diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2016-10-25 14:46:00 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-10-25 14:46:00 +0200 |
| commit | 89574367bcc57da5eda6d13ffcfd8a12de68ea26 (patch) | |
| tree | 8947e9bdc83b55521a4fa52c40e82c6ee7646701 /lib/private/Security/CSRF/CsrfTokenManager.php | |
| parent | 27ba46c40ed1d365965a1cb79ed7d8a38d759d2c (diff) | |
| parent | ee8b8adf7a62fe4b3823cf803f5f37da3bc6a410 (diff) | |
| download | nextcloud-server-89574367bcc57da5eda6d13ffcfd8a12de68ea26.tar.gz nextcloud-server-89574367bcc57da5eda6d13ffcfd8a12de68ea26.zip | |
Merge pull request #1871 from nextcloud/use-csp-nonces
Use CSP nonces
Diffstat (limited to 'lib/private/Security/CSRF/CsrfTokenManager.php')
| -rw-r--r-- | lib/private/Security/CSRF/CsrfTokenManager.php | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/lib/private/Security/CSRF/CsrfTokenManager.php b/lib/private/Security/CSRF/CsrfTokenManager.php index d621cc2c29f..b43ca3d3679 100644 --- a/lib/private/Security/CSRF/CsrfTokenManager.php +++ b/lib/private/Security/CSRF/CsrfTokenManager.php @@ -34,6 +34,8 @@ class CsrfTokenManager { private $tokenGenerator; /** @var SessionStorage */ private $sessionStorage; + /** @var CsrfToken|null */ + private $csrfToken = null; /** * @param CsrfTokenGenerator $tokenGenerator @@ -51,6 +53,10 @@ class CsrfTokenManager { * @return CsrfToken */ public function getToken() { + if(!is_null($this->csrfToken)) { + return $this->csrfToken; + } + if($this->sessionStorage->hasToken()) { $value = $this->sessionStorage->getToken(); } else { @@ -58,7 +64,8 @@ class CsrfTokenManager { $this->sessionStorage->setToken($value); } - return new CsrfToken($value); + $this->csrfToken = new CsrfToken($value); + return $this->csrfToken; } /** @@ -69,13 +76,15 @@ class CsrfTokenManager { public function refreshToken() { $value = $this->tokenGenerator->generateToken(); $this->sessionStorage->setToken($value); - return new CsrfToken($value); + $this->csrfToken = new CsrfToken($value); + return $this->csrfToken; } /** * Remove the current token from the storage. */ public function removeToken() { + $this->csrfToken = null; $this->sessionStorage->removeToken(); } |