SimpleSAML\Auth\TimeLimitedToken Class Reference

A class that generates and verifies time-limited tokens. More...

Collaboration diagram for SimpleSAML\Auth\TimeLimitedToken:

Public Member Functions
	__construct ($lifetime=900, $secretSalt=null, $skew=1, $algo='sha1')
	Create a new time-limited token. More...
	addVerificationData ($data)
	Add some given data to the current token. More...
	generate ()
	Generates a token that contains an offset and a token value, using the current offset. More...
	generate_token ()
	validate ($token)
	Validates a token by calculating the token value for the provided offset and comparing it. More...
	validate_token ($token)

Protected Attributes
	$secretSalt
	$lifetime
	$skew
	$algo

Private Member Functions
	calculateTokenValue ($offset, $time=null)
	Calculates a token value for a given offset. More...

Detailed Description

A class that generates and verifies time-limited tokens.

Definition at line 8 of file TimeLimitedToken.php.

Constructor & Destructor Documentation

__construct()

SimpleSAML\Auth\TimeLimitedToken::__construct	(		$lifetime = 900,
			$secretSalt = null,
			$skew = 1,
			$algo = 'sha1'
	)

Create a new time-limited token.

Please note that the default algorithm will change in SSP 1.15.0 to SHA-256 instead of SHA-1.

Parameters

int	$lifetime	Token lifetime in seconds. Defaults to 900 (15 min).
string	$secretSalt	A random and unique salt per installation. Defaults to the salt in the configuration.
int	$skew	The allowed time skew (in seconds) to correct clock deviations. Defaults to 1 second.
string	$algo	The hash algorithm to use to generate the tokens. Defaults to SHA-1.

Exceptions

Definition at line 44 of file TimeLimitedToken.php.

References SimpleSAML\Auth\TimeLimitedToken\$algo, SimpleSAML\Auth\TimeLimitedToken\$lifetime, SimpleSAML\Auth\TimeLimitedToken\$secretSalt, SimpleSAML\Auth\TimeLimitedToken\$skew, and SimpleSAML\Utils\Config\getSecretSalt().

    {
        if ($secretSalt === null) {
            $secretSalt = \SimpleSAML\Utils\Config::getSecretSalt();
        }

        if (!in_array($algo, hash_algos(), true)) {
            throw new \InvalidArgumentException('Invalid hash algorithm "'.$algo.'"');
        }

        $this->secretSalt = $secretSalt;
        $this->lifetime = $lifetime;
        $this->skew = $skew;
        $this->algo = $algo;
    }

Here is the call graph for this function:

Member Function Documentation

addVerificationData()

SimpleSAML\Auth\TimeLimitedToken::addVerificationData

(

$data

)

Add some given data to the current token.

This data will be needed later too for token validation.

This mechanism can be used to provide context for a token, such as a user identifier of the only subject authorised to use it. Note also that multiple data can be added to the token. This means that upon validation, not only the same data must be added, but also in the same order.

Parameters

string

$data

The data to incorporate into the current token.

Definition at line 70 of file TimeLimitedToken.php.

    {
        $this->secretSalt .= '|'.$data;
    }

calculateTokenValue()

SimpleSAML\Auth\TimeLimitedToken::calculateTokenValue (   $offset,   $time = null  )

private

Calculates a token value for a given offset.

Parameters

int	$offset	The offset to use.
int | null	$time	The time stamp to which the offset is relative to. Defaults to the current time.

Returns

string The token for the given time and offset.

Definition at line 84 of file TimeLimitedToken.php.

References $time, GuzzleHttp\Psr7\hash(), and time.

Referenced by SimpleSAML\Auth\TimeLimitedToken\generate(), and SimpleSAML\Auth\TimeLimitedToken\validate().

    {
        if ($time === null) {
            $time = time();
        }
        // a secret salt that should be randomly generated for each installation
        return hash(
            $this->algo,
            $offset.':'.floor(($time - $offset) / ($this->lifetime + $this->skew)).':'.$this->secretSalt
        );
    }

Here is the call graph for this function:

Here is the caller graph for this function:

generate()

SimpleSAML\Auth\TimeLimitedToken::generate

(

)

Generates a token that contains an offset and a token value, using the current offset.

Returns

string A time-limited token with the offset respect to the beginning of its time slot prepended.

Definition at line 102 of file TimeLimitedToken.php.

References SimpleSAML\Auth\TimeLimitedToken\$skew, $time, SimpleSAML\Auth\TimeLimitedToken\calculateTokenValue(), and time.

Referenced by SimpleSAML\Auth\TimeLimitedToken\generate_token().

    {
        $time = time();
        $current_offset = ($time - $this->skew) % ($this->lifetime + $this->skew);
        return dechex($current_offset).'-'.$this->calculateTokenValue($current_offset, $time);
    }

Here is the call graph for this function:

Here is the caller graph for this function:

generate_token()

SimpleSAML\Auth\TimeLimitedToken::generate_token

(

)

See also

generate

Deprecated:

This method will be removed in SSP 2.0. Use generate() instead.

Definition at line 114 of file TimeLimitedToken.php.

References SimpleSAML\Auth\TimeLimitedToken\generate().

    {
        return $this->generate();
    }

Here is the call graph for this function:

validate()

SimpleSAML\Auth\TimeLimitedToken::validate

(

$token

)

Validates a token by calculating the token value for the provided offset and comparing it.

Parameters

string

$token

The token to validate.

Returns

boolean True if the given token is currently valid, false otherwise.

Definition at line 127 of file TimeLimitedToken.php.

References SimpleSAML\Auth\TimeLimitedToken\calculateTokenValue().

Referenced by SimpleSAML\Auth\TimeLimitedToken\validate_token().

    {
        $splittoken = explode('-', $token);
        if (count($splittoken) !== 2) {
            return false;
        }
        $offset = intval(hexdec($splittoken[0]));
        $value = $splittoken[1];
        return ($this->calculateTokenValue($offset) === $value);
    }

Here is the call graph for this function:

Here is the caller graph for this function:

validate_token()

SimpleSAML\Auth\TimeLimitedToken::validate_token

(

$token

)

See also

validate

Deprecated:

This method will be removed in SSP 2.0. Use validate() instead.

Definition at line 143 of file TimeLimitedToken.php.

References SimpleSAML\Auth\TimeLimitedToken\validate().

    {
        return $this->validate($token);
    }

Here is the call graph for this function:

Field Documentation

$algo

SimpleSAML\Auth\TimeLimitedToken::$algo

protected

Definition at line 29 of file TimeLimitedToken.php.

Referenced by SimpleSAML\Auth\TimeLimitedToken\__construct().

$lifetime

SimpleSAML\Auth\TimeLimitedToken::$lifetime

protected

Definition at line 19 of file TimeLimitedToken.php.

Referenced by SimpleSAML\Auth\TimeLimitedToken\__construct().

$secretSalt

SimpleSAML\Auth\TimeLimitedToken::$secretSalt

protected

Definition at line 14 of file TimeLimitedToken.php.

Referenced by SimpleSAML\Auth\TimeLimitedToken\__construct().

$skew

SimpleSAML\Auth\TimeLimitedToken::$skew

protected

Definition at line 24 of file TimeLimitedToken.php.

Referenced by SimpleSAML\Auth\TimeLimitedToken\__construct(), and SimpleSAML\Auth\TimeLimitedToken\generate().

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/simplesamlphp/simplesamlphp/lib/SimpleSAML/Auth/TimeLimitedToken.php