tao-test/app/tao/models/classes/security/xsrf/TokenStoreSession.php

<?php

/**
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; under version 2
 * of the License (non-upgradable).
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 *
 * Copyright (c) 2017 (original work) Open Assessment Technologies SA ;
 */

namespace oat\tao\model\security\xsrf;

use oat\oatbox\Configurable;
use PHPSession;

/**
 * TokenStore into the PHP session
 *
 * @author Bertrand Chevrier <bertrand@taotesting.com>
 */
class TokenStoreSession extends Configurable implements TokenStore
{
    private const TOKEN_NAMESPACE = 'CSRF_TOKEN_';

    /**
     * @var PHPSession
     */
    private $session;

    /**
     * @return PHPSession
     */
    private function getSession()
    {
        if ($this->session === null) {
            $this->session = PHPSession::singleton();
        }
        return $this->session;
    }

    public function getToken(string $tokenId): ?Token
    {
        return $this->hasToken($tokenId)
            ? $this->getSession()->getAttribute(self::TOKEN_NAMESPACE . $tokenId)
            : null;
    }

    public function setToken(string $tokenId, Token $token): void
    {
        $this->getSession()->setAttribute(self::TOKEN_NAMESPACE . $tokenId, $token);
    }

    public function hasToken(string $tokenId): bool
    {
        return $this->getSession()->hasAttribute(self::TOKEN_NAMESPACE . $tokenId);
    }

    public function removeToken(string $tokenId): bool
    {
        $removed = false;
        if ($this->hasToken($tokenId)) {
            $this->getSession()->removeAttribute(self::TOKEN_NAMESPACE . $tokenId);
            $removed = true;
        }

        return $removed;
    }

    public function clear(): void
    {
        foreach($this->getSession()->getAttributeNames() as $key) {
            if (strpos($key, self::TOKEN_NAMESPACE) === 0) {
                $this->getSession()->removeAttribute($key);
            }
        }
    }

    public function getAll(): array
    {
        $tokens = [];
        foreach ($this->getSession()->getAttributeNames() as $sessionAttributeKey) {
            if (strpos($sessionAttributeKey, self::TOKEN_NAMESPACE) === 0) {
                $tokens[] = $this->getSession()->getAttribute($sessionAttributeKey);
            }
        }
        return $tokens;
    }
}
Code, before instalation. 2022-08-29 20:14:13 +02:00			`<?php`

			`/**`
			`* This program is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU General Public License`
			`* as published by the Free Software Foundation; under version 2`
			`* of the License (non-upgradable).`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with this program; if not, write to the Free Software`
			`* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`
			`*`
			`* Copyright (c) 2017 (original work) Open Assessment Technologies SA ;`
			`*/`

			`namespace oat\tao\model\security\xsrf;`

			`use oat\oatbox\Configurable;`
			`use PHPSession;`

			`/**`
			`* TokenStore into the PHP session`
			`*`
			`* @author Bertrand Chevrier <bertrand@taotesting.com>`
			`*/`
			`class TokenStoreSession extends Configurable implements TokenStore`
			`{`
			`private const TOKEN_NAMESPACE = 'CSRF_TOKEN_';`

			`/**`
			`* @var PHPSession`
			`*/`
			`private $session;`

			`/**`
			`* @return PHPSession`
			`*/`
			`private function getSession()`
			`{`
			`if ($this->session === null) {`
			`$this->session = PHPSession::singleton();`
			`}`
			`return $this->session;`
			`}`

			`public function getToken(string $tokenId): ?Token`
			`{`
			`return $this->hasToken($tokenId)`
			`? $this->getSession()->getAttribute(self::TOKEN_NAMESPACE . $tokenId)`
			`: null;`
			`}`

			`public function setToken(string $tokenId, Token $token): void`
			`{`
			`$this->getSession()->setAttribute(self::TOKEN_NAMESPACE . $tokenId, $token);`
			`}`

			`public function hasToken(string $tokenId): bool`
			`{`
			`return $this->getSession()->hasAttribute(self::TOKEN_NAMESPACE . $tokenId);`
			`}`

			`public function removeToken(string $tokenId): bool`
			`{`
			`$removed = false;`
			`if ($this->hasToken($tokenId)) {`
			`$this->getSession()->removeAttribute(self::TOKEN_NAMESPACE . $tokenId);`
			`$removed = true;`
			`}`

			`return $removed;`
			`}`

			`public function clear(): void`
			`{`
			`foreach($this->getSession()->getAttributeNames() as $key) {`
			`if (strpos($key, self::TOKEN_NAMESPACE) === 0) {`
			`$this->getSession()->removeAttribute($key);`
			`}`
			`}`
			`}`

			`public function getAll(): array`
			`{`
			`$tokens = [];`
			`foreach ($this->getSession()->getAttributeNames() as $sessionAttributeKey) {`
			`if (strpos($sessionAttributeKey, self::TOKEN_NAMESPACE) === 0) {`
			`$tokens[] = $this->getSession()->getAttribute($sessionAttributeKey);`
			`}`
			`}`
			`return $tokens;`
			`}`
			`}`