‪TYPO3CMS  ‪main
FormSession.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime;
19 
20 use ‪TYPO3\CMS\Core\Crypto\HashService;
21 use ‪TYPO3\CMS\Core\Crypto\Random;
22 use ‪TYPO3\CMS\Core\Error\Http\BadRequestException;
23 use ‪TYPO3\CMS\Core\Exception\Crypto\InvalidHashStringException;
24 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
25 use ‪TYPO3\CMS\Form\Security\HashScope;
26 
30 class ‪FormSession
31 {
32  protected ‪$identifier;
33 
40  public function ‪__construct(string $authenticatedIdentifier = null)
41  {
42  if ($authenticatedIdentifier === null) {
43  $this->identifier = $this->‪generateIdentifier();
44  } else {
45  $this->identifier = $this->‪validateIdentifier($authenticatedIdentifier);
46  }
47  }
48 
52  public function ‪getIdentifier(): string
53  {
54  return ‪$this->identifier;
55  }
56 
62  public function ‪getAuthenticatedIdentifier(): string
63  {
64  return GeneralUtility::makeInstance(HashService::class)
65  // restrict string expansion by adding some char ('|')
66  ->appendHmac($this->identifier . '|', HashScope::FormSession->‪prefix());
67  }
68 
69  protected function ‪generateIdentifier(): string
70  {
71  return GeneralUtility::makeInstance(Random::class)->generateRandomHexString(40);
72  }
73 
77  protected function ‪validateIdentifier(string $authenticatedIdentifier): string
78  {
79  try {
80  ‪$identifier = GeneralUtility::makeInstance(HashService::class)
81  ->validateAndStripHmac($authenticatedIdentifier, HashScope::FormSession->‪prefix());
82  return rtrim(‪$identifier, '|');
83  } catch (‪InvalidHashStringException $e) {
84  throw new ‪BadRequestException('The HMAC of the form session could not be validated.', 1613300274);
85  }
86  }
87 }
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession\__construct
‪__construct(string $authenticatedIdentifier=null)
Definition: FormSession.php:40
‪TYPO3\CMS\Form\Security\HashScope
‪HashScope
Definition: HashScope.php:25
‪TYPO3\CMS\Core\Error\Http\BadRequestException
Definition: BadRequestException.php:24
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession\$identifier
‪$identifier
Definition: FormSession.php:32
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession
Definition: FormSession.php:31
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession\getIdentifier
‪getIdentifier()
Definition: FormSession.php:52
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession\validateIdentifier
‪validateIdentifier(string $authenticatedIdentifier)
Definition: FormSession.php:77
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession\generateIdentifier
‪generateIdentifier()
Definition: FormSession.php:69
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime
Definition: FormSession.php:18
‪TYPO3\CMS\Core\Crypto\Random
Definition: Random.php:27
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:52
‪TYPO3\CMS\Extbase\Security\prefix
‪@ prefix
Definition: HashScope.php:30
‪TYPO3\CMS\Core\Exception\Crypto\InvalidHashStringException
Definition: InvalidHashStringException.php:25
‪TYPO3\CMS\Core\Crypto\HashService
Definition: HashService.php:27
‪TYPO3\CMS\Form\Domain\Runtime\FormRuntime\FormSession\getAuthenticatedIdentifier
‪getAuthenticatedIdentifier()
Definition: FormSession.php:62