/** * Refresh the current CSRF Token, store it on the user, then generate and return a new JWT. * * @param $token (JWT) * @param $user \App\User * @return \Illuminate\Http\JsonResponse|string */ public function refreshUserToken($token, $user) { // Reset the current CSRF token \Session::regenerateToken(); // Reset the user's token key to match current CSRF token $this->setUserTokenKey($user, csrf_token()); // Invalidate original JWT $this->auth->invalidate($token); // Generate a new token for the user $refreshed = $this->getJwtFromUser($user); return $refreshed; }
/** * Register the service provider. * * @return void */ public function register() { $app = $this->app; //创建 cookie-csrf filter $app->router->filter('cookie-csrf', function () { $config = $this->app->config->get('cookie-csrf::config'); if ($this->match($config['white_list']) && !$this->match($config['black_list'])) { if (\Session::token() !== \Cookie::get('cookie_csrf_token')) { throw new \Illuminate\Session\TokenMismatchException(); } if (!$this->app->request->wantsJson()) { \Session::regenerateToken(); //token用过一次后就重新生成,防止表单重复提交 } } }); }
public function logout() { Sentry::logout(); Session::flush(); $_SESSION = array(); @session_destroy(); Session::regenerateToken(); return Redirect::route(Str::studly($this->sectionFolder) . 'Login'); }
App::down(function () { return Response::make("Be right back!", 503); }); //tambahan App::error(function (Illuminate\Session\TokenMismatchException $exception, $code) { /* | Write to a specific log | Or write the request information to the database for e.g. a firewall mechanism | | Or just: */ $errors = ['_token' => ['Token tricking is very bad!']]; /** * Generate a new token for more security */ Session::regenerateToken(); /** * Redirect to the last step * Refill any old inputs except _token (it would override our new token) * Set the error message */ return Redirect::back()->withInput(Input::except('_token'))->withErrors($errors); }); /* |-------------------------------------------------------------------------- | Require The Filters File |-------------------------------------------------------------------------- | | Next we will load the filters file for the application. This gives us | a nice separate location to store our route and application filter | definitions instead of putting them all in the main routes file.
public function addUrl() { Session::regenerateToken(); if (!User::current()->isContributor()) { return Redirect::to('/user/login'); } $url = Input::get('url'); $state = scanUrl($url); return $this->view('home', array('url' => $url, 'state' => $state)); }