/** * Tests that a new token seed is generated upon first use. * * @covers ::get */ public function testGenerateSeedOnGet() { $key = Crypt::randomBytesBase64(); $this->privateKey->expects($this->any())->method('get')->will($this->returnValue($key)); $this->sessionMetadata->expects($this->once())->method('getCsrfTokenSeed')->will($this->returnValue(NULL)); $this->sessionMetadata->expects($this->once())->method('setCsrfTokenSeed')->with($this->isType('string')); $this->assertInternalType('string', $this->generator->get()); }
/** * Validates a token based on $value, the user session, and the private key. * * @param string $token * The token to be validated. * @param string $value * (optional) An additional value to base the token on. * * @return bool * TRUE for a valid token, FALSE for an invalid token. */ public function validate($token, $value = '') { $seed = $this->sessionMetadata->getCsrfTokenSeed(); if (empty($seed)) { return FALSE; } return $token === $this->computeToken($seed, $value); }