vendor/symfony/security-csrf/TokenStorage/SessionTokenStorage.php line 79

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <fabien@symfony.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Component\Security\Csrf\TokenStorage;
  14. use Symfony\Component\HttpFoundation\Exception\SessionNotFoundException;
  15. use Symfony\Component\HttpFoundation\RequestStack;
  16. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  17. use Symfony\Component\Security\Csrf\Exception\TokenNotFoundException;
  19. /**
  20. * Token storage that uses a Symfony Session object.
  21. *
  22. * @author Bernhard Schussek <bschussek@gmail.com>
  23. */
  24. class SessionTokenStorage implements ClearableTokenStorageInterface
  25. {
  26. /**
  27. * The namespace used to store values in the session.
  28. */
  29. public const SESSION_NAMESPACE = '_csrf';
  31. private RequestStack $requestStack;
  32. private string $namespace;
  34. /**
  35. * Initializes the storage with a RequestStack object and a session namespace.
  36. *
  37. * @param string $namespace The namespace under which the token is stored in the requestStack
  38. */
  39. public function __construct(RequestStack $requestStack, string $namespace = self::SESSION_NAMESPACE)
  40. {
  41. $this->requestStack = $requestStack;
  42. $this->namespace = $namespace;
  43. }
  45. public function getToken(string $tokenId): string
  46. {
  47. $session = $this->getSession();
  48. if (!$session->isStarted()) {
  49. $session->start();
  50. }
  52. if (!$session->has($this->namespace.'/'.$tokenId)) {
  53. throw new TokenNotFoundException('The CSRF token with ID '.$tokenId.' does not exist.');
  54. }
  56. return (string) $session->get($this->namespace.'/'.$tokenId);
  57. }
  59. /**
  60. * @return void
  61. */
  62. public function setToken(string $tokenId, #[\SensitiveParameter] string $token)
  63. {
  64. $session = $this->getSession();
  65. if (!$session->isStarted()) {
  66. $session->start();
  67. }
  69. $session->set($this->namespace.'/'.$tokenId, $token);
  70. }
  72. public function hasToken(string $tokenId): bool
  73. {
  74. $session = $this->getSession();
  75. if (!$session->isStarted()) {
  76. $session->start();
  77. }
  79. return $session->has($this->namespace.'/'.$tokenId);
  80. }
  82. public function removeToken(string $tokenId): ?string
  83. {
  84. $session = $this->getSession();
  85. if (!$session->isStarted()) {
  86. $session->start();
  87. }
  89. return $session->remove($this->namespace.'/'.$tokenId);
  90. }
  92. /**
  93. * @return void
  94. */
  95. public function clear()
  96. {
  97. $session = $this->getSession();
  98. foreach (array_keys($session->all()) as $key) {
  99. if (str_starts_with($key, $this->namespace.'/')) {
  100. $session->remove($key);
  101. }
  102. }
  103. }
  105. /**
  106. * @throws SessionNotFoundException
  107. */
  108. private function getSession(): SessionInterface
  109. {
  110. return $this->requestStack->getSession();
  111. }
  112. }