/** * Validates CSRF token in given PSR-7 Request instance. * * @param ServerRequestInterface $request PSR-7 Request instance. * * @throws \Students\Exception\BadRequestException If CSRF check failed. * * @return boolean True if CSRF check was successful. */ public function validateCsrfToken(ServerRequestInterface $request) { $formToken = isset($request->getParsedBody()['csrf']) ? strval($request->getParsedBody()['csrf']) : ''; $cookie = FigRequestCookies::get($request, 'csrf'); if ($cookie->getValue() !== $formToken) { throw new BadRequestException($request); } return true; }
/** * {@inheritdoc} */ public function __invoke(ServerRequestInterface $request, ResponseInterface $response) { $cookieName = 'cookie-test'; $cookie = FigRequestCookies::get($request, $cookieName); $cookie = $cookie->getValue() ?: 'Not Found'; $cookieTest = "\nCookie test: {$cookie}"; $contents = str_replace('{cookie}', $cookieTest, self::HTML); $response->getBody()->write($contents); $responseCookie = SetCookie::create($cookieName, 'testing-' . \random_int(100, 200)); return FigResponseCookies::set($response, $responseCookie); }
/** * Returns an auth token if user in given request instance is authorized. * Returns null otherwise. * * @param ServerRequestInterface $request [description] * * @return string|null */ public function getAuthToken(ServerRequestInterface $request) { $cookie = FigRequestCookies::get($request, 'authorization'); return $cookie->getValue(); }
/** * @param RequestInterface $request * @return SessionInterface */ private function getSession(RequestInterface $request) { $session = $this->manager->driver(); $cookieData = FigRequestCookies::get($request, $session->getName()); $session->setId($cookieData->getValue()); return $session; }