ILIAS  trunk Revision v11.0_alpha-1689-g66c127b4ae8
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilCtrlTokenRepository.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
26 class ilCtrlTokenRepository implements ilCtrlTokenRepositoryInterface
27 {
31  public function getToken(): ilCtrlTokenInterface
32  {
33  $token = $this->fetchToken() ?? $this->generateToken();
34 
35  $this->storeToken($token);
36 
37  return $token;
38  }
39 
45  protected function fetchToken(): ?ilCtrlTokenInterface
46  {
47  if (ilSession::has(ilCtrlInterface::PARAM_CSRF_TOKEN)) {
48  return unserialize(ilSession::get(ilCtrlInterface::PARAM_CSRF_TOKEN), [ilCtrlTokenInterface::class]);
49  }
50 
51  return null;
52  }
53 
59  protected function storeToken(ilCtrlTokenInterface $token): void
60  {
61  ilSession::set(ilCtrlInterface::PARAM_CSRF_TOKEN, serialize($token));
62  }
63 
69  protected function generateToken(): ilCtrlTokenInterface
70  {
71  // random_bytes() is cryptographically secure but
72  // depends on the system it's running on. If the
73  // generation fails, we use a less secure option
74  // that is available for sure.
75 
76  try {
77  $token = bin2hex(random_bytes(32));
78  } catch (Throwable $t) {
79  $token = md5(uniqid((string) time(), true));
80  }
81 
82  return new ilCtrlToken($token);
83  }
84 }
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:401
ilCtrlTokenRepository\fetchToken
fetchToken()
Returns the currently stored token from the session.
Definition: class.ilCtrlTokenRepository.php:45
ilCtrlInterface\PARAM_CSRF_TOKEN
const PARAM_CSRF_TOKEN
$_GET request parameter names, used throughout ilCtrl.
Definition: interface.ilCtrlInterface.php:37
ilCtrlTokenRepository\storeToken
storeToken(ilCtrlTokenInterface $token)
Stores the given token in the curren session.
Definition: class.ilCtrlTokenRepository.php:59
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ilCtrlTokenRepositoryInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlTokenRepositoryInterface.php:24
ilCtrlToken
Class ilCtrlToken is responsible for generating and storing unique CSRF tokens.
Definition: class.ilCtrlToken.php:27
$token
$token
Definition: xapitoken.php:70
ilSession\has
static has($a_var)
Definition: class.ilSession.php:406
ilCtrlTokenRepository
Class ilCtrlTokenRepository.
Definition: class.ilCtrlTokenRepository.php:26
ilCtrlTokenInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlTokenInterface.php:24
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:393
ilCtrlTokenRepository\generateToken
generateToken()
Returns a cryptographically secure token.
Definition: class.ilCtrlTokenRepository.php:69