/**
* Get a new session ID that isn't assigned to any current session.
*
* @return string
*/
public function id()
{
$session = array();
// We'll containue generating random IDs until we find an ID that is
// not currently assigned to a session. This is almost definitely
// going to happen on the first iteration.
do {
$session = $this->load($id = Str::random(40));
} while (!is_null($session));
return $id;
}
public static function set_app_key($arguments = array())
{
$key = Str::random(array_get($arguments, 0, 32));
// Set application config file key
$config_path = path('app') . 'config' . DS . 'application' . EXT;
$config = File::get($config_path);
$newConfig = str_replace("'key' => '',", "'key' => '{$key}',", $config, $count);
if (isset($newConfig) and $newConfig != '') {
if ($count > 0) {
File::put($config_path, $newConfig);
Log::info('App configuration updated with secure key');
}
} else {
Log::error('App configuration secure was not updated with secure key. A key already exists.');
}
}
/**
* Get a new session ID that isn't assigned to any current session.
*
* @return string
*/
public function id()
{
$session = array();
// If the driver is an instance of the Cookie driver, we are able to
// just return any string since the Cookie driver has no real idea
// of a server side persisted session with an ID.
if ($this instanceof Cookie) {
return Str::random(40);
}
// We'll continue generating random IDs until we find an ID that is
// not currently assigned to a session. This is almost definitely
// going to happen on the first iteration.
do {
$session = $this->load($id = Str::random(40));
} while (!is_null($session));
return $id;
}
/**
* Generate a random key for the application.
*
* @param array $arguments
* @return void
*/
public function generate($arguments = array())
{
// By default the Crypter class uses AES-256 encryption which uses
// a 32 byte input vector, so that is the length of string we will
// generate for the application token unless another length is
// specified through the CLI.
$key = Str::random(array_get($arguments, 0, 32));
$config = File::get($this->path);
$config = str_replace("'key' => '',", "'key' => '{$key}',", $config, $count);
File::put($this->path, $config);
if ($count > 0) {
echo "Configuration updated with secure key!";
} else {
echo "An application key already exists!";
}
echo PHP_EOL;
}
/**
* Load the session for the current request.
*
* @param string $id
* @return void
*/
public function load($id)
{
if (!is_null($id)) {
$this->session = $this->driver->load($id);
}
// If the session doesn't exist or is invalid we will create a new session
// array and mark the session as being non-existent. Some drivers, such as
// the database driver, need to know whether it exists.
if (is_null($this->session) or static::expired($this->session)) {
$this->exists = false;
$this->session = $this->driver->fresh();
}
// A CSRF token is stored in every session. The token is used by the Form
// class and the "csrf" filter to protect the application from cross-site
// request forgery attacks. The token is simply a random string.
if (!$this->has(Session::csrf_token)) {
$this->put(Session::csrf_token, Str::random(40));
}
}
/**
* Test the Auth::recall method.
*
* @group laravel
*/
public function testUserCanBeRecalledViaCookie()
{
Session::$instance = new Payload($this->getMock('Laravel\\Session\\Drivers\\Driver'));
$cookie = Crypter::encrypt('1|' . Str::random(40));
Cookie::forever('authloginstub_remember', $cookie);
$auth = new AuthLoginStub();
$this->assertEquals('Taylor Otwell', $auth->user()->name);
$this->assertTrue($auth->user()->id === $_SERVER['auth.login.stub']['user']);
}
/**
* Store a user's token in a long-lived cookie.
*
* @param string $token
* @return void
*/
protected function remember($token)
{
$token = Crypter::encrypt($token . '|' . Str::random(40));
$this->cookie($this->recaller(), $token, Cookie::forever);
}
/**
* Assign a new, random ID to the session.
*
* @return void
*/
public function regenerate()
{
$this->session['id'] = Str::random(40);
$this->exists = false;
}
public static function make($value, $rounds = 8)
{
$work = str_pad($rounds, 2, '0', STR_PAD_LEFT);
if (function_exists('openssl_random_pseudo_bytes')) {
$salt = openssl_random_pseudo_bytes(16);
} else {
$salt = Str::random(40);
}
$salt = substr(strtr(base64_encode($salt), '+', '.'), 0, 22);
return crypt($value, '$2a$' . $work . '$' . $salt);
}
