WebSVN – oidplus – Diff – /trunk/includes/classes/OIDplusAuthUtils.class.php



 
        /**
         * @return string
         * @throws OIDplusException
         */
        public function getAuthMethod(): string {
                $acs = $this->getAuthContentStore();
                if (is_null($acs)) return 'null';
                return get_class($acs);
        }
 

         * @throws OIDplusException
         */
        public function checkCSRF() {
                if (!$this->enable_csrf) return;
 
                $request_token = $_REQUEST['csrf_token'] ?? '';
                $cookie_token = $_COOKIE['csrf_token'] ?? '';
 
                if (empty($request_token) || empty($cookie_token) || ($request_token !== $cookie_token)) {
                        if (OIDplus::baseConfig()->getValue('DEBUG')) {
                                throw new OIDplusException(_L('Missing or wrong CSRF Token: Request %1 vs Cookie %2',
                                        isset($_REQUEST['csrf_token']) ? '"'.$_REQUEST['csrf_token'].'"' : 'NULL',
                                        $_COOKIE['csrf_token'] ?? 'NULL'
                                ));
                        } else {
                                throw new OIDplusException(_L('Missing or wrong "CSRF Token". To fix the issue, try clearing your browser cache and reload the page. If you visited the page via HTTPS before, try HTTPS in case you are currently connected via HTTP.'));
                        }
                }

Rev 1116	Rev 1130
Line 59...	Line 59...
59		59
60	/**	60	/**
61	* @return string	61	* @return string
62	* @throws OIDplusException	62	* @throws OIDplusException
63	*/	63	*/
64	public function getAuthMethod() {	64	public function getAuthMethod(): string {
65	$acs = $this->getAuthContentStore();	65	$acs = $this->getAuthContentStore();
66	if (is_null($acs)) return 'null';	66	if (is_null($acs)) return 'null';
67	return get_class($acs);	67	return get_class($acs);
68	}	68	}
69		69
Line 440...	Line 440...
440	* @throws OIDplusException	440	* @throws OIDplusException
441	*/	441	*/
442	public function checkCSRF() {	442	public function checkCSRF() {
443	if (!$this->enable_csrf) return;	443	if (!$this->enable_csrf) return;
444		444
445	$request_token = isset($_REQUEST['csrf_token']) ? $_REQUEST['csrf_token'] : '';	445	$request_token = $_REQUEST['csrf_token'] ?? '';
446	$cookie_token = isset($_COOKIE['csrf_token']) ? $_COOKIE['csrf_token'] : '';	446	$cookie_token = $_COOKIE['csrf_token'] ?? '';
447		447
448	if (empty($request_token) \|\| empty($cookie_token) \|\| ($request_token !== $cookie_token)) {	448	if (empty($request_token) \|\| empty($cookie_token) \|\| ($request_token !== $cookie_token)) {
449	if (OIDplus::baseConfig()->getValue('DEBUG')) {	449	if (OIDplus::baseConfig()->getValue('DEBUG')) {
450	throw new OIDplusException(_L('Missing or wrong CSRF Token: Request %1 vs Cookie %2',	450	throw new OIDplusException(_L('Missing or wrong CSRF Token: Request %1 vs Cookie %2',
451	isset($_REQUEST['csrf_token']) ? '"'.$_REQUEST['csrf_token'].'"' : 'NULL',	451	isset($_REQUEST['csrf_token']) ? '"'.$_REQUEST['csrf_token'].'"' : 'NULL',
452	isset($_COOKIE['csrf_token']) ? $_COOKIE['csrf_token'] : 'NULL'	452	$_COOKIE['csrf_token'] ?? 'NULL'
453	));	453	));
454	} else {	454	} else {
455	throw new OIDplusException(_L('Missing or wrong "CSRF Token". To fix the issue, try clearing your browser cache and reload the page. If you visited the page via HTTPS before, try HTTPS in case you are currently connected via HTTP.'));	455	throw new OIDplusException(_L('Missing or wrong "CSRF Token". To fix the issue, try clearing your browser cache and reload the page. If you visited the page via HTTPS before, try HTTPS in case you are currently connected via HTTP.'));
456	}	456	}
457	}	457	}

Subversion Repositories oidplus

oidplus/trunk/includes/classes/OIDplusAuthUtils.class.php – Rev 1116 → 1130