/**
* @param string $tokenId
* @param string $value
* @throws \Exception
*/
protected function validateCsrfToken($tokenId, $value)
{
if ($this->csrfTokenManager->isTokenValid(new CsrfToken($tokenId, $value))) {
return;
}
throw new \Exception('Invalid csrf token. Please try again', 1465918041);
}
function it_should_refresh_the_value_of_a_token(CsrfTokenManager $tokenManager, CsrfToken $token)
{
$tokenManager->refreshToken('_csrf_login')->willReturn($token);
$this->beConstructedWith($tokenManager);
$this->refreshToken('_csrf_login');
$token->getValue()->shouldHaveBeenCalled();
}
public function generateToken($entity)
{
$className = get_class($entity);
if (method_exists($entity, 'getId')) {
$entityName = $entity->getId();
} elseif (method_exists($entity, '__toString')) {
$entityName = $entity->__toString();
} else {
throw new ObjectDoesNotContainMethods(['getId()', '__toString()']);
}
return $this->tokenManager->getToken($className . ':' . $entityName)->getValue();
}
public function runTest()
{
$tokenStorage = new ArrayTokenStorage();
$crsfTokenManager = new CsrfTokenManager(null, $tokenStorage);
$token = $crsfTokenManager->getToken("montest");
if ($crsfTokenManager->isTokenValid($token)) {
echo "[VALIDATION] OK" . PHP_EOL;
} else {
echo "[VALIDATION] KO" . PHP_EOL;
}
echo "Tokens stockés : " . print_r($tokenStorage->all(), true) . PHP_EOL;
}
/**
* Returns the csrf token for REST. The token is generated if it doesn't exist.
*
* @return string The csrf token, or an empty string if csrf check is disabled.
*/
private function getCsrfToken()
{
if ($this->csrfTokenManager === null) {
return '';
}
return $this->csrfTokenManager->getToken($this->csrfTokenIntention)->getValue();
}
/**
* @param Request $request
*
* @return bool
*/
private function hasValidCsrfToken(Request $request) : bool
{
// @important verify that each AJAX POST request has a valid CSRF token
$csrfToken = new CsrfToken($this->formName, $this->formToken);
if (!$this->tokenManager->isTokenValid($csrfToken)) {
$this->setResponseDetails(403, 'Invalid upload token.');
return false;
}
return true;
}
/**
* @param BlockInterface $block
*
* @return array
*/
public function getViewParameters(BlockInterface $block)
{
$authErrorKey = Security::AUTHENTICATION_ERROR;
$lastUsernameKey = Security::LAST_USERNAME;
// get the error if any (works with forward and redirect -- see below)
if ($this->getRequest()->attributes->has($authErrorKey)) {
$error = $this->getRequest()->attributes->get($authErrorKey);
} elseif (null !== $this->session && $this->session->has($authErrorKey)) {
$error = $this->session->get($authErrorKey);
$this->session->remove($authErrorKey);
} else {
$error = null;
}
if (!$error instanceof AuthenticationException) {
$error = null;
// The value does not come from the security component.
}
// last username entered by the user
$lastUsername = null === $this->session ? '' : $this->session->get($lastUsernameKey);
$csrfToken = $this->csrfTokenManager->getToken('authenticate')->getValue();
$parameters = ['block_service' => $this, 'block' => $block, 'last_username' => $lastUsername, 'error' => $error, 'csrf_token' => $csrfToken];
return $parameters;
}
/**
* Get and set an upload token for this upload form.
*
* @param FormView $view
* @param FormInterface $form
* @param array $options
*/
public function finishView(FormView $view, FormInterface $form, array $options)
{
parent::finishView($view, $form, $options);
/*
* Dump the last index (key) of attachment collection array into the view so we can
* add new items without accidentally overriding already existing ones
*/
$data = $form->getData();
end($data);
$key = key($data);
$view->vars['attachment_index'] = $key;
// dump the form's csrf token into the view
$token = $this->tokenManager->getToken($view->vars['full_name']);
$view->vars['_file_upload_token'] = $token->getValue();
}
/**
* @param string $tokenId
*/
public function removeToken($tokenId)
{
$this->tokenManager->removeToken($tokenId);
}
public function testRemoveToken()
{
$this->storage->expects($this->once())->method('removeToken')->with('token_id')->will($this->returnValue('REMOVED_TOKEN'));
$this->assertSame('REMOVED_TOKEN', $this->manager->removeToken('token_id'));
}
public function testToken()
{
$app = $this->getApp();
$handler = new UserHandler($app);
$tokenManager = new CsrfTokenManager(null, new SessionTokenStorage(new Session(new MockArraySessionStorage())));
$app['csrf'] = $tokenManager;
$token = $tokenManager->refreshToken('bolt');
$this->assertSame($token->getValue(), $handler->token()->getValue());
}
