CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
derandomize example
// Protects POST, PUT, DELETE, PATCH
$method = strtoupper($request->getMethod());
$methodsToProtect = ['POST', 'PUT', 'DELETE', 'PATCH'];
if (! in_array($method, $methodsToProtect, true)) {
return $this;
}
$postedToken = $this->getPostedToken($request);
try {
$token = ($postedToken !== null && $this->config->tokenRandomize)
? $this->derandomize($postedToken) : $postedToken;
} catch (InvalidArgumentException $e) {
$token = null;
}
// Do the tokens match? if (! isset($token, $this->hash) || ! hash_equals($this->hash, $token)) {
throw SecurityException::forDisallowedAction();
}
$this->removeTokenInRequest($request);
$methodsToProtect = ['POST', 'PUT', 'DELETE', 'PATCH'];
if (! in_array($method, $methodsToProtect, true)) {
return $this;
}
$postedToken = $this->getPostedToken($request);
try {
$token = ($postedToken !== null && $this->config->tokenRandomize)
? $this->derandomize($postedToken) : $postedToken;
} catch (InvalidArgumentException $e) {
$token = null;
}
// Do the tokens match? if (! isset($token, $this->hash) || ! hash_equals($this->hash, $token)) {
throw SecurityException::forDisallowedAction();
}
$this->removeTokenInRequest($request);
return $this->storage->removeToken($this->getNamespace().$tokenId);
}
public function isTokenValid(CsrfToken $token): bool
{
$namespacedId = $this->getNamespace().$token->getId();
if (!$this->storage->hasToken($namespacedId)) {
return false;
}
return hash_equals($this->storage->getToken($namespacedId), $this->derandomize($token->getValue()));
}
private function getNamespace(): string
{
return \is_callable($ns = $this->namespace) ? $ns() : $ns;
}
private function randomize(string $value): string
{
$key = random_bytes(32);
$value = $this->xor($value, $key);