‪TYPO3CMS  9.5
FormSession.php
Go to the documentation of this file.
1 <?php
2 declare(strict_types = 1);
3 namespace ‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime;
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 use ‪TYPO3\CMS\Core\Crypto\Random;
19 use ‪TYPO3\CMS\Core\Error\Http\BadRequestException;
20 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
21 use ‪TYPO3\CMS\Extbase\Security\Cryptography\HashService;
22 use ‪TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException;
23 use ‪TYPO3\CMS\Extbase\Security\Exception\InvalidHashException;
24 
28 class ‪FormSession
29 {
30  protected ‪$identifier;
31 
38  public function ‪__construct(string $authenticatedIdentifier = null)
39  {
40  if ($authenticatedIdentifier === null) {
41  $this->identifier = $this->‪generateIdentifier();
42  } else {
43  $this->identifier = $this->‪validateIdentifier($authenticatedIdentifier);
44  }
45  }
46 
51  public function ‪getIdentifier(): string
52  {
53  return ‪$this->identifier;
54  }
55 
62  public function ‪getAuthenticatedIdentifier(): string
63  {
64  return GeneralUtility::makeInstance(HashService::class)
65  // restrict string expansion by adding some char ('|')
66  ->appendHmac($this->identifier . '|');
67  }
68 
72  protected function ‪generateIdentifier(): string
73  {
74  return GeneralUtility::makeInstance(Random::class)->generateRandomHexString(40);
75  }
76 
82  protected function ‪validateIdentifier(string $authenticatedIdentifier): string
83  {
84  try {
85  ‪$identifier = GeneralUtility::makeInstance(HashService::class)
86  ->validateAndStripHmac($authenticatedIdentifier);
87  return rtrim(‪$identifier, '|');
88  } catch (‪InvalidHashException | ‪InvalidArgumentForHashGenerationException $e) {
89  throw new ‪BadRequestException('The HMAC of the form session could not be validated.', 1613300274);
90  }
91  }
92 }
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession\__construct
‪__construct(string $authenticatedIdentifier=null)
Definition: FormSession.php:38
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession\validateIdentifier
‪string validateIdentifier(string $authenticatedIdentifier)
Definition: FormSession.php:82
‪TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException
Definition: InvalidArgumentForHashGenerationException.php:21
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession\getIdentifier
‪string getIdentifier()
Definition: FormSession.php:51
‪TYPO3\CMS\Core\Error\Http\BadRequestException
Definition: BadRequestException.php:21
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession\$identifier
‪$identifier
Definition: FormSession.php:30
‪TYPO3\CMS\Extbase\Security\Cryptography\HashService
Definition: HashService.php:24
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession\getAuthenticatedIdentifier
‪string getAuthenticatedIdentifier()
Definition: FormSession.php:62
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession
Definition: FormSession.php:29
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession\generateIdentifier
‪string generateIdentifier()
Definition: FormSession.php:72
‪TYPO3\CMS\Extbase\Security\Exception\InvalidHashException
Definition: InvalidHashException.php:21
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime
Definition: FormSession.php:3
‪TYPO3\CMS\Core\Crypto\Random
Definition: Random.php:22
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:45