Elgg  Version 3.0
Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
Elgg\Security\Csrf Class Reference

CSRF Protection. More...

Public Member Functions

 __construct (Config $config, ElggSession $session, ElggCrypto $crypto, HmacFactory $hmac)
 Constructor. More...
 
 validate (Request $request)
 Validate CSRF tokens present in the request. More...
 
 isValidToken ($token, $ts)
 Basic token validation. More...
 
 getActionTokenTimeout ()
 Returns the action token timeout in seconds. More...
 
 validateTokenOwnership ($token, $timestamp, $session_token= '')
 Was the given token generated for the session defined by session_token? More...
 
 generateActionToken ($timestamp, $session_token= '')
 Generate a token from a session token (specifying the user), the timestamp, and the site key. More...
 

Protected Member Functions

 validateTokenTimestamp ($ts)
 Is the token timestamp within acceptable range? More...
 

Protected Attributes

 $config
 
 $session
 
 $crypto
 
 $hmac
 

Detailed Description

CSRF Protection.

Definition at line 15 of file Csrf.php.

Constructor & Destructor Documentation

Elgg\Security\Csrf::__construct ( Config  $config,
ElggSession  $session,
ElggCrypto  $crypto,
HmacFactory  $hmac 
)

Constructor.

Parameters
Config$configElgg config
ElggSession$sessionSession
ElggCrypto$cryptoCrypto service
HmacFactory$hmacHMAC service

Definition at line 47 of file Csrf.php.

Member Function Documentation

Elgg\Security\Csrf::generateActionToken (   $timestamp,
  $session_token = '' 
)

Generate a token from a session token (specifying the user), the timestamp, and the site key.

See also
generate_action_token()
Parameters
int$timestampUnix timestamp
string$session_tokenSession-specific token
Returns
false|string

Definition at line 191 of file Csrf.php.

Elgg\Security\Csrf::getActionTokenTimeout ( )

Returns the action token timeout in seconds.

Returns
int number of seconds that action token is valid
See also
Csrf::validateActionToken

Definition at line 151 of file Csrf.php.

Elgg\Security\Csrf::isValidToken (   $token,
  $ts 
)

Basic token validation.

Parameters
string$tokenToken
int$tsTimestamp
Returns
bool

Definition at line 124 of file Csrf.php.

Elgg\Security\Csrf::validate ( Request  $request)

Validate CSRF tokens present in the request.

Parameters
Request$requestRequest
Returns
void
Exceptions
CsrfException

Definition at line 68 of file Csrf.php.

Elgg\Security\Csrf::validateTokenOwnership (   $token,
  $timestamp,
  $session_token = '' 
)

Was the given token generated for the session defined by session_token?

Parameters
string$tokenCSRF token
int$timestampUnix time
string$session_tokenSession-specific token
Returns
bool

Definition at line 174 of file Csrf.php.

Elgg\Security\Csrf::validateTokenTimestamp (   $ts)
protected

Is the token timestamp within acceptable range?

Parameters
int$tstimestamp from the CSRF token
Returns
bool

Definition at line 135 of file Csrf.php.

Member Data Documentation

Elgg\Security\Csrf::$config
protected

Definition at line 22 of file Csrf.php.

Elgg\Security\Csrf::$crypto
protected

Definition at line 32 of file Csrf.php.

Elgg\Security\Csrf::$hmac
protected

Definition at line 37 of file Csrf.php.

Elgg\Security\Csrf::$session
protected

Definition at line 27 of file Csrf.php.


The documentation for this class was generated from the following file: