/** * @param string $tokenId * @param string $value * @throws \Exception */ protected function validateCsrfToken($tokenId, $value) { if ($this->csrfTokenManager->isTokenValid(new CsrfToken($tokenId, $value))) { return; } throw new \Exception('Invalid csrf token. Please try again', 1465918041); }
function it_should_refresh_the_value_of_a_token(CsrfTokenManager $tokenManager, CsrfToken $token) { $tokenManager->refreshToken('_csrf_login')->willReturn($token); $this->beConstructedWith($tokenManager); $this->refreshToken('_csrf_login'); $token->getValue()->shouldHaveBeenCalled(); }
public function generateToken($entity) { $className = get_class($entity); if (method_exists($entity, 'getId')) { $entityName = $entity->getId(); } elseif (method_exists($entity, '__toString')) { $entityName = $entity->__toString(); } else { throw new ObjectDoesNotContainMethods(['getId()', '__toString()']); } return $this->tokenManager->getToken($className . ':' . $entityName)->getValue(); }
public function runTest() { $tokenStorage = new ArrayTokenStorage(); $crsfTokenManager = new CsrfTokenManager(null, $tokenStorage); $token = $crsfTokenManager->getToken("montest"); if ($crsfTokenManager->isTokenValid($token)) { echo "[VALIDATION] OK" . PHP_EOL; } else { echo "[VALIDATION] KO" . PHP_EOL; } echo "Tokens stockés : " . print_r($tokenStorage->all(), true) . PHP_EOL; }
/** * Returns the csrf token for REST. The token is generated if it doesn't exist. * * @return string The csrf token, or an empty string if csrf check is disabled. */ private function getCsrfToken() { if ($this->csrfTokenManager === null) { return ''; } return $this->csrfTokenManager->getToken($this->csrfTokenIntention)->getValue(); }
/** * @param Request $request * * @return bool */ private function hasValidCsrfToken(Request $request) : bool { // @important verify that each AJAX POST request has a valid CSRF token $csrfToken = new CsrfToken($this->formName, $this->formToken); if (!$this->tokenManager->isTokenValid($csrfToken)) { $this->setResponseDetails(403, 'Invalid upload token.'); return false; } return true; }
/** * @param BlockInterface $block * * @return array */ public function getViewParameters(BlockInterface $block) { $authErrorKey = Security::AUTHENTICATION_ERROR; $lastUsernameKey = Security::LAST_USERNAME; // get the error if any (works with forward and redirect -- see below) if ($this->getRequest()->attributes->has($authErrorKey)) { $error = $this->getRequest()->attributes->get($authErrorKey); } elseif (null !== $this->session && $this->session->has($authErrorKey)) { $error = $this->session->get($authErrorKey); $this->session->remove($authErrorKey); } else { $error = null; } if (!$error instanceof AuthenticationException) { $error = null; // The value does not come from the security component. } // last username entered by the user $lastUsername = null === $this->session ? '' : $this->session->get($lastUsernameKey); $csrfToken = $this->csrfTokenManager->getToken('authenticate')->getValue(); $parameters = ['block_service' => $this, 'block' => $block, 'last_username' => $lastUsername, 'error' => $error, 'csrf_token' => $csrfToken]; return $parameters; }
/** * Get and set an upload token for this upload form. * * @param FormView $view * @param FormInterface $form * @param array $options */ public function finishView(FormView $view, FormInterface $form, array $options) { parent::finishView($view, $form, $options); /* * Dump the last index (key) of attachment collection array into the view so we can * add new items without accidentally overriding already existing ones */ $data = $form->getData(); end($data); $key = key($data); $view->vars['attachment_index'] = $key; // dump the form's csrf token into the view $token = $this->tokenManager->getToken($view->vars['full_name']); $view->vars['_file_upload_token'] = $token->getValue(); }
/** * @param string $tokenId */ public function removeToken($tokenId) { $this->tokenManager->removeToken($tokenId); }
public function testRemoveToken() { $this->storage->expects($this->once())->method('removeToken')->with('token_id')->will($this->returnValue('REMOVED_TOKEN')); $this->assertSame('REMOVED_TOKEN', $this->manager->removeToken('token_id')); }
public function testToken() { $app = $this->getApp(); $handler = new UserHandler($app); $tokenManager = new CsrfTokenManager(null, new SessionTokenStorage(new Session(new MockArraySessionStorage()))); $app['csrf'] = $tokenManager; $token = $tokenManager->refreshToken('bolt'); $this->assertSame($token->getValue(), $handler->token()->getValue()); }