Exemple #1
0
 /**
  * {@inheritdoc}
  */
 public function __invoke(ServerRequestInterface $request, ResponseInterface $response, \Closure $next)
 {
     if (isset($request->getCookieParams()[self::COOKIE])) {
         $token = $request->getCookieParams()[self::COOKIE];
     } else {
         //Making new token
         $token = substr(base64_encode(openssl_random_pseudo_bytes(self::TOKEN_LENGTH)), 0, self::TOKEN_LENGTH);
         //We can alter response cookies
         $response = $response->withAddedHeader('Set-Cookie', Cookie::create(self::COOKIE, $token, self::LIFETIME, $request->getAttribute('basePath'), $request->getAttribute('cookieDomain'))->packHeader());
     }
     if ($this->isRequired($request) && !$this->compare($token, $this->fetchToken($request))) {
         //Invalid CSRF token
         return $response->withStatus(412, 'Bad CSRF Token');
     }
     return $next($request->withAttribute(static::ATTRIBUTE, $token), $response);
 }
Exemple #2
0
 /**
  * @param Cookie $cookie
  * @return Cookie
  */
 private function encodeCookie(Cookie $cookie)
 {
     if ($this->httpConfig->cookieProtection() == HttpConfig::COOKIE_ENCRYPT) {
         return $cookie->withValue($this->encrypter()->encrypt($cookie->getValue()));
     }
     //VALUE.HMAC
     return $cookie->withValue($cookie->getValue() . $this->hmacSign($cookie->getValue()));
 }
Exemple #3
0
 /**
  * @param Request     $request
  * @param string|null $hash
  * @return string
  */
 protected function cookieHeader(Request $request, $hash)
 {
     return Cookie::create($this->cookie, $hash, $this->getLifetime(), $this->httpConfig->basePath(), $this->httpConfig->cookiesDomain($request->getUri()))->createHeader();
 }
Exemple #4
0
 /**
  * Generate session cookie.
  *
  * @param UriInterface $uri Incoming uri.
  * @param string       $sessionID
  * @return Cookie
  */
 private function sessionCookie(UriInterface $uri, $sessionID)
 {
     return Cookie::create($this->config->sessionCookie(), $sessionID, $this->config->sessionLifetime(), $this->httpConfig->basePath(), $this->httpConfig->cookiesDomain($uri));
 }
Exemple #5
0
 /**
  * @param Cookie $cookie
  * @return Cookie
  */
 private function encodeCookie(Cookie $cookie)
 {
     if ($this->config['method'] == self::ENCRYPT) {
         return $cookie->withValue($this->encrypter()->encrypt($cookie->getValue()));
     }
     //MAC
     return $cookie->withValue($cookie->getValue() . $this->hmacSign($cookie->getValue()));
 }
Exemple #6
0
 /**
  * Generate CSRF cookie.
  *
  * @param UriInterface $uri Incoming uri.
  * @param string       $token
  * @return Cookie
  */
 protected function tokenCookie(UriInterface $uri, $token)
 {
     return Cookie::create($this->httpConfig->csrfCookie(), $token, $this->httpConfig->csrfLifetime(), $this->httpConfig->basePath(), $this->httpConfig->cookiesDomain($uri));
 }
Exemple #7
0
 /**
  * Mount session id or remove session cookie.
  *
  * @param ServerRequestInterface $request
  * @param ResponseInterface      $response
  * @param SessionStore           $store
  * @param array                  $cookies
  * @return ResponseInterface
  */
 protected function setCookie(ServerRequestInterface $request, ResponseInterface $response, SessionStore $store, array $cookies)
 {
     if ($store->isStarted()) {
         $store->commit();
     }
     if (!isset($cookies[self::COOKIE]) || $cookies[self::COOKIE] != $store->getID()) {
         if ($response instanceof ResponseInterface) {
             return $response->withAddedHeader('Set-Cookie', Cookie::create(self::COOKIE, $store->getID(), $store->config()['lifetime'], $request->getAttribute('basePath'), $request->getAttribute('cookieDomain'))->packHeader());
         }
     }
     return $response;
 }