Elgg  Version 6.0
Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
Elgg\Security\Csrf Class Reference

CSRF Protection. More...

Public Member Functions

 __construct (Config $config,\ElggSession $session, Crypto $crypto, HmacFactory $hmac)
 Constructor. More...
 
 validate (Request $request)
 Validate CSRF tokens present in the request. More...
 
 isValidToken ($token, $ts)
 Basic token validation. More...
 
 getActionTokenTimeout ()
 Returns the action token timeout in seconds. More...
 
 validateTokenOwnership ($token, $timestamp, $session_token= '')
 Was the given token generated for the session defined by session_token? More...
 
 generateActionToken ($timestamp, $session_token= '')
 Generate a token from a session token (specifying the user), the timestamp, and the site key. More...
 

Protected Member Functions

 validateTokenTimestamp ($ts)
 Is the token timestamp within acceptable range? More...
 

Protected Attributes

 $config
 
 $session
 
 $crypto
 
 $hmac
 

Detailed Description

CSRF Protection.

Definition at line 13 of file Csrf.php.

Constructor & Destructor Documentation

Elgg\Security\Csrf::__construct ( Config  $config,
\ElggSession  $session,
Crypto  $crypto,
HmacFactory  $hmac 
)

Constructor.

Parameters
Config$configElgg config
\ElggSession$sessionSession
Crypto$cryptoCrypto service
HmacFactory$hmacHMAC service

Definition at line 45 of file Csrf.php.

Member Function Documentation

Elgg\Security\Csrf::generateActionToken (   $timestamp,
  $session_token = '' 
)

Generate a token from a session token (specifying the user), the timestamp, and the site key.

Parameters
int$timestampUnix timestamp
string$session_tokenSession-specific token
Returns
false|string

Definition at line 187 of file Csrf.php.

Elgg\Security\Csrf::getActionTokenTimeout ( )

Returns the action token timeout in seconds.

Returns
int number of seconds that action token is valid
See also
Csrf::validateActionToken

Definition at line 149 of file Csrf.php.

Elgg\Security\Csrf::isValidToken (   $token,
  $ts 
)

Basic token validation.

Parameters
string$tokenToken
int$tsTimestamp
Returns
bool

Definition at line 122 of file Csrf.php.

Elgg\Security\Csrf::validate ( Request  $request)

Validate CSRF tokens present in the request.

Parameters
Request$requestRequest
Returns
void
Exceptions
CsrfException

Definition at line 66 of file Csrf.php.

Elgg\Security\Csrf::validateTokenOwnership (   $token,
  $timestamp,
  $session_token = '' 
)

Was the given token generated for the session defined by session_token?

Parameters
string$tokenCSRF token
int$timestampUnix time
string$session_tokenSession-specific token
Returns
bool

Definition at line 172 of file Csrf.php.

Elgg\Security\Csrf::validateTokenTimestamp (   $ts)
protected

Is the token timestamp within acceptable range?

Parameters
int$tstimestamp from the CSRF token
Returns
bool

Definition at line 133 of file Csrf.php.

Member Data Documentation

Elgg\Security\Csrf::$config
protected

Definition at line 20 of file Csrf.php.

Elgg\Security\Csrf::$crypto
protected

Definition at line 30 of file Csrf.php.

Elgg\Security\Csrf::$hmac
protected

Definition at line 35 of file Csrf.php.

Elgg\Security\Csrf::$session
protected

Definition at line 25 of file Csrf.php.


The documentation for this class was generated from the following file: