‪TYPO3CMS  9.5
All Classes Namespaces Files Functions Variables Pages
AbstractFormProtection.php
Go to the documentation of this file.
1 <?php
2 namespace ‪TYPO3\CMS\Core\FormProtection;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
17 use ‪TYPO3\CMS\Core\Crypto\Random;
18 use ‪TYPO3\CMS\Core\Security\BlockSerializationTrait;
19 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
20 
28 abstract class ‪AbstractFormProtection
29 {
30  use ‪BlockSerializationTrait;
31 
35  protected ‪$validationFailedCallback;
36 
42  protected ‪$sessionToken;
43 
47  protected function ‪getSessionToken()
48  {
49  $this->sessionToken = $this->sessionToken ?? $this->‪retrieveSessionToken();
50  return ‪$this->sessionToken;
51  }
52 
56  public function ‪__destruct()
57  {
58  unset($this->sessionToken);
59  }
60 
66  public function ‪clean()
67  {
68  unset($this->sessionToken);
69  $this->‪persistSessionToken();
70  }
71 
85  public function ‪generateToken($formName, $action = '', $formInstanceName = '')
86  {
87  if ($formName == '') {
88  throw new \InvalidArgumentException('$formName must not be empty.', 1294586643);
89  }
90  $tokenId = GeneralUtility::hmac($formName . $action . $formInstanceName . $this->‪getSessionToken());
91  return $tokenId;
92  }
93 
104  public function ‪validateToken($tokenId, $formName, $action = '', $formInstanceName = '')
105  {
106  $validTokenId = GeneralUtility::hmac(((string)$formName . (string)$action) . (string)$formInstanceName . $this->‪getSessionToken());
107  if (hash_equals($validTokenId, (string)$tokenId)) {
108  $isValid = true;
109  } else {
110  $isValid = false;
111  }
112  if (!$isValid) {
113  $this->‪createValidationErrorMessage();
114  }
115  return $isValid;
116  }
117 
123  protected function ‪generateSessionToken()
124  {
125  return GeneralUtility::makeInstance(Random::class)->generateRandomHexString(64);
126  }
127 
132  protected function ‪createValidationErrorMessage()
133  {
134  if ($this->validationFailedCallback !== null) {
135  $this->validationFailedCallback->__invoke();
136  }
137  }
138 
144  abstract protected function ‪retrieveSessionToken();
145 
152  abstract public function ‪persistSessionToken();
153 }
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\$sessionToken
‪string $sessionToken
Definition: AbstractFormProtection.php:39
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\generateToken
‪string generateToken($formName, $action='', $formInstanceName='')
Definition: AbstractFormProtection.php:82
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\$validationFailedCallback
‪Closure $validationFailedCallback
Definition: AbstractFormProtection.php:33
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\getSessionToken
‪string getSessionToken()
Definition: AbstractFormProtection.php:44
‪TYPO3\CMS\Core\Security\BlockSerializationTrait
Definition: BlockSerializationTrait.php:28
‪TYPO3\CMS\Core\FormProtection
Definition: AbstractFormProtection.php:2
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\createValidationErrorMessage
‪createValidationErrorMessage()
Definition: AbstractFormProtection.php:129
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\clean
‪clean()
Definition: AbstractFormProtection.php:63
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\validateToken
‪bool validateToken($tokenId, $formName, $action='', $formInstanceName='')
Definition: AbstractFormProtection.php:101
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\__destruct
‪__destruct()
Definition: AbstractFormProtection.php:53
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection
Definition: AbstractFormProtection.php:29
‪TYPO3\CMS\Core\Crypto\Random
Definition: Random.php:22
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\retrieveSessionToken
‪string retrieveSessionToken()
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:45
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\persistSessionToken
‪persistSessionToken()
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\generateSessionToken
‪string generateSessionToken()
Definition: AbstractFormProtection.php:120