/** * Render the current security token and button for regeneration. */ public function getHTMLFragments($gridfield) { $existingTokens = APIwesomeToken::get()->exists(); // Temporarily retrieve the session value, preventing storage vulnerabilities. $currentToken = Session::get('APIwesomeToken'); // Determine the state of the current security token. $token = "<div class='token'>"; if ($currentToken === -1) { $status = 'error'; $token .= strtoupper($status); } else { if (!$existingTokens) { $status = 'invalid'; $token .= strtoupper($status); } else { $status = 'valid'; $token .= $currentToken ? $currentToken : strtoupper($status); } } $token .= '</div>'; // Determine the current controller. $regenerateURL = 'apiwesome/regenerateToken'; $controller = Controller::curr(); if (!$controller instanceof APIwesomeAdmin) { $regenerateURL .= '?from=' . $controller->Link(); } return array('before' => "<div class='apiwesome wrapper'>\n\t\t\t\t<div class='apiwesome admin {$status}'>\n\t\t\t\t\t<div><strong>Security Token</strong></div>\n\t\t\t\t\t{$token}\n\t\t\t\t\t<a href='{$regenerateURL}' class='regenerate ss-ui-action-constructive ss-ui-button ui-button ui-widget ui-state-default ui-corner-all ui-button-text-icon-primary' data-icon='arrow-circle-double'>Regenerate »</a>\n\t\t\t\t</div>\n\t\t\t</div>"); }
public function validateToken($token) { // Compare the token against the current security token. $token = explode(':', $token); $currentToken = APIwesomeToken::get()->sort('Created', 'DESC')->first(); if (count($token) === 2 && ($generation = $this->generateHash($token[0], $token[1])) && $currentToken) { $hash = $generation['hash']; if ($hash === $currentToken->Hash) { // The token matches the current security token. return self::VALID; } else { $tokens = APIwesomeToken::get()->sort('Created', 'DESC'); foreach ($tokens as $token) { if ($hash === $token->Hash) { // The token matches a previous security token. return self::EXPIRED; } } } } // The token does not match a security token. return self::INVALID; }