/**
* Checks if the token is valid
*
* @param Request $request The current request
* @param ISession $session The current session
* @return bool True if the token is valid, otherwise false
*/
public function tokenIsValid(Request $request, ISession $session)
{
if (!$session->has(self::TOKEN_INPUT_NAME)) {
$session->set(self::TOKEN_INPUT_NAME, $this->strings->generateRandomString(32));
}
if ($this->tokenShouldNotBeChecked($request)) {
return true;
}
// Try an input
$token = $request->getInput(self::TOKEN_INPUT_NAME);
// Try the X-CSRF header
if ($token === null) {
$token = $request->getHeaders()->get("X-CSRF-TOKEN");
}
// Try the X-XSRF header
if ($token === null) {
$token = $request->getHeaders()->get("X-XSRF-TOKEN");
}
return $this->strings->isEqual($session->get(self::TOKEN_INPUT_NAME), $token);
}
