summaryrefslogtreecommitdiffstats
path: root/lib/private/Security
diff options
context:
space:
mode:
authorRoeland Jago Douma <rullzer@users.noreply.github.com>2018-03-05 19:28:10 +0100
committerGitHub <noreply@github.com>2018-03-05 19:28:10 +0100
commit545737340711d1622ee18474b1f56feb76f96f3d (patch)
tree58dce611478ce43a9df052741d0622c1e3dece93 /lib/private/Security
parentf72e9ae8a69bdc43738552c89eeee8aafb7b9d0f (diff)
parentd1791864303f97011318fc41d2cc0914e2aa1c11 (diff)
downloadnextcloud-server-545737340711d1622ee18474b1f56feb76f96f3d.tar.gz
nextcloud-server-545737340711d1622ee18474b1f56feb76f96f3d.zip
Merge pull request #8659 from nextcloud/csrf_token_strict
Make \OC\Security\CSRF strict
Diffstat (limited to 'lib/private/Security')
-rw-r--r--lib/private/Security/CSRF/CsrfToken.php11
-rw-r--r--lib/private/Security/CSRF/CsrfTokenGenerator.php3
-rw-r--r--lib/private/Security/CSRF/CsrfTokenManager.php9
-rw-r--r--lib/private/Security/CSRF/TokenStorage/SessionStorage.php7
4 files changed, 17 insertions, 13 deletions
diff --git a/lib/private/Security/CSRF/CsrfToken.php b/lib/private/Security/CSRF/CsrfToken.php
index d9e27ff80e3..643e58e1d53 100644
--- a/lib/private/Security/CSRF/CsrfToken.php
+++ b/lib/private/Security/CSRF/CsrfToken.php
@@ -1,4 +1,5 @@
<?php
+declare(strict_types=1);
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
@@ -40,7 +41,7 @@ class CsrfToken {
/**
* @param string $value Value of the token. Can be encrypted or not encrypted.
*/
- public function __construct($value) {
+ public function __construct(string $value) {
$this->value = $value;
}
@@ -50,9 +51,9 @@ class CsrfToken {
*
* @return string
*/
- public function getEncryptedValue() {
+ public function getEncryptedValue(): string {
if($this->encryptedValue === '') {
- $sharedSecret = random_bytes(strlen($this->value));
+ $sharedSecret = random_bytes(\strlen($this->value));
$this->encryptedValue = base64_encode($this->value ^ $sharedSecret) . ':' . base64_encode($sharedSecret);
}
@@ -65,9 +66,9 @@ class CsrfToken {
*
* @return string
*/
- public function getDecryptedValue() {
+ public function getDecryptedValue(): string {
$token = explode(':', $this->value);
- if (count($token) !== 2) {
+ if (\count($token) !== 2) {
return '';
}
$obfuscatedToken = $token[0];
diff --git a/lib/private/Security/CSRF/CsrfTokenGenerator.php b/lib/private/Security/CSRF/CsrfTokenGenerator.php
index 85207956e1a..be628ea176c 100644
--- a/lib/private/Security/CSRF/CsrfTokenGenerator.php
+++ b/lib/private/Security/CSRF/CsrfTokenGenerator.php
@@ -1,4 +1,5 @@
<?php
+declare(strict_types=1);
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
@@ -47,7 +48,7 @@ class CsrfTokenGenerator {
* @param int $length Length of the token in characters.
* @return string
*/
- public function generateToken($length = 32) {
+ public function generateToken(int $length = 32): string {
return $this->random->generate($length);
}
}
diff --git a/lib/private/Security/CSRF/CsrfTokenManager.php b/lib/private/Security/CSRF/CsrfTokenManager.php
index b43ca3d3679..deacd1f512c 100644
--- a/lib/private/Security/CSRF/CsrfTokenManager.php
+++ b/lib/private/Security/CSRF/CsrfTokenManager.php
@@ -1,4 +1,5 @@
<?php
+declare(strict_types=1);
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
@@ -52,8 +53,8 @@ class CsrfTokenManager {
*
* @return CsrfToken
*/
- public function getToken() {
- if(!is_null($this->csrfToken)) {
+ public function getToken(): CsrfToken {
+ if(!\is_null($this->csrfToken)) {
return $this->csrfToken;
}
@@ -73,7 +74,7 @@ class CsrfTokenManager {
*
* @return CsrfToken
*/
- public function refreshToken() {
+ public function refreshToken(): CsrfToken {
$value = $this->tokenGenerator->generateToken();
$this->sessionStorage->setToken($value);
$this->csrfToken = new CsrfToken($value);
@@ -94,7 +95,7 @@ class CsrfTokenManager {
* @param CsrfToken $token
* @return bool
*/
- public function isTokenValid(CsrfToken $token) {
+ public function isTokenValid(CsrfToken $token): bool {
if(!$this->sessionStorage->hasToken()) {
return false;
}
diff --git a/lib/private/Security/CSRF/TokenStorage/SessionStorage.php b/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
index 946330b0c8c..b35e148c7ce 100644
--- a/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
+++ b/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
@@ -1,4 +1,5 @@
<?php
+declare(strict_types=1);
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
@@ -54,7 +55,7 @@ class SessionStorage {
* @return string
* @throws \Exception
*/
- public function getToken() {
+ public function getToken(): string {
$token = $this->session->get('requesttoken');
if(empty($token)) {
throw new \Exception('Session does not contain a requesttoken');
@@ -68,7 +69,7 @@ class SessionStorage {
*
* @param string $value
*/
- public function setToken($value) {
+ public function setToken(string $value) {
$this->session->set('requesttoken', $value);
}
@@ -83,7 +84,7 @@ class SessionStorage {
*
* @return bool
*/
- public function hasToken() {
+ public function hasToken(): bool {
return $this->session->exists('requesttoken');
}
}