summaryrefslogtreecommitdiffstats
path: root/common/app/classes/CSRF.php
diff options
context:
space:
mode:
authorNicolas Lécureuil <neoclust@mageia.org>2020-05-17 14:46:00 +0200
committerNicolas Lécureuil <neoclust@mageia.org>2020-05-17 14:46:00 +0200
commite3de9d7dd1331f9718e04cc98e9ca7cfa27cf4aa (patch)
tree336981502f93ceb9fa5ed33ea3b47dcefc5a8402 /common/app/classes/CSRF.php
parentff32e499745367b816d10f25e63ff3328214c32f (diff)
downloadplanet-user/wally/upstream-10-dev.tar
planet-user/wally/upstream-10-dev.tar.gz
planet-user/wally/upstream-10-dev.tar.bz2
planet-user/wally/upstream-10-dev.tar.xz
planet-user/wally/upstream-10-dev.zip
Sync with master of moonmoon ( version 9.0.0-rc)HEADuser/wally/upstream-10-devmaster
Source from https://github.com/Emmafrs/moonmoon/
Diffstat (limited to 'common/app/classes/CSRF.php')
-rw-r--r--common/app/classes/CSRF.php55
1 files changed, 55 insertions, 0 deletions
diff --git a/common/app/classes/CSRF.php b/common/app/classes/CSRF.php
new file mode 100644
index 0000000..9a700cf
--- /dev/null
+++ b/common/app/classes/CSRF.php
@@ -0,0 +1,55 @@
+<?php
+
+class CSRF
+{
+ /** @var string */
+ const HMAC_ALGORITHM = 'sha1';
+
+ /** @var string */
+ const SESSION_KEY_NAME = '_csrf_key';
+
+ /**
+ * Ensure that a CSRF token is valid for a given action.
+ *
+ * @param string $token
+ * @param string $action
+ * @return bool
+ */
+ public static function verify($token = '', $action = null)
+ {
+ if (!is_string($token) || !is_string($action)) {
+ return false;
+ }
+
+ $known = self::generate($action);
+ return hash_equals($known, $token);
+ }
+
+ /**
+ * Generate a CSRF token for a given action.
+ *
+ * @param string $action
+ * @throws InvalidArgumentException
+ * @return string
+ */
+ public static function generate($action = null)
+ {
+ if (!is_string($action)) {
+ throw new InvalidArgumentException('A valid action must be defined.');
+ }
+ return hash_hmac(self::HMAC_ALGORITHM, $action, self::getKey());
+ }
+
+ /**
+ * Get HMAC key.
+ *
+ * @return string
+ */
+ public static function getKey()
+ {
+ if (empty($_SESSION[self::SESSION_KEY_NAME])) {
+ $_SESSION[self::SESSION_KEY_NAME] = random_bytes(16);
+ }
+ return $_SESSION[self::SESSION_KEY_NAME];
+ }
+}