df/dc5/class_8ilCtrlTokenRepository_8php_source.html

 <?php

 declare(strict_types=1);

 /* Copyright (c) 2021 Thibeau Fuhrer <thf@studer-raimann.ch> Extended GPL, see docs/LICENSE */

 class ilCtrlTokenRepository implements ilCtrlTokenRepositoryInterface
 {
     public function getToken(): ilCtrlTokenInterface
     {
         $token = $this->fetchToken() ?? $this->generateToken();

         $this->storeToken($token);

         return $token;
     }

     protected function fetchToken(): ?ilCtrlTokenInterface
     {
         if (ilSession::has(ilCtrlInterface::PARAM_CSRF_TOKEN)) {
             return unserialize(ilSession::get(ilCtrlInterface::PARAM_CSRF_TOKEN), [ilCtrlTokenInterface::class]);
         }

         return null;
     }

     protected function storeToken(ilCtrlTokenInterface $token): void
     {
         ilSession::set(ilCtrlInterface::PARAM_CSRF_TOKEN, serialize($token));
     }

     protected function generateToken(): ilCtrlTokenInterface
     {
         // random_bytes() is cryptographically secure but
         // depends on the system it's running on. If the
         // generation fails, we use a less secure option
         // that is available for sure.

         try {
             $token = bin2hex(random_bytes(32));
         } catch (Throwable $t) {
             $token = md5(uniqid((string) time(), true));
         }

         return new ilCtrlToken($token);
     }
 }
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:459

ilCtrlTokenRepository\fetchToken
fetchToken()
Returns the currently stored token from the session.
Definition: class.ilCtrlTokenRepository.php:31

ilCtrlInterface\PARAM_CSRF_TOKEN
const PARAM_CSRF_TOKEN
$_GET request parameter names, used throughout ilCtrl.
Definition: interface.ilCtrlInterface.php:36

ilCtrlTokenRepository\getToken
getToken()
Definition: class.ilCtrlTokenRepository.php:17

ilCtrlTokenRepository\storeToken
storeToken(ilCtrlTokenInterface $token)
Stores the given token in the curren session.
Definition: class.ilCtrlTokenRepository.php:45

ilCtrlTokenRepositoryInterface
Interface ilCtrlTokenRepositoryInterface describes an ilCtrl token.
Definition: interface.ilCtrlTokenRepositoryInterface.php:10

ilCtrlToken
Class ilCtrlToken is responsible for generating and storing unique CSRF tokens.
Definition: class.ilCtrlToken.php:13

$token
$token
Definition: xapitoken.php:70

ilSession\has
static has($a_var)
Definition: class.ilSession.php:464

ilCtrlTokenRepository
Class ilCtrlTokenRepository.
Definition: class.ilCtrlTokenRepository.php:12

ilCtrlTokenInterface
Interface ilCtrlTokenInterface describes an ilCtrl token.
Definition: interface.ilCtrlTokenInterface.php:10

ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:451

ilCtrlTokenRepository\generateToken
generateToken()
Returns a cryptographically secure token.
Definition: class.ilCtrlTokenRepository.php:55

Throwable