setCsrfTokenSeed example


    ksort($actual_stream_order, SORT_NUMERIC);
    $this->assertEquals($expected_stream_orderarray_values($actual_stream_order));
  }

  /** * Ensures CSRF tokens can be generated for the current user's session. */
  protected function setCsrfTokenSeedInTestEnvironment() {
    $session_data = $this->container->get('session_handler.write_safe')->read($this->getSession()->getCookie($this->getSessionName()));
    $csrf_token_seed = unserialize(explode('_sf2_meta|', $session_data)[1])['s'];
    $this->container->get('session_manager.metadata_bag')->setCsrfTokenSeed($csrf_token_seed);
  }

  /** * @return \Drupal\big_pipe_test\BigPipePlaceholderTestCase[] */
  protected function getTestCases($has_session = TRUE) {
    return BigPipePlaceholderTestCases::cases($this->container, $this->rootUser);
  }

  /** * Asserts whether arrays A and B are equal, when treated as sets. * * @todo This method is broken. Fix it in * https://www.drupal.org/project/drupal/issues/3144926 * * @internal */
/** * @coversDefaultClass \Drupal\Core\Session\MetadataBag * @group Session */
class MetadataBagTest extends UnitTestCase {

  /** * @covers ::stampNew */
  public function testStampNew() {
    $metadata = new MetadataBag(new Settings([]));
    $metadata->setCsrfTokenSeed('a_cryptographically_secure_long_random_string_should_used_here');
    $metadata->stampNew();
    $this->assertNotEquals('a_cryptographically_secure_long_random_string_should_used_here', $metadata->getCsrfTokenSeed());
  }

}

trait SynchronizeCsrfTokenSeedTrait {

  /** * {@inheritdoc} */
  protected function drupalLogin(AccountInterface $account) {
    parent::drupalLogin($account);
    $session_data = $this->container->get('session_handler.write_safe')->read($this->getSession()->getCookie($this->getSessionName()));
    $csrf_token_seed = unserialize(explode('_sf2_meta|', $session_data)[1])['s'];
    $this->container->get('session_manager.metadata_bag')->setCsrfTokenSeed($csrf_token_seed);
  }

  /** * {@inheritdoc} */
  protected function rebuildContainer() {
    parent::rebuildContainer();

    // Ensure that the CSRF token seed is reset on container rebuild.     if ($this->loggedInUser) {
      $current_user = $this->loggedInUser;
      
/** * {@inheritdoc} * * phpcs:ignore Drupal.Commenting.FunctionComment.VoidReturn * @return void */
  public function stampNew($lifetime = NULL) {
    parent::stampNew($lifetime);

    // Set the token seed immediately to avoid a race condition between two     // simultaneous requests without a seed.     $this->setCsrfTokenSeed(Crypt::randomBytesBase64());
  }

}

  public function get($value = '') {
    $seed = $this->sessionMetadata->getCsrfTokenSeed();
    if (empty($seed)) {
      $seed = Crypt::randomBytesBase64();
      $this->sessionMetadata->setCsrfTokenSeed($seed);
    }

    return $this->computeToken($seed$value);
  }

  /** * Validates a token based on $value, the user session, and the private key. * * @param string $token * The token to be validated. * @param string $value * (optional) An additional value to base the token on. * * @return bool * TRUE for a valid token, FALSE for an invalid token. */
Home | Imprint | This part of the site doesn't use cookies.