Make \OC\Security\CSRF strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
parent
c85c64c787
commit
2c8402aa17
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
|
@ -40,7 +41,7 @@ class CsrfToken {
|
|||
/**
|
||||
* @param string $value Value of the token. Can be encrypted or not encrypted.
|
||||
*/
|
||||
public function __construct($value) {
|
||||
public function __construct(string $value) {
|
||||
$this->value = $value;
|
||||
}
|
||||
|
||||
|
@ -50,9 +51,9 @@ class CsrfToken {
|
|||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getEncryptedValue() {
|
||||
public function getEncryptedValue(): string {
|
||||
if($this->encryptedValue === '') {
|
||||
$sharedSecret = random_bytes(strlen($this->value));
|
||||
$sharedSecret = random_bytes(\strlen($this->value));
|
||||
$this->encryptedValue = base64_encode($this->value ^ $sharedSecret) . ':' . base64_encode($sharedSecret);
|
||||
}
|
||||
|
||||
|
@ -65,9 +66,9 @@ class CsrfToken {
|
|||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getDecryptedValue() {
|
||||
public function getDecryptedValue(): string {
|
||||
$token = explode(':', $this->value);
|
||||
if (count($token) !== 2) {
|
||||
if (\count($token) !== 2) {
|
||||
return '';
|
||||
}
|
||||
$obfuscatedToken = $token[0];
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
|
@ -47,7 +48,7 @@ class CsrfTokenGenerator {
|
|||
* @param int $length Length of the token in characters.
|
||||
* @return string
|
||||
*/
|
||||
public function generateToken($length = 32) {
|
||||
public function generateToken(int $length = 32): string {
|
||||
return $this->random->generate($length);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
|
@ -52,8 +53,8 @@ class CsrfTokenManager {
|
|||
*
|
||||
* @return CsrfToken
|
||||
*/
|
||||
public function getToken() {
|
||||
if(!is_null($this->csrfToken)) {
|
||||
public function getToken(): CsrfToken {
|
||||
if(!\is_null($this->csrfToken)) {
|
||||
return $this->csrfToken;
|
||||
}
|
||||
|
||||
|
@ -73,7 +74,7 @@ class CsrfTokenManager {
|
|||
*
|
||||
* @return CsrfToken
|
||||
*/
|
||||
public function refreshToken() {
|
||||
public function refreshToken(): CsrfToken {
|
||||
$value = $this->tokenGenerator->generateToken();
|
||||
$this->sessionStorage->setToken($value);
|
||||
$this->csrfToken = new CsrfToken($value);
|
||||
|
@ -94,7 +95,7 @@ class CsrfTokenManager {
|
|||
* @param CsrfToken $token
|
||||
* @return bool
|
||||
*/
|
||||
public function isTokenValid(CsrfToken $token) {
|
||||
public function isTokenValid(CsrfToken $token): bool {
|
||||
if(!$this->sessionStorage->hasToken()) {
|
||||
return false;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
|
@ -54,7 +55,7 @@ class SessionStorage {
|
|||
* @return string
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function getToken() {
|
||||
public function getToken(): string {
|
||||
$token = $this->session->get('requesttoken');
|
||||
if(empty($token)) {
|
||||
throw new \Exception('Session does not contain a requesttoken');
|
||||
|
@ -68,7 +69,7 @@ class SessionStorage {
|
|||
*
|
||||
* @param string $value
|
||||
*/
|
||||
public function setToken($value) {
|
||||
public function setToken(string $value) {
|
||||
$this->session->set('requesttoken', $value);
|
||||
}
|
||||
|
||||
|
@ -83,7 +84,7 @@ class SessionStorage {
|
|||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function hasToken() {
|
||||
public function hasToken(): bool {
|
||||
return $this->session->exists('requesttoken');
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue