diff options
Diffstat (limited to 'app/Core/Security/Token.php')
| -rw-r--r-- | app/Core/Security/Token.php | 42 |
1 files changed, 34 insertions, 8 deletions
diff --git a/app/Core/Security/Token.php b/app/Core/Security/Token.php index 9b0c5769..5efc6201 100644 --- a/app/Core/Security/Token.php +++ b/app/Core/Security/Token.php @@ -25,21 +25,25 @@ class Token extends Base } /** - * Generate and store a CSRF token in the current session + * Generate and store a one-time CSRF token * * @access public * @return string Random token */ public function getCSRFToken() { - if (! session_exists('csrf')) { - session_set('csrf', []); - } - - $nonce = self::getToken(); - session_merge('csrf', [$nonce => true]); + return $this->createSessionToken('csrf'); + } - return $nonce; + /** + * Generate and store a reusable CSRF token + * + * @access public + * @return string + */ + public function getReusableCSRFToken() + { + return $this->createSessionToken('pcsrf'); } /** @@ -60,4 +64,26 @@ class Token extends Base return false; } + + public function validateReusableCSRFToken($token) + { + $tokens = session_get('pcsrf'); + if (isset($tokens[$token])) { + return true; + } + + return false; + } + + protected function createSessionToken($key) + { + if (! session_exists($key)) { + session_set($key, []); + } + + $nonce = self::getToken(); + session_merge($key, [$nonce => true]); + + return $nonce; + } } |