8 use Elgg\Traits\TimeUsing;
70 $session_id = $this->session->getID();
77 $returnval =
$request->elgg()->events->triggerResults(
'action_gatekeeper:permissions:check',
'all', [
91 'js:security:token_refresh_failed',
92 [$this->config->wwwroot]
101 throw new CsrfException(
$request->elgg()->translator->translate(
'js:security:token_refresh_failed', [$this->config->wwwroot]));
107 $error_msg =
$request->elgg()->translator->translate(
'actiongatekeeper:missingfields');
135 $now = $this->getCurrentTime()->getTimestamp();
137 return ($timeout == 0 || (
$ts > $now - $timeout) && (
$ts < $now + $timeout));
152 if ($this->config->hasValue(
'action_token_timeout')) {
154 $timeout = $this->config->action_token_timeout;
159 return (
int) ((float) $timeout * $hour);
175 return $this->crypto->areEqual(
$token, $required_token);
188 if (!$session_token) {
189 $session_token = $this->session->get(
'__elgg_session');
190 if (!$session_token) {
196 ->getHmac([(
int)
$timestamp, $session_token],
'md5')
Thrown when CSRF tokens mismatch.
isValidToken($token, $ts)
Basic token validation.
generateActionToken($timestamp, $session_token='')
Generate a token from a session token (specifying the user), the timestamp, and the site key.
validate(Request $request)
Validate CSRF tokens present in the request.
validateTokenOwnership($token, $timestamp, $session_token='')
Was the given token generated for the session defined by session_token?
getActionTokenTimeout()
Returns the action token timeout in seconds.
__construct(Config $config, \ElggSession $session, Crypto $crypto, HmacFactory $hmac)
Constructor.
validateTokenTimestamp($ts)
Is the token timestamp within acceptable range?
Provides a factory for HMAC objects.
$ts
CSRF security token view for use with secure forms.