Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updating CSRF code with PHP 8.1 features #619

Merged
merged 3 commits into from
Mar 31, 2022
Merged

Updating CSRF code with PHP 8.1 features #619

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
260fb45
Update Csrf code with php 8.1 features
msmakouz Mar 18, 2022
26b0813
Merge remote-tracking branch 'origin/maintenance/remove-deprecated-co…
msmakouz Mar 21, 2022
7172483
Merge remote-tracking branch 'origin/3.0' into maintenance/csrf-php-81
msmakouz Mar 24, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 0 additions & 8 deletions src/Csrf/src/Config/CsrfConfig.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,5 @@
<?php

/**
* Spiral Framework.
*
* @license MIT
* @author Anton Titov (Wolfy-J)
* @author Valentin V (vvval)
*/

declare(strict_types=1);

namespace Spiral\Csrf\Config;
Expand Down
30 changes: 7 additions & 23 deletions src/Csrf/src/Middleware/CsrfFirewall.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,5 @@
<?php

/**
* Spiral Framework.
*
* @license MIT
* @author Anton Titov (Wolfy-J)
*/

declare(strict_types=1);

namespace Spiral\Csrf\Middleware;
Expand Down Expand Up @@ -38,21 +31,12 @@ final class CsrfFirewall implements MiddlewareInterface
*/
public const ALLOW_METHODS = ['GET', 'HEAD', 'OPTIONS'];

/** @var ResponseFactoryInterface */
private $responseFactory;

/** @var array */
private $allowMethods;

public function __construct(ResponseFactoryInterface $responseFactory, array $allowMethods = self::ALLOW_METHODS)
{
$this->responseFactory = $responseFactory;
$this->allowMethods = $allowMethods;
public function __construct(
private readonly ResponseFactoryInterface $responseFactory,
private readonly array $allowMethods = self::ALLOW_METHODS
) {
}

/**
* {@inheritdoc}
*/
public function process(Request $request, RequestHandlerInterface $handler): Response
{
$token = $request->getAttribute(CsrfMiddleware::ATTRIBUTE);
Expand All @@ -61,7 +45,7 @@ public function process(Request $request, RequestHandlerInterface $handler): Res
throw new \LogicException('Unable to apply CSRF firewall, attribute is missing');
}

if ($this->isRequired($request) && !hash_equals($token, $this->fetchToken($request))) {
if ($this->isRequired($request) && !\hash_equals($token, $this->fetchToken($request))) {
return $this->responseFactory->createResponse(412, 'Bad CSRF Token');
}

Expand All @@ -73,7 +57,7 @@ public function process(Request $request, RequestHandlerInterface $handler): Res
*/
protected function isRequired(Request $request): bool
{
return !in_array($request->getMethod(), $this->allowMethods, true);
return !\in_array($request->getMethod(), $this->allowMethods, true);
}

/**
Expand All @@ -86,7 +70,7 @@ protected function fetchToken(Request $request): string
}

$data = $request->getParsedBody();
if (is_array($data) && isset($data[self::PARAMETER]) && is_string($data[self::PARAMETER])) {
if (\is_array($data) && isset($data[self::PARAMETER]) && \is_string($data[self::PARAMETER])) {
return $data[self::PARAMETER];
}

Expand Down
21 changes: 4 additions & 17 deletions src/Csrf/src/Middleware/CsrfMiddleware.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,5 @@
<?php

/**
* Spiral Framework.
*
* @license MIT
* @author Anton Titov (Wolfy-J)
*/

declare(strict_types=1);

namespace Spiral\Csrf\Middleware;
Expand All @@ -30,17 +23,11 @@ final class CsrfMiddleware implements MiddlewareInterface
{
public const ATTRIBUTE = 'csrfToken';

/** @var CsrfConfig */
protected $config;

public function __construct(CsrfConfig $config)
{
$this->config = $config;
public function __construct(
private readonly CsrfConfig $config
) {
}

/**
* {@inheritdoc}
*/
public function process(Request $request, RequestHandlerInterface $handler): Response
{
$cookie = null;
Expand Down Expand Up @@ -96,6 +83,6 @@ private function random(int $length = 32): string
throw new \RuntimeException('Unable to generate random string', $e->getCode(), $e);
}

return substr(base64_encode($string), 0, $length);
return \substr(\base64_encode($string), 0, $length);
}
}
10 changes: 1 addition & 9 deletions src/Csrf/src/Middleware/StrictCsrfFirewall.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,5 @@
<?php

/**
* Spiral Framework.
*
* @license MIT
* @author Anton Titov (Wolfy-J)
*/

declare(strict_types=1);

namespace Spiral\Csrf\Middleware;
Expand All @@ -22,8 +15,7 @@
*/
final class StrictCsrfFirewall implements MiddlewareInterface
{
/** @var CsrfFirewall */
private $csrfFirewall;
private readonly CsrfFirewall $csrfFirewall;

public function __construct(ResponseFactoryInterface $responseFactory)
{
Expand Down