99 lines
2.7 KiB
PHP
99 lines
2.7 KiB
PHP
<?php
|
|
|
|
/**
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; under version 2
|
|
* of the License (non-upgradable).
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
*
|
|
* Copyright (c) 2017 (original work) Open Assessment Technologies SA ;
|
|
*/
|
|
|
|
namespace oat\tao\model\security\xsrf;
|
|
|
|
use oat\oatbox\Configurable;
|
|
use PHPSession;
|
|
|
|
/**
|
|
* TokenStore into the PHP session
|
|
*
|
|
* @author Bertrand Chevrier <bertrand@taotesting.com>
|
|
*/
|
|
class TokenStoreSession extends Configurable implements TokenStore
|
|
{
|
|
private const TOKEN_NAMESPACE = 'CSRF_TOKEN_';
|
|
|
|
/**
|
|
* @var PHPSession
|
|
*/
|
|
private $session;
|
|
|
|
/**
|
|
* @return PHPSession
|
|
*/
|
|
private function getSession()
|
|
{
|
|
if ($this->session === null) {
|
|
$this->session = PHPSession::singleton();
|
|
}
|
|
return $this->session;
|
|
}
|
|
|
|
public function getToken(string $tokenId): ?Token
|
|
{
|
|
return $this->hasToken($tokenId)
|
|
? $this->getSession()->getAttribute(self::TOKEN_NAMESPACE . $tokenId)
|
|
: null;
|
|
}
|
|
|
|
public function setToken(string $tokenId, Token $token): void
|
|
{
|
|
$this->getSession()->setAttribute(self::TOKEN_NAMESPACE . $tokenId, $token);
|
|
}
|
|
|
|
public function hasToken(string $tokenId): bool
|
|
{
|
|
return $this->getSession()->hasAttribute(self::TOKEN_NAMESPACE . $tokenId);
|
|
}
|
|
|
|
public function removeToken(string $tokenId): bool
|
|
{
|
|
$removed = false;
|
|
if ($this->hasToken($tokenId)) {
|
|
$this->getSession()->removeAttribute(self::TOKEN_NAMESPACE . $tokenId);
|
|
$removed = true;
|
|
}
|
|
|
|
return $removed;
|
|
}
|
|
|
|
public function clear(): void
|
|
{
|
|
foreach($this->getSession()->getAttributeNames() as $key) {
|
|
if (strpos($key, self::TOKEN_NAMESPACE) === 0) {
|
|
$this->getSession()->removeAttribute($key);
|
|
}
|
|
}
|
|
}
|
|
|
|
public function getAll(): array
|
|
{
|
|
$tokens = [];
|
|
foreach ($this->getSession()->getAttributeNames() as $sessionAttributeKey) {
|
|
if (strpos($sessionAttributeKey, self::TOKEN_NAMESPACE) === 0) {
|
|
$tokens[] = $this->getSession()->getAttribute($sessionAttributeKey);
|
|
}
|
|
}
|
|
return $tokens;
|
|
}
|
|
}
|