Development

- Renamed Uri class to Url.
- Renamed setUri and getUri to setUrl and getUrl.
- Added custom Exceptions and ensured that router only throws HttpExceptions.
- Added isAjax method to Request class.
- Added better phpDocs.
- Other minor optimisations.
This commit is contained in:
Simon Sessingo
2018-02-26 23:21:26 +01:00
parent a0c5bbdcc0
commit a25be983b8
17 changed files with 180 additions and 75 deletions
@@ -2,6 +2,8 @@
namespace Pecee\Http\Security;
use Pecee\Http\Security\Exceptions\SecurityException;
class CookieTokenProvider implements ITokenProvider
{
const CSRF_KEY = 'CSRF-TOKEN';
@@ -9,6 +11,10 @@ class CookieTokenProvider implements ITokenProvider
protected $token;
protected $cookieTimeoutMinutes = 120;
/**
* CookieTokenProvider constructor.
* @throws SecurityException
*/
public function __construct()
{
$this->token = $this->getToken();
@@ -21,20 +27,24 @@ class CookieTokenProvider implements ITokenProvider
/**
* Generate random identifier for CSRF token
*
* @throws \RuntimeException|\Exception
* @return string
* @throws SecurityException
*/
public function generateToken()
{
if (function_exists('random_bytes') === true) {
return bin2hex(random_bytes(32));
try {
return bin2hex(random_bytes(32));
} catch(\Exception $e) {
throw new SecurityException($e->getMessage(), $e->getCode(), $e->getPrevious());
}
}
$isSourceStrong = false;
$random = openssl_random_pseudo_bytes(32, $isSourceStrong);
if ($isSourceStrong === false || $random === false) {
throw new \RuntimeException('IV generation failed');
throw new SecurityException('IV generation failed');
}
return $random;