CSRF
  • Namespace
  • Class
  • Tree

Namespaces

  • PHP
  • Riimu
    • Kit
      • CSRF
        • Source
        • Storage

Classes

  • CSRFHandler
  • NonceValidator
  • SingleToken

Exceptions

  • InvalidCSRFTokenException

Class NonceValidator

CSRF Handler that accepts each CSRF token only once.

Riimu\Kit\CSRF\CSRFHandler
Extended by Riimu\Kit\CSRF\NonceValidator
Namespace: Riimu\Kit\CSRF
Copyright: Copyright (c) 2015, Riikka Kalliomäki
License: MIT License
Author: Riikka Kalliomäki riikka.kalliomaki@gmail.com
Located at NonceValidator.php

Methods summary

public
# __construct( string $sessionVariable = 'csrf_nonces' )

Creates a new instance of NonceValidator.

Creates a new instance of NonceValidator.

Parameters

$sessionVariable
Name of the session variable used for storing nonces

Overrides

Riimu\Kit\CSRF\CSRFHandler::__construct
public boolean
# validateToken( string $token )

Validates the csrf token.

Validates the csrf token.

The token must be provided as a base64 encoded string which also includes the token encryption key. In other words, you should pass this method the exact same string that has been returned by the getToken() method.

Parameters

$token
The base64 encoded token provided by getToken()

Returns

boolean
True if the token is valid, false if it is not

Throws

Riimu\Kit\CSRF\Storage\TokenStorageException
If the secret token cannot be loaded or stored

Overrides

Riimu\Kit\CSRF\CSRFHandler::validateToken
public string
# getToken( )

Generates a new secure base64 encoded csrf token.

Generates a new secure base64 encoded csrf token.

This method returns a new string every time it is called, because it always generates a new encryption key for the token. Of course, each of these tokens is a valid CSRF token, unless the regenerateToken() method is called.

Returns

string
Base64 encoded CSRF token

Throws

Riimu\Kit\CSRF\Storage\TokenStorageException
If the secret token cannot be loaded or stored

Overrides

Riimu\Kit\CSRF\CSRFHandler::getToken
public Riimu\Kit\CSRF\CSRFHandler
# regenerateToken( )

Regenerates the actual CSRF token.

Regenerates the actual CSRF token.

After this method has been called, any token that has been previously generated by getToken() is no longer considered valid. It is highly recommended to regenerate the CSRF token after any user authentication.

Returns

Riimu\Kit\CSRF\CSRFHandler
Returns self for call chaining

Throws

Riimu\Kit\CSRF\Storage\TokenStorageException
If the secret token cannot be stored

Overrides

Riimu\Kit\CSRF\CSRFHandler::regenerateToken
public integer
# getNonceCount( )

Returns the number of stored used nonces.

Returns the number of stored used nonces.

Returns

integer
Number of invalidated nonces.

Methods inherited from Riimu\Kit\CSRF\CSRFHandler

getGenerator(), getRequestToken(), getTrueToken(), isValidatedRequest(), killScript(), setGenerator(), setSources(), setStorage(), validateRequest(), validateRequestToken()

Constants summary

Constants inherited from Riimu\Kit\CSRF\CSRFHandler

TOKEN_LENGTH

Properties summary

Properties inherited from Riimu\Kit\CSRF\CSRFHandler

$validatedMethods

CSRF API documentation generated by ApiGen