public static function same(Entity $page, array $data, $strict = true) { if (Str::equals($page->link, $data['link'])) { return true; } return $strict ? false : Str::equals($page->title, $data['title']) || $page->annotation && Str::equals($page->annotation, @$data['annotation']); }
/** * Determine if the session and input CSRF tokens match. * * @param \Illuminate\Http\Request $request * @return bool */ protected function tokensMatch($request) { $token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN'); if (!$token && ($header = $request->header('X-XSRF-TOKEN'))) { $token = $this->encrypter->decrypt($header); } return Str::equals($request->session()->token(), $token); }
/** * 由于系统默认的get请求不支持验证csrf,所以这里手动的来验证 */ public function tokensMatch() { $token = Session::token(); $header = Request::header('X-XSRF-TOKEN'); $match = Str::equals($token, Request::input('_token')) || $header && Str::equals($token, $header); if (!$match) { throw new TokenMismatchException(); } }
protected function tokensMatch($request) { // Don't validate CSRF when testing. if (env('APP_ENV') === 'testing') { return true; } Log::info('Request: ' . implode(',', $request->all())); $token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN'); Log::info('Sent token 1: ' . $token); if (!$token && ($header = $request->header('X-XSRF-TOKEN'))) { $token = $this->encrypter->decrypt($header); } Log::info('Sent token 2: ' . $token); Log::info('Stored token: ' . $request->session()->token()); return Str::equals($request->session()->token(), $token); //return parent::tokensMatch($request); }
/** * @param SessionInterface $session * @param Request $request */ private function preRequestHandle(SessionInterface $session, Request $request) { $id = $request->cookie($this->key); $key = 'session:' . $id; if (!Str::equals($key, $session->getId())) { $this->redis->del($key); return; } $value = $this->redis->get('session:' . $key); $content = Json::parse($value); if ($content['last_seen'] > $session->get('last_seen')) { foreach ($content as $key => $value) { if (!Str::startsWith($key, ['_', 'login_'])) { $session->set($key, $value); } } } }
/** * Handles the request made to StyleCI by the GitHub API. * * @return \Illuminate\Http\JsonResponse */ public function handle() { $class = 'StyleCI\\StyleCI\\Events\\Repo\\GitHub\\GitHub' . ucfirst(camel_case(Request::header('X-GitHub-Event'))) . 'Event'; if (!class_exists($class)) { throw new BadRequestHttpException('Event not supported.'); } $data = Request::input(); $repo = Repo::find($data['repository']['id']); if (!$repo) { throw new BadRequestHttpException('Request integrity validation failed.'); } list($algo, $sig) = explode('=', Request::header('X-Hub-Signature')); $hash = hash_hmac($algo, Request::getContent(), $repo->token); if (!Str::equals($hash, $sig)) { throw new BadRequestHttpException('Request integrity validation failed.'); } event(new $class($repo, $data)); return new JsonResponse(['message' => 'Event successfully received.']); }
public function getUserByResetCode(array $data) { $user = $this->userRepo->getUserByEmail($data['email']); if (!$user) { return null; } $passwordResetToken = $user->passwordResetToken; if (!$passwordResetToken) { return null; } if (!$passwordResetToken->isActive()) { $passwordResetToken->delete(); return null; } if (!Str::equals($passwordResetToken->getDecryptedCode(), $data['code'])) { return null; } if ($user->email !== $passwordResetToken->email) { $passwordResetToken->delete(); return null; } return $user; }
/** * Compares two strings using a constant-time algorithm. * * Note: This method will leak length information. * * Note: Adapted from Symfony\Component\Security\Core\Util\StringUtils. * * @param string $knownString * @param string $userInput * * @return bool */ function str_equal($knownString, $userInput) { return \Illuminate\Support\Str::equals($knownString, $userInput); }
/** * Determine if the MAC for the given payload is valid. * * @param array $payload * @return bool * * @throws \RuntimeException */ protected function validMac(array $payload) { $bytes = random_bytes(16); $calcMac = hash_hmac('sha256', $this->hash($payload['iv'], $payload['value']), $bytes, true); return Str::equals(hash_hmac('sha256', $payload['mac'], $bytes, true), $calcMac); }
/** * Determine if the string equals the given input. * * @param string $input * @return bool */ public function equals($input) { return Str::equals($this->string, $input); }