df/dc5/class_8ilCtrlTokenRepository_8php_source.html

<?php


declare(strict_types=1);


/* Copyright (c) 2021 Thibeau Fuhrer <thf@studer-raimann.ch> Extended GPL, see docs/LICENSE */


class ilCtrlTokenRepository implements ilCtrlTokenRepositoryInterface

{

    public function getToken(): ilCtrlTokenInterface

    {

        $token = $this->fetchToken() ?? $this->generateToken();


        $this->storeToken($token);


        return $token;

    }


    protected function fetchToken(): ?ilCtrlTokenInterface

    {

        if (ilSession::has(ilCtrlInterface::PARAM_CSRF_TOKEN)) {

            return unserialize(ilSession::get(ilCtrlInterface::PARAM_CSRF_TOKEN), [ilCtrlTokenInterface::class]);

        }


        return null;

    }


    protected function storeToken(ilCtrlTokenInterface $token): void

    {

        ilSession::set(ilCtrlInterface::PARAM_CSRF_TOKEN, serialize($token));

    }


    protected function generateToken(): ilCtrlTokenInterface

    {

        // random_bytes() is cryptographically secure but

        // depends on the system it's running on. If the

        // generation fails, we use a less secure option

        // that is available for sure.


        try {

            $token = bin2hex(random_bytes(32));

        } catch (Throwable $t) {

            $token = md5(uniqid((string) time(), true));

        }


        return new ilCtrlToken($token);

    }

}

ilCtrlTokenRepository
Class ilCtrlTokenRepository.
Definition: class.ilCtrlTokenRepository.php:13

ilCtrlTokenRepository\getToken
getToken()
@inheritDoc
Definition: class.ilCtrlTokenRepository.php:17

ilCtrlTokenRepository\fetchToken
fetchToken()
Returns the currently stored token from the session.
Definition: class.ilCtrlTokenRepository.php:31

ilCtrlTokenRepository\storeToken
storeToken(ilCtrlTokenInterface $token)
Stores the given token in the curren session.
Definition: class.ilCtrlTokenRepository.php:45

ilCtrlTokenRepository\generateToken
generateToken()
Returns a cryptographically secure token.
Definition: class.ilCtrlTokenRepository.php:55

ilCtrlToken
Class ilCtrlToken is responsible for generating and storing unique CSRF tokens.
Definition: class.ilCtrlToken.php:14

ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:459

ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:451

ilSession\has
static has($a_var)
Definition: class.ilSession.php:464

ilCtrlInterface\PARAM_CSRF_TOKEN
const PARAM_CSRF_TOKEN
$_GET request parameter names, used throughout ilCtrl.
Definition: interface.ilCtrlInterface.php:36

ilCtrlTokenInterface
Interface ilCtrlTokenInterface describes an ilCtrl token.
Definition: interface.ilCtrlTokenInterface.php:11

ilCtrlTokenRepositoryInterface
Interface ilCtrlTokenRepositoryInterface describes an ilCtrl token.
Definition: interface.ilCtrlTokenRepositoryInterface.php:11

$token
$token
Definition: xapitoken.php:70