CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
setCsrfTokenSeed example
ksort($actual_stream_order, SORT_NUMERIC);
$this->assertEquals($expected_stream_order, array_values($actual_stream_order));
}
/** * Ensures CSRF tokens can be generated for the current user's session. */
protected function setCsrfTokenSeedInTestEnvironment() {
$session_data = $this->container->get('session_handler.write_safe')->read($this->getSession()->getCookie($this->getSessionName()));
$csrf_token_seed = unserialize(explode('_sf2_meta|', $session_data)[1])['s'];
$this->container->get('session_manager.metadata_bag')->setCsrfTokenSeed($csrf_token_seed);
}
/** * @return \Drupal\big_pipe_test\BigPipePlaceholderTestCase[] */
protected function getTestCases($has_session = TRUE) {
return BigPipePlaceholderTestCases::cases($this->container, $this->rootUser);
}
/** * Asserts whether arrays A and B are equal, when treated as sets. * * @todo This method is broken. Fix it in * https://www.drupal.org/project/drupal/issues/3144926 * * @internal */
/**
* @coversDefaultClass \Drupal\Core\Session\MetadataBag
* @group Session
*/
class MetadataBagTest extends UnitTestCase {
/** * @covers ::stampNew */
public function testStampNew() {
$metadata = new MetadataBag(new Settings([]));
$metadata->setCsrfTokenSeed('a_cryptographically_secure_long_random_string_should_used_here');
$metadata->stampNew();
$this->assertNotEquals('a_cryptographically_secure_long_random_string_should_used_here', $metadata->getCsrfTokenSeed());
}
}
class MetadataBagTest extends UnitTestCase {
/** * @covers ::stampNew */
public function testStampNew() {
$metadata = new MetadataBag(new Settings([]));
$metadata->setCsrfTokenSeed('a_cryptographically_secure_long_random_string_should_used_here');
$metadata->stampNew();
$this->assertNotEquals('a_cryptographically_secure_long_random_string_should_used_here', $metadata->getCsrfTokenSeed());
}
}
trait SynchronizeCsrfTokenSeedTrait {
/** * {@inheritdoc} */
protected function drupalLogin(AccountInterface $account) {
parent::drupalLogin($account);
$session_data = $this->container->get('session_handler.write_safe')->read($this->getSession()->getCookie($this->getSessionName()));
$csrf_token_seed = unserialize(explode('_sf2_meta|', $session_data)[1])['s'];
$this->container->get('session_manager.metadata_bag')->setCsrfTokenSeed($csrf_token_seed);
}
/** * {@inheritdoc} */
protected function rebuildContainer() {
parent::rebuildContainer();
// Ensure that the CSRF token seed is reset on container rebuild. if ($this->loggedInUser) {
$current_user = $this->loggedInUser;
/**
* {@inheritdoc}
*
* phpcs:ignore Drupal.Commenting.FunctionComment.VoidReturn
* @return void
*/
public function stampNew($lifetime = NULL) {
parent::stampNew($lifetime);
// Set the token seed immediately to avoid a race condition between two // simultaneous requests without a seed. $this->setCsrfTokenSeed(Crypt::randomBytesBase64());
}
}
public function stampNew($lifetime = NULL) {
parent::stampNew($lifetime);
// Set the token seed immediately to avoid a race condition between two // simultaneous requests without a seed. $this->setCsrfTokenSeed(Crypt::randomBytesBase64());
}
}
public function get($value = '') {
$seed = $this->sessionMetadata->getCsrfTokenSeed();
if (empty($seed)) {
$seed = Crypt::randomBytesBase64();
$this->sessionMetadata->setCsrfTokenSeed($seed);
}
return $this->computeToken($seed, $value);
}
/** * Validates a token based on $value, the user session, and the private key. * * @param string $token * The token to be validated. * @param string $value * (optional) An additional value to base the token on. * * @return bool * TRUE for a valid token, FALSE for an invalid token. */