/**
* Validates CSRF token in given PSR-7 Request instance.
*
* @param ServerRequestInterface $request PSR-7 Request instance.
*
* @throws \Students\Exception\BadRequestException If CSRF check failed.
*
* @return boolean True if CSRF check was successful.
*/
public function validateCsrfToken(ServerRequestInterface $request)
{
$formToken = isset($request->getParsedBody()['csrf']) ? strval($request->getParsedBody()['csrf']) : '';
$cookie = FigRequestCookies::get($request, 'csrf');
if ($cookie->getValue() !== $formToken) {
throw new BadRequestException($request);
}
return true;
}
/**
* {@inheritdoc}
*/
public function __invoke(ServerRequestInterface $request, ResponseInterface $response)
{
$cookieName = 'cookie-test';
$cookie = FigRequestCookies::get($request, $cookieName);
$cookie = $cookie->getValue() ?: 'Not Found';
$cookieTest = "\nCookie test: {$cookie}";
$contents = str_replace('{cookie}', $cookieTest, self::HTML);
$response->getBody()->write($contents);
$responseCookie = SetCookie::create($cookieName, 'testing-' . \random_int(100, 200));
return FigResponseCookies::set($response, $responseCookie);
}
/**
* Returns an auth token if user in given request instance is authorized.
* Returns null otherwise.
*
* @param ServerRequestInterface $request [description]
*
* @return string|null
*/
public function getAuthToken(ServerRequestInterface $request)
{
$cookie = FigRequestCookies::get($request, 'authorization');
return $cookie->getValue();
}
/**
* @param RequestInterface $request
* @return SessionInterface
*/
private function getSession(RequestInterface $request)
{
$session = $this->manager->driver();
$cookieData = FigRequestCookies::get($request, $session->getName());
$session->setId($cookieData->getValue());
return $session;
}
