithoutHmac() { $string = ' Some arbitrary string with special characters: öäüß!"§$ '; $hashedString = $this->hashService->appendHmac($string); $actualResult = $this->hashService->validateAndStripHmac($hashedString); $this->assertSame($string, $actualResult); }
/** * Initialize the property mapping configuration in $controllerArguments if * the trusted properties are set inside the request. * * @param ActionRequest $request * @param Arguments $controllerArguments * @return void */ public function initializePropertyMappingConfigurationFromRequest(ActionRequest $request, Arguments $controllerArguments) { $trustedPropertiesToken = $request->getInternalArgument('__trustedProperties'); if (!is_string($trustedPropertiesToken)) { return; } $serializedTrustedProperties = $this->hashService->validateAndStripHmac($trustedPropertiesToken); $trustedProperties = unserialize($serializedTrustedProperties); foreach ($trustedProperties as $propertyName => $propertyConfiguration) { if (!$controllerArguments->hasArgument($propertyName)) { continue; } $propertyMappingConfiguration = $controllerArguments->getArgument($propertyName)->getPropertyMappingConfiguration(); $this->modifyPropertyMappingConfiguration($propertyConfiguration, $propertyMappingConfiguration); } }
/** * @return void * @internal */ protected function initializeFormStateFromRequest() { $serializedFormStateWithHmac = $this->request->getInternalArgument('__state'); if ($serializedFormStateWithHmac === null) { $this->formState = new FormState(); } else { $serializedFormState = $this->hashService->validateAndStripHmac($serializedFormStateWithHmac); $this->formState = unserialize(base64_decode($serializedFormState)); } }