Airship\Engine\Security\CSRF::getTokenString PHP Method

CSRF Class Documentation Show file Open project: paragonie/airship

getTokenString() public method

Retrieve a token array for unit testing endpoints

public getTokenString ( string $lockTo = '' ) : string
$lockTo	string	- Only get tokens locked to a particular form
return	string

    public function getTokenString(string $lockTo = '') : string
    {
        if (!isset($_SESSION[$this->sessionIndex])) {
            $_SESSION[$this->sessionIndex] = [];
        }
        if (empty($lockTo)) {
            $lockTo = $_SERVER['REQUEST_URI'] ?? '/';
        }
        if (\preg_match('#/$#', $lockTo)) {
            $lockTo = Util::subString($lockTo, 0, Util::stringLength($lockTo) - 1);
        }
        list($index, $token) = $this->generateToken($lockTo);
        if ($this->hmacIP) {
            // Use a keyed BLAKE2b hash to only allow this particular IP to send this request
            $token = Base64UrlSafe::encode(\Sodium\crypto_generichash($_SERVER['REMOTE_ADDR'] ?? '127.0.0.1', Base64UrlSafe::decode($token), \Sodium\CRYPTO_GENERICHASH_BYTES));
        }
        return $index . ':' . $token;
    }

CSRF

__construct

check

generateToken

getTokenString

insertToken

reconfigure

recycleTokens