nextcloud/lib/private/Security/CSRF/TokenStorage/SessionStorage.php

<?php

declare(strict_types=1);

/**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
 * @author Christoph Wurst <christoph@winzerhof-wurst.at>
 * @author Joas Schilling <coding@schilljs.com>
 * @author Lukas Reschke <lukas@statuscode.ch>
 * @author Roeland Jago Douma <roeland@famdouma.nl>
 *
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program. If not, see <http://www.gnu.org/licenses/>
 *
 */

namespace OC\Security\CSRF\TokenStorage;

use OCP\ISession;

/**
 * Class SessionStorage provides the session storage
 *
 * @package OC\Security\CSRF\TokenStorage
 */
class SessionStorage {
	/** @var ISession */
	private $session;

	/**
	 * @param ISession $session
	 */
	public function __construct(ISession $session) {
		$this->session = $session;
	}

	/**
	 * @param ISession $session
	 */
	public function setSession(ISession $session) {
		$this->session = $session;
	}

	/**
	 * Returns the current token or throws an exception if none is found.
	 *
	 * @return string
	 * @throws \Exception
	 */
	public function getToken(): string {
		$token = $this->session->get('requesttoken');
		if (empty($token)) {
			throw new \Exception('Session does not contain a requesttoken');
		}

		return $token;
	}

	/**
	 * Set the valid current token to $value.
	 *
	 * @param string $value
	 */
	public function setToken(string $value) {
		$this->session->set('requesttoken', $value);
	}

	/**
	 * Removes the current token.
	 */
	public function removeToken() {
		$this->session->remove('requesttoken');
	}
	/**
	 * Whether the storage has a storage.
	 *
	 * @return bool
	 */
	public function hasToken(): bool {
		return $this->session->exists('requesttoken');
	}
}
Add new CSRF manager for unit testing purposes This adds a new CSRF manager for unit testing purposes, it's interface is based upon https://github.com/symfony/security-csrf. Due to some of our required custom changes it is however not possible to use the Symfony component directly. 2016-01-25 19:15:54 +03:00			`<?php`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 21:57:53 +03:00
Make \OC\Security\CSRF strict Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-03-05 17:01:02 +03:00			`declare(strict_types=1);`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 21:57:53 +03:00
Add new CSRF manager for unit testing purposes This adds a new CSRF manager for unit testing purposes, it's interface is based upon https://github.com/symfony/security-csrf. Due to some of our required custom changes it is however not possible to use the Symfony component directly. 2016-01-25 19:15:54 +03:00			`/**`
Fix others 2016-07-21 18:07:57 +03:00			`* @copyright Copyright (c) 2016, ownCloud, Inc.`
			`*`
Update license headers for 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-04-29 12:57:22 +03:00			`* @author Christoph Wurst <christoph@winzerhof-wurst.at>`
Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2017-11-06 17:56:42 +03:00			`* @author Joas Schilling <coding@schilljs.com>`
Update license headers 2016-05-26 20:56:05 +03:00			`* @author Lukas Reschke <lukas@statuscode.ch>`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 21:57:53 +03:00			`* @author Roeland Jago Douma <roeland@famdouma.nl>`
Add new CSRF manager for unit testing purposes This adds a new CSRF manager for unit testing purposes, it's interface is based upon https://github.com/symfony/security-csrf. Due to some of our required custom changes it is however not possible to use the Symfony component directly. 2016-01-25 19:15:54 +03:00			`*`
			`* @license AGPL-3.0`
			`*`
			`* This code is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License, version 3,`
			`* as published by the Free Software Foundation.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License, version 3,`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 21:57:53 +03:00			`* along with this program. If not, see <http://www.gnu.org/licenses/>`
Add new CSRF manager for unit testing purposes This adds a new CSRF manager for unit testing purposes, it's interface is based upon https://github.com/symfony/security-csrf. Due to some of our required custom changes it is however not possible to use the Symfony component directly. 2016-01-25 19:15:54 +03:00			`*`
			`*/`

			`namespace OC\Security\CSRF\TokenStorage;`

			`use OCP\ISession;`

			`/**`
			`* Class SessionStorage provides the session storage`
			`*`
			`* @package OC\Security\CSRF\TokenStorage`
			`*/`
			`class SessionStorage {`
			`/** @var ISession */`
			`private $session;`

			`/**`
			`* @param ISession $session`
			`*/`
			`public function __construct(ISession $session) {`
			`$this->session = $session;`
			`}`

Fix missing update of session, when it was already used. Signed-off-by: Joas Schilling <coding@schilljs.com> 2016-10-28 12:29:02 +03:00			`/**`
			`* @param ISession $session`
			`*/`
			`public function setSession(ISession $session) {`
			`$this->session = $session;`
			`}`

Add new CSRF manager for unit testing purposes This adds a new CSRF manager for unit testing purposes, it's interface is based upon https://github.com/symfony/security-csrf. Due to some of our required custom changes it is however not possible to use the Symfony component directly. 2016-01-25 19:15:54 +03:00			`/**`
			`* Returns the current token or throws an exception if none is found.`
			`*`
			`* @return string`
			`* @throws \Exception`
			`*/`
Make \OC\Security\CSRF strict Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-03-05 17:01:02 +03:00			`public function getToken(): string {`
Add new CSRF manager for unit testing purposes This adds a new CSRF manager for unit testing purposes, it's interface is based upon https://github.com/symfony/security-csrf. Due to some of our required custom changes it is however not possible to use the Symfony component directly. 2016-01-25 19:15:54 +03:00			`$token = $this->session->get('requesttoken');`
Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-04-10 15:19:56 +03:00			`if (empty($token)) {`
Add new CSRF manager for unit testing purposes This adds a new CSRF manager for unit testing purposes, it's interface is based upon https://github.com/symfony/security-csrf. Due to some of our required custom changes it is however not possible to use the Symfony component directly. 2016-01-25 19:15:54 +03:00			`throw new \Exception('Session does not contain a requesttoken');`
			`}`

			`return $token;`
			`}`

			`/**`
			`* Set the valid current token to $value.`
			`*`
			`* @param string $value`
			`*/`
Make \OC\Security\CSRF strict Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-03-05 17:01:02 +03:00			`public function setToken(string $value) {`
Add new CSRF manager for unit testing purposes This adds a new CSRF manager for unit testing purposes, it's interface is based upon https://github.com/symfony/security-csrf. Due to some of our required custom changes it is however not possible to use the Symfony component directly. 2016-01-25 19:15:54 +03:00			`$this->session->set('requesttoken', $value);`
			`}`

			`/**`
			`* Removes the current token.`
			`*/`
			`public function removeToken() {`
			`$this->session->remove('requesttoken');`
			`}`
			`/**`
			`* Whether the storage has a storage.`
			`*`
			`* @return bool`
			`*/`
Make \OC\Security\CSRF strict Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-03-05 17:01:02 +03:00			`public function hasToken(): bool {`
Add new CSRF manager for unit testing purposes This adds a new CSRF manager for unit testing purposes, it's interface is based upon https://github.com/symfony/security-csrf. Due to some of our required custom changes it is however not possible to use the Symfony component directly. 2016-01-25 19:15:54 +03:00			`return $this->session->exists('requesttoken');`
			`}`
			`}`