diff options
| author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2018-02-26 17:13:23 +0100 |
|---|---|---|
| committer | Christoph Wurst <christoph@winzerhof-wurst.at> | 2018-03-08 16:48:50 +0100 |
| commit | b9720703e8afa26fd42d1bb7cc8fbf54ba2eeeae (patch) | |
| tree | c5165cb03841c8d814a361d0fd41170474490711 /core/Controller | |
| parent | cccf6f4d5f18ad01ff5fcd296d7b8411c1e11139 (diff) | |
| download | nextcloud-server-b9720703e8afa26fd42d1bb7cc8fbf54ba2eeeae.tar.gz nextcloud-server-b9720703e8afa26fd42d1bb7cc8fbf54ba2eeeae.zip | |
Add CSRF token controller to retrieve the current CSRF token
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'core/Controller')
| -rw-r--r-- | core/Controller/CSRFTokenController.php | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/core/Controller/CSRFTokenController.php b/core/Controller/CSRFTokenController.php new file mode 100644 index 00000000000..24888e2179f --- /dev/null +++ b/core/Controller/CSRFTokenController.php @@ -0,0 +1,63 @@ +<?php +declare(strict_types=1); + +/** + * @copyright 2017 Christoph Wurst <christoph@winzerhof-wurst.at> + * + * @author 2017 Christoph Wurst <christoph@winzerhof-wurst.at> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OC\Core\Controller; + +use OC\Security\CSRF\CsrfTokenManager; +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\JSONResponse; +use OCP\IRequest; + +class CSRFTokenController extends Controller { + + /** @var CsrfTokenManager */ + private $tokenManager; + + /** + * @param string $appName + * @param IRequest $request + * @param CsrfTokenManager $tokenManager + */ + public function __construct(string $appName, IRequest $request, + CsrfTokenManager $tokenManager) { + parent::__construct($appName, $request); + $this->tokenManager = $tokenManager; + } + + /** + * @NoAdminRequired + * @NoCSRFRequired + * @PublicPage + * @return JSONResponse + */ + public function index(): JSONResponse { + $requestToken = $this->tokenManager->getToken(); + + return new JSONResponse([ + 'token' => $requestToken->getEncryptedValue(), + ]); + } + +} |