/** * @param string $tokenId * @param string $value * @throws \Exception */ protected function validateCsrfToken($tokenId, $value) { if ($this->csrfTokenManager->isTokenValid(new CsrfToken($tokenId, $value))) { return; } throw new \Exception('Invalid csrf token. Please try again', 1465918041); }
/** * @param Request $request * * @return bool */ private function hasValidCsrfToken(Request $request) : bool { // @important verify that each AJAX POST request has a valid CSRF token $csrfToken = new CsrfToken($this->formName, $this->formToken); if (!$this->tokenManager->isTokenValid($csrfToken)) { $this->setResponseDetails(403, 'Invalid upload token.'); return false; } return true; }
public function runTest() { $tokenStorage = new ArrayTokenStorage(); $crsfTokenManager = new CsrfTokenManager(null, $tokenStorage); $token = $crsfTokenManager->getToken("montest"); if ($crsfTokenManager->isTokenValid($token)) { echo "[VALIDATION] OK" . PHP_EOL; } else { echo "[VALIDATION] KO" . PHP_EOL; } echo "Tokens stockés : " . print_r($tokenStorage->all(), true) . PHP_EOL; }
/** * Checks the presence / validity of the CSRF token. * * @param Request $request * * @throws UnauthorizedException if the token is missing or invalid. */ private function checkCsrfToken(Request $request) { if ($this->csrfTokenManager === null) { return; } $exception = new UnauthorizedException('Missing or invalid CSRF token', $request->getMethod() . ' ' . $request->getPathInfo()); if (!$request->headers->has('X-CSRF-Token')) { throw $exception; } $csrfToken = new CsrfToken($this->csrfTokenIntention, $request->headers->get('X-CSRF-Token')); if (!$this->csrfTokenManager->isTokenValid($csrfToken)) { throw $exception; } }
/** * @param string $tokenId * @param string $token * @return bool */ public function isTokenValid($tokenId, $token) { return $this->tokenManager->isTokenValid(new CsrfToken($tokenId, $token)); }
public function testNonExistingTokenIsNotValid() { $this->storage->expects($this->once())->method('hasToken')->with('token_id')->will($this->returnValue(false)); $this->storage->expects($this->never())->method('getToken'); $this->assertFalse($this->manager->isTokenValid(new CsrfToken('token_id', 'FOOBAR'))); }