diff options
Diffstat (limited to 'app/Core')
| -rw-r--r-- | app/Core/Http/Request.php | 11 | ||||
| -rw-r--r-- | app/Core/Security/Token.php | 42 |
2 files changed, 45 insertions, 8 deletions
diff --git a/app/Core/Http/Request.php b/app/Core/Http/Request.php index 44bfdbe6..f7d29ab9 100644 --- a/app/Core/Http/Request.php +++ b/app/Core/Http/Request.php @@ -112,6 +112,17 @@ class Request extends Base } /** + * Get POST value without modification + * + * @param $name + * @return mixed|null + */ + public function getRawValue($name) + { + return isset($this->post[$name]) ? $this->post[$name] : null; + } + + /** * Get the raw body of the HTTP request * * @access public diff --git a/app/Core/Security/Token.php b/app/Core/Security/Token.php index 9b0c5769..5efc6201 100644 --- a/app/Core/Security/Token.php +++ b/app/Core/Security/Token.php @@ -25,21 +25,25 @@ class Token extends Base } /** - * Generate and store a CSRF token in the current session + * Generate and store a one-time CSRF token * * @access public * @return string Random token */ public function getCSRFToken() { - if (! session_exists('csrf')) { - session_set('csrf', []); - } - - $nonce = self::getToken(); - session_merge('csrf', [$nonce => true]); + return $this->createSessionToken('csrf'); + } - return $nonce; + /** + * Generate and store a reusable CSRF token + * + * @access public + * @return string + */ + public function getReusableCSRFToken() + { + return $this->createSessionToken('pcsrf'); } /** @@ -60,4 +64,26 @@ class Token extends Base return false; } + + public function validateReusableCSRFToken($token) + { + $tokens = session_get('pcsrf'); + if (isset($tokens[$token])) { + return true; + } + + return false; + } + + protected function createSessionToken($key) + { + if (! session_exists($key)) { + session_set($key, []); + } + + $nonce = self::getToken(); + session_merge($key, [$nonce => true]); + + return $nonce; + } } |