ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilCtrlTokenRepository.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
26class ilCtrlTokenRepository implements ilCtrlTokenRepositoryInterface
27{
31 public function getToken(): ilCtrlTokenInterface
32 {
33 $token = $this->fetchToken() ?? $this->generateToken();
34
35 $this->storeToken($token);
36
37 return $token;
38 }
39
45 protected function fetchToken(): ?ilCtrlTokenInterface
46 {
47 if (ilSession::has(ilCtrlInterface::PARAM_CSRF_TOKEN)) {
48 return unserialize(ilSession::get(ilCtrlInterface::PARAM_CSRF_TOKEN), [ilCtrlTokenInterface::class]);
49 }
50
51 return null;
52 }
53
59 protected function storeToken(ilCtrlTokenInterface $token): void
60 {
61 ilSession::set(ilCtrlInterface::PARAM_CSRF_TOKEN, serialize($token));
62 }
63
69 protected function generateToken(): ilCtrlTokenInterface
70 {
71 // random_bytes() is cryptographically secure but
72 // depends on the system it's running on. If the
73 // generation fails, we use a less secure option
74 // that is available for sure.
75
76 try {
77 $token = bin2hex(random_bytes(32));
78 } catch (Throwable $t) {
79 $token = md5(uniqid((string) time(), true));
80 }
81
82 return new ilCtrlToken($token);
83 }
84}
ilCtrlTokenRepository
Class ilCtrlTokenRepository.
Definition: class.ilCtrlTokenRepository.php:27
ilCtrlTokenRepository\fetchToken
fetchToken()
Returns the currently stored token from the session.
Definition: class.ilCtrlTokenRepository.php:45
ilCtrlTokenRepository\storeToken
storeToken(ilCtrlTokenInterface $token)
Stores the given token in the curren session.
Definition: class.ilCtrlTokenRepository.php:59
ilCtrlTokenRepository\generateToken
generateToken()
Returns a cryptographically secure token.
Definition: class.ilCtrlTokenRepository.php:69
ilCtrlToken
Class ilCtrlToken is responsible for generating and storing unique CSRF tokens.
Definition: class.ilCtrlToken.php:28
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:388
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:380
ilSession\has
static has($a_var)
Definition: class.ilSession.php:393
ilCtrlInterface\PARAM_CSRF_TOKEN
const PARAM_CSRF_TOKEN
$_GET request parameter names, used throughout ilCtrl.
Definition: interface.ilCtrlInterface.php:37
ilCtrlTokenInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlTokenInterface.php:25
ilCtrlTokenRepositoryInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlTokenRepositoryInterface.php:25
$token
$token
Definition: xapitoken.php:70