Csrf - Code Metrics - Inspection of "Merge pull request #43 from Starbugstone/Admin-sec..." - Starbugstone/blogoc - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — dev ( 1806ac )

by Stone

created 2018-08-22 13:03 UTC

Csrf A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	68
Duplicated Lines	0 %

Importance

Changes

Metric	Value
eloc	19
dl	0
loc	68
rs	10
c	0
b	0
f	0
wmc	8

4 Methods

Rating	Name	Size	Complexity
A	__construct()	6	1
A	checkJsonCsrf()	13	3
A	setCsrf()	9	3
A	getCsrfKey()	3	1

<?php

namespace Core\Modules;

use Core\Container;
use Core\JsonException;

/**
 * Class Csrf
 * @package Core
 */
class Csrf extends Module
{
    /**
     * our session object
     * @var \Core\Dependency\Session
     */
    private $session;

    /**
     * On construct, we immediately set the CSRF token
     *
     * Csrf constructor.
     * @param Container $container
     *
     */
    public function __construct(Container $container)
    {
        parent::__construct($container);
        $this->session = $this->container->getSession();
        //Setting up csrf token security for all calls
        $this->setCsrf();
    }


    /**
     * We set our CSRF token if none is already set
     *
     */
    public function setCsrf(): void
    {
        if (!$this->session->isParamSet('csrf_token')) {
            try {
                $rand = random_bytes(32);
                $hash = bin2hex($rand);
                $this->session->set('csrf_token', $hash);
            } catch (\Exception $e) {
                echo 'Random generator not present on server: ' . $e->getMessage();
            }
        }
    }

    /**
     * Gets the Csrf stored in the session
     * @return mixed
     */
    public function getCsrfKey()
    {
        return $this->session->get('csrf_token');
    }

    /**
     * Checks if the csrf_token passed in the header via JSON is the same as the token stored in the session
     *
     * @throws JsonException
     */
    public function checkJsonCsrf(): void
    {

        $this->container->getResponse()->setHeaderContentType('json');

        $headers = $this->container->getRequest()->getHeaders();

        if (!isset($headers['csrf_token'])) {
            throw new JsonException('No CSRF token.');
        }

        if ($headers['csrf_token'] !== $this->getCsrfKey()) {
            throw new JsonException('Wrong CSRF token.');
        }
    }
}

1			<?php
2
3			namespace Core\Modules;
4
5			use Core\Container;
6			use Core\JsonException;
7
8			/**
9			* Class Csrf
10			* @package Core
11			*/
12			class Csrf extends Module
13			{
14			/**
15			* our session object
16			* @var \Core\Dependency\Session
17			*/
18			private $session;
19
20			/**
21			* On construct, we immediately set the CSRF token
22			*
23			* Csrf constructor.
24			* @param Container $container
25			*
26			*/
27			public function __construct(Container $container)
28			{
29			parent::__construct($container);
30			$this->session = $this->container->getSession();
31			//Setting up csrf token security for all calls
32			$this->setCsrf();
33			}
34
35
36			/**
37			* We set our CSRF token if none is already set
38			*
39			*/
40			public function setCsrf(): void
41			{
42			if (!$this->session->isParamSet('csrf_token')) {
43			try {
44			$rand = random_bytes(32);
45			$hash = bin2hex($rand);
46			$this->session->set('csrf_token', $hash);
47			} catch (\Exception $e) {
48			echo 'Random generator not present on server: ' . $e->getMessage();
49			}
50			}
51			}
52
53			/**
54			* Gets the Csrf stored in the session
55			* @return mixed
56			*/
57			public function getCsrfKey()
58			{
59			return $this->session->get('csrf_token');
60			}
61
62			/**
63			* Checks if the csrf_token passed in the header via JSON is the same as the token stored in the session
64			*
65			* @throws JsonException
66			*/
67			public function checkJsonCsrf(): void
68			{
69
70			$this->container->getResponse()->setHeaderContentType('json');
71
72			$headers = $this->container->getRequest()->getHeaders();
73
74			if (!isset($headers['csrf_token'])) {
75			throw new JsonException('No CSRF token.');
76			}
77
78			if ($headers['csrf_token'] !== $this->getCsrfKey()) {
79			throw new JsonException('Wrong CSRF token.');
80			}
81			}
82			}

Starbugstone / blogoc

Push — dev ( 1806ac )

Csrf A

Complexity

Size/Duplication

Importance

4 Methods

Duplication Side-by-Side

Filter issues like