EncryptionTokenProvider
in package
implements
TokenProviderInterface
Uses
BadExpireTrait, BadStorageSizeTrait, BadTokenLengthTrait, SessionNotStartedTrait
CSRF Encryption based token pattern provider.
It use sodium_crypto_aead_xchacha20poly1305_ietf_encrypt fuction to encrypt the token.
This token works storing a different key for session and a different nonce for every token in session, store the complete encrypted token isn't stored because the token is valid only if the server is able to decrypt it.
An attacker should know the key and the nonce and the time to craft a valid token for the specific session.
The space needed is token-length indipendent, 32 bytes for the key and 24 bytes for the nonce. Neet to consider that the key is stored once in session, nonce is stored for every token.
Interfaces, Classes, Traits and Enums
- TokenProviderInterface
- Token provider interface.
Table of Contents
- __construct() : mixed
- Class constructor.
- getToken() : string
- Return new Encryption based Token.
- validate() : bool
- Validate Encryption based Token.
Methods
__construct()
Class constructor.
public
__construct([int $expire = 600 ][, int $storageSize = 10 ][, int $tokenLength = ExceptionBoundary::TOKEN_LENGTH_MIN ]) : mixed
Parameters
- $expire : int = 600
-
Token validity in seconds, default 600 -> 10 minutes.
- $storageSize : int = 10
-
Maximum token nonces stored for a session.
- $tokenLength : int = ExceptionBoundary::TOKEN_LENGTH_MIN
-
Token length in bytes, the length of the plain text before encryption.
Tags
Return values
mixed —getToken()
Return new Encryption based Token.
public
getToken() : string
Return values
string —The token in hex format.
validate()
Validate Encryption based Token.
public
validate(string $token) : bool
Parameters
- $token : string
-
Token must be validated, hex format.
Return values
bool —True if the token is valid, false otherwise.