This component provides a set of functions to improve the security in Forum application.
Prefixed version.
$login = $this->request->getPost('login');
$password = $this->request->getPost('password');
$user = Users::findFirstByLogin($login);
if ($user && $this->security->checkHash($password, $user->password)) {
The password is valid
}
/**
* Initialize the Security Service.
*/
protected function initSecurity()
{
$this->di->setShared('security', function () {
$security = new Security();
$security->setWorkFactor(12);
return $security;
});
}
/**
* Tests Security::checkPrefixedToken method
*/
public function testCheckPrefixedToken()
{
$this->specify('The Security::checkPrefixedToken works incorrectly', function () {
$di = $this->setupDI();
$s = new Security();
$s->setDI($di);
// Random token and token key check
$tokenKey = $s->getPrefixedTokenKey('y');
$token = $s->getPrefixedToken('y');
$_POST = [$tokenKey => $token];
expect($s->checkPrefixedToken('y', null, null, false))->true();
expect($s->checkPrefixedToken('y'))->true();
expect($s->checkPrefixedToken('y'))->false();
// Destroy token check
$tokenKey = $s->getPrefixedToken('z');
$token = $s->getPrefixedToken('z');
$s->destroyPrefixedToken('z');
$_POST = [$tokenKey => $token];
expect($s->checkPrefixedToken('z'))->false();
// Custom token key check
$token = $s->getPrefixedToken('abc');
$_POST = ['custom_key' => $token];
expect($s->checkPrefixedToken('abc', null, null, false))->false();
expect($s->checkPrefixedToken('abc', 'other_custom_key', null, false))->false();
expect($s->checkPrefixedToken('abc', 'custom_key'))->true();
// Custom token value check
$token = $s->getPrefixedToken('xyz');
$_POST = [];
expect($s->checkPrefixedToken('xyz', null, null, false))->false();
expect($s->checkPrefixedToken('xyz', 'some_random_key', 'some_random_value', false))->false();
expect($s->checkPrefixedToken('xyz', 'custom_key', $token))->true();
});
}
