Tests if the last 40 characters of a given string $string
matches the HMAC of the rest of the string and, if true,
returns the string without the HMAC. In case of a HMAC
validation error, an exception is thrown.
| public validateAndStripHmac ( string $string ) : string | ||
| $string | string | The string with the HMAC appended (in the format 'string |
| return | string | the original string without the HMAC, if validation was successful |
/**
* Extracts the WidgetContext from the given $httpRequest.
* If the request contains an argument "__widgetId" the context is fetched from the session (AjaxWidgetContextHolder).
* Otherwise the argument "__widgetContext" is expected to contain the serialized WidgetContext (protected by a HMAC suffix)
*
* @param Request $httpRequest
* @return WidgetContext
*/
protected function extractWidgetContext(Request $httpRequest)
{
if ($httpRequest->hasArgument('__widgetId')) {
return $this->ajaxWidgetContextHolder->get($httpRequest->getArgument('__widgetId'));
} elseif ($httpRequest->hasArgument('__widgetContext')) {
$serializedWidgetContextWithHmac = $httpRequest->getArgument('__widgetContext');
$serializedWidgetContext = $this->hashService->validateAndStripHmac($serializedWidgetContextWithHmac);
return unserialize(base64_decode($serializedWidgetContext));
}
return null;
}
/**
* Returns an ActionRequest which referred to this request, if any.
*
* The referring request is not set or determined automatically but must be
* explicitly set through the corresponding internal argument "__referrer".
* This mechanism is used by Flow's form and validation mechanisms.
*
* @return ActionRequest the referring request, or NULL if no referrer found
*/
public function getReferringRequest()
{
if ($this->referringRequest !== null) {
return $this->referringRequest;
}
if (!isset($this->internalArguments['__referrer'])) {
return null;
}
if (is_array($this->internalArguments['__referrer'])) {
$referrerArray = $this->internalArguments['__referrer'];
$referringRequest = new ActionRequest($this->getHttpRequest());
$arguments = [];
if (isset($referrerArray['arguments'])) {
$serializedArgumentsWithHmac = $referrerArray['arguments'];
$serializedArguments = $this->hashService->validateAndStripHmac($serializedArgumentsWithHmac);
$arguments = unserialize(base64_decode($serializedArguments));
unset($referrerArray['arguments']);
}
$referringRequest->setArguments(Arrays::arrayMergeRecursiveOverrule($arguments, $referrerArray));
return $referringRequest;
} else {
$this->referringRequest = $this->internalArguments['__referrer'];
}
return $this->referringRequest;
}
/**
* @test
*/
public function validateAndStripHmacReturnsTheStringWithoutHmac()
{
$string = ' Some arbitrary string with special characters: öäüß!"§$ ';
$hashedString = $this->hashService->appendHmac($string);
$actualResult = $this->hashService->validateAndStripHmac($hashedString);
$this->assertSame($string, $actualResult);
}
/**
* Initialize the property mapping configuration in $controllerArguments if
* the trusted properties are set inside the request.
*
* @param ActionRequest $request
* @param Arguments $controllerArguments
* @return void
*/
public function initializePropertyMappingConfigurationFromRequest(ActionRequest $request, Arguments $controllerArguments)
{
$trustedPropertiesToken = $request->getInternalArgument('__trustedProperties');
if (!is_string($trustedPropertiesToken)) {
return;
}
$serializedTrustedProperties = $this->hashService->validateAndStripHmac($trustedPropertiesToken);
$trustedProperties = unserialize($serializedTrustedProperties);
foreach ($trustedProperties as $propertyName => $propertyConfiguration) {
if (!$controllerArguments->hasArgument($propertyName)) {
continue;
}
$propertyMappingConfiguration = $controllerArguments->getArgument($propertyName)->getPropertyMappingConfiguration();
$this->modifyPropertyMappingConfiguration($propertyConfiguration, $propertyMappingConfiguration);
}
}
/**
* @return void
* @internal
*/
protected function initializeFormStateFromRequest()
{
$serializedFormStateWithHmac = $this->request->getInternalArgument('__state');
if ($serializedFormStateWithHmac === null) {
$this->formState = new FormState();
} else {
$serializedFormState = $this->hashService->validateAndStripHmac($serializedFormStateWithHmac);
$this->formState = unserialize(base64_decode($serializedFormState));
}
}
