/** * Get a new session ID that isn't assigned to any current session. * * @return string */ public function id() { $session = array(); // We'll containue generating random IDs until we find an ID that is // not currently assigned to a session. This is almost definitely // going to happen on the first iteration. do { $session = $this->load($id = Str::random(40)); } while (!is_null($session)); return $id; }
public static function set_app_key($arguments = array()) { $key = Str::random(array_get($arguments, 0, 32)); // Set application config file key $config_path = path('app') . 'config' . DS . 'application' . EXT; $config = File::get($config_path); $newConfig = str_replace("'key' => '',", "'key' => '{$key}',", $config, $count); if (isset($newConfig) and $newConfig != '') { if ($count > 0) { File::put($config_path, $newConfig); Log::info('App configuration updated with secure key'); } } else { Log::error('App configuration secure was not updated with secure key. A key already exists.'); } }
/** * Get a new session ID that isn't assigned to any current session. * * @return string */ public function id() { $session = array(); // If the driver is an instance of the Cookie driver, we are able to // just return any string since the Cookie driver has no real idea // of a server side persisted session with an ID. if ($this instanceof Cookie) { return Str::random(40); } // We'll continue generating random IDs until we find an ID that is // not currently assigned to a session. This is almost definitely // going to happen on the first iteration. do { $session = $this->load($id = Str::random(40)); } while (!is_null($session)); return $id; }
/** * Generate a random key for the application. * * @param array $arguments * @return void */ public function generate($arguments = array()) { // By default the Crypter class uses AES-256 encryption which uses // a 32 byte input vector, so that is the length of string we will // generate for the application token unless another length is // specified through the CLI. $key = Str::random(array_get($arguments, 0, 32)); $config = File::get($this->path); $config = str_replace("'key' => '',", "'key' => '{$key}',", $config, $count); File::put($this->path, $config); if ($count > 0) { echo "Configuration updated with secure key!"; } else { echo "An application key already exists!"; } echo PHP_EOL; }
/** * Load the session for the current request. * * @param string $id * @return void */ public function load($id) { if (!is_null($id)) { $this->session = $this->driver->load($id); } // If the session doesn't exist or is invalid we will create a new session // array and mark the session as being non-existent. Some drivers, such as // the database driver, need to know whether it exists. if (is_null($this->session) or static::expired($this->session)) { $this->exists = false; $this->session = $this->driver->fresh(); } // A CSRF token is stored in every session. The token is used by the Form // class and the "csrf" filter to protect the application from cross-site // request forgery attacks. The token is simply a random string. if (!$this->has(Session::csrf_token)) { $this->put(Session::csrf_token, Str::random(40)); } }
/** * Test the Auth::recall method. * * @group laravel */ public function testUserCanBeRecalledViaCookie() { Session::$instance = new Payload($this->getMock('Laravel\\Session\\Drivers\\Driver')); $cookie = Crypter::encrypt('1|' . Str::random(40)); Cookie::forever('authloginstub_remember', $cookie); $auth = new AuthLoginStub(); $this->assertEquals('Taylor Otwell', $auth->user()->name); $this->assertTrue($auth->user()->id === $_SERVER['auth.login.stub']['user']); }
/** * Store a user's token in a long-lived cookie. * * @param string $token * @return void */ protected function remember($token) { $token = Crypter::encrypt($token . '|' . Str::random(40)); $this->cookie($this->recaller(), $token, Cookie::forever); }
/** * Assign a new, random ID to the session. * * @return void */ public function regenerate() { $this->session['id'] = Str::random(40); $this->exists = false; }
public static function make($value, $rounds = 8) { $work = str_pad($rounds, 2, '0', STR_PAD_LEFT); if (function_exists('openssl_random_pseudo_bytes')) { $salt = openssl_random_pseudo_bytes(16); } else { $salt = Str::random(40); } $salt = substr(strtr(base64_encode($salt), '+', '.'), 0, 22); return crypt($value, '$2a$' . $work . '$' . $salt); }