‪TYPO3CMS  10.4
FormSession.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime;
19 
20 use ‪TYPO3\CMS\Core\Crypto\Random;
21 use ‪TYPO3\CMS\Core\Error\Http\BadRequestException;
22 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
23 use ‪TYPO3\CMS\Extbase\Security\Cryptography\HashService;
24 use ‪TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException;
25 use ‪TYPO3\CMS\Extbase\Security\Exception\InvalidHashException;
26 
30 class ‪FormSession
31 {
32  protected ‪$identifier;
33 
40  public function ‪__construct(string $authenticatedIdentifier = null)
41  {
42  if ($authenticatedIdentifier === null) {
43  $this->identifier = $this->‪generateIdentifier();
44  } else {
45  $this->identifier = $this->‪validateIdentifier($authenticatedIdentifier);
46  }
47  }
48 
53  public function ‪getIdentifier(): string
54  {
55  return ‪$this->identifier;
56  }
57 
64  public function ‪getAuthenticatedIdentifier(): string
65  {
66  return GeneralUtility::makeInstance(HashService::class)
67  // restrict string expansion by adding some char ('|')
68  ->appendHmac($this->identifier . '|');
69  }
70 
74  protected function ‪generateIdentifier(): string
75  {
76  return GeneralUtility::makeInstance(Random::class)->generateRandomHexString(40);
77  }
78 
84  protected function ‪validateIdentifier(string $authenticatedIdentifier): string
85  {
86  try {
87  ‪$identifier = GeneralUtility::makeInstance(HashService::class)
88  ->validateAndStripHmac($authenticatedIdentifier);
89  return rtrim(‪$identifier, '|');
90  } catch (‪InvalidHashException | ‪InvalidArgumentForHashGenerationException $e) {
91  throw new ‪BadRequestException('The HMAC of the form session could not be validated.', 1613300274);
92  }
93  }
94 }
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession\__construct
‪__construct(string $authenticatedIdentifier=null)
Definition: FormSession.php:40
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession\validateIdentifier
‪string validateIdentifier(string $authenticatedIdentifier)
Definition: FormSession.php:84
‪TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException
Definition: InvalidArgumentForHashGenerationException.php:26
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession\getIdentifier
‪string getIdentifier()
Definition: FormSession.php:53
‪TYPO3\CMS\Core\Error\Http\BadRequestException
Definition: BadRequestException.php:24
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession\$identifier
‪$identifier
Definition: FormSession.php:32
‪TYPO3\CMS\Extbase\Security\Cryptography\HashService
Definition: HashService.php:31
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession\getAuthenticatedIdentifier
‪string getAuthenticatedIdentifier()
Definition: FormSession.php:64
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession
Definition: FormSession.php:31
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession\generateIdentifier
‪string generateIdentifier()
Definition: FormSession.php:74
‪TYPO3\CMS\Extbase\Security\Exception\InvalidHashException
Definition: InvalidHashException.php:26
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime
Definition: FormSession.php:18
‪TYPO3\CMS\Core\Crypto\Random
Definition: Random.php:24
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:46