PHP Class csrfProtector, TeamPass

Exibir arquivo Open project: nilsteampassnet/TeamPass Class Usage Examples

Public Properties

Property	Type	Description
$config		* Variable: $config config file for CSRFProtector
$cookieExpiryTime		* Variable: $cookieExpiryTime expiry time for cookie
$requiredConfigurations		* Variable: $requiredConfigurations Contains list of those parameters that are required to be there in config file for csrfp to work

Protected Properties

Property	Type	Description
$requestType		* Variable: $requestType Varaible to store weather request type is post or get

Public Methods

Method	Description
authorizePost ( )	* Function: authorizePost function to authorise incoming post requests
generateAuthToken ( )	* Function: generateAuthToken function to generate random hash of length as given in parameter max length = 128
init ( $length = null, $action = null )	* Function: init
isURLallowed ( )	* Function: isURLallowed Function to check if a url mataches for any urls Listed in config file
ob_handler ( $buffer, $flags )	* Function: ob_handler Rewrites on the fly to add CSRF tokens to them. This can also inject our JavaScript library.
refreshToken ( )	* Function: refreshToken Function to set auth cookie

Private Methods

Method	Description
failedValidationAction ( )	* Function: failedValidationAction function to be called in case of failed validation performs logging and take appropriate action
getCurrentUrl ( )	* Function: getCurrentUrl Function to return current url of executing page
isValidToken ( $token )	* Function: isValidToken function to check the validity of token in session array Function also clears all tokens older than latest one
logCSRFattack ( )	* Function: logCSRFattack Functio to log CSRF Attack

Method Details

authorizePost() public static method

Parameters: void Returns: void Throws: logDirectoryNotFoundException - if log directory is not found

public static authorizePost ( )

generateAuthToken() public static method

Parameters: length to hash required, int Returns: string, token

public static generateAuthToken ( )

init() public static method

function to initialise the csrfProtector work flow Parameters: $length - length of CSRF_AUTH_TOKEN to be generated $action - int array, for different actions to be taken in case of failed validation Returns: void Throws: configFileNotFoundException - when configuration file is not found incompleteConfigurationException - when all required fields in config file are not available

public static init ( $length = null, $action = null )

isURLallowed() public static method

Parameters: void Returns: boolean - true is url need no validation, false if validation needed

public static isURLallowed ( )

ob_handler() public static method

Parameters: $buffer - output buffer to which all output are stored $flag - INT Return: string, complete output buffer

public static ob_handler ( $buffer, $flags )

refreshToken() public static method

Parameters: void Returns: void

public static refreshToken ( )

Property Details

$config public_oe static_oe property

* Variable: $config config file for CSRFProtector

public static $config

$cookieExpiryTime public_oe static_oe property

* Variable: $cookieExpiryTime expiry time for cookie

public static $cookieExpiryTime

$requestType protected_oe static_oe property

* Variable: $requestType Varaible to store weather request type is post or get

protected static $requestType

$requiredConfigurations public_oe static_oe property

* Variable: $requiredConfigurations Contains list of those parameters that are required to be there in config file for csrfp to work

public static $requiredConfigurations