Csrf::verify() - Code Metrics - coniadev/session - Measure and Improve Code Quality continuously with Scrutinizer

Csrf::verify() B
last analyzed 2023-01-23 10:24 UTC

↳ Parent: Csrf

Complexity

Conditions	8
Paths	24

Size

Total Lines	29
Code Lines	13

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	14
CRAP Score	8

Importance

Changes

Metric	Value
eloc	13
dl	0
loc	29
ccs	14
cts	14
cp	1
rs	8.4444
c	0
b	0
f	0
cc	8
nc	24
nop	2
crap	8

<?php

declare(strict_types=1);

namespace Conia\Session;

/** @psalm-api */
class Csrf
{
    public function __construct(
        protected string $sessionKey = 'csrftokens',
        protected string $postKey = 'csrftoken',
        protected string $headerKey = 'HTTP_X_CSRF_TOKEN',
    ) {
        if (!isset($_SESSION[$this->sessionKey])) {
            $_SESSION[$this->sessionKey] = [];
        }
    }

    public function get(string $page = 'default'): string
    {
        $token = (string)($_SESSION[$this->sessionKey][$page] ?? $this->set($page));

        return $token;
    }

    public function verify(
        string $page = 'default',
        string $token = null
    ): bool {
        if ($token === null) {
            $token = $_POST[$this->postKey] ?? null;
        }

        if ($token === null) {
            if (isset($_SERVER[$this->headerKey])) {
                $token = $_SERVER[$this->headerKey];
            }
        }

        if ($token === null) {
            return false;
        }

        $savedToken = $this->get($page);

        if (empty($savedToken)) {
            return false;
        }

        if (is_string($token) && !empty($token)) {
            return hash_equals($savedToken, $token);
        }

        return false;
    }

    protected function set(string $page = 'default'): string
    {
        assert(isset($_SESSION[$this->sessionKey]) && is_array($_SESSION[$this->sessionKey]));

        $token = base64_encode(random_bytes(32));
        $_SESSION[$this->sessionKey][$page] = $token;

        return $token;
    }
}


1		<?php
2
3		declare(strict_types=1);
4
5		namespace Conia\Session;
6
7		/** @psalm-api */
8		class Csrf
9		{
10	6	public function __construct(
11		protected string $sessionKey = 'csrftokens',
12		protected string $postKey = 'csrftoken',
13		protected string $headerKey = 'HTTP_X_CSRF_TOKEN',
14		) {
15	6	if (!isset($_SESSION[$this->sessionKey])) {
16	5	$_SESSION[$this->sessionKey] = [];
17		}
18		}
19
20	5	public function get(string $page = 'default'): string
21		{
22	5	$token = (string)($_SESSION[$this->sessionKey][$page] ?? $this->set($page));
23
24	5	return $token;
25		}
26
27	5	public function verify(
28		string $page = 'default',
29		string $token = null
30		): bool {
31	5	if ($token === null) {
32	5	$token = $_POST[$this->postKey] ?? null;
33		}
34
35	5	if ($token === null) {
36	3	if (isset($_SERVER[$this->headerKey])) {
37	2	$token = $_SERVER[$this->headerKey];
38		}
39		}
40
41	5	if ($token === null) {
42	1	return false;
43		}
44
45	4	$savedToken = $this->get($page);
46
47	4	if (empty($savedToken)) {
48	1	return false;
49		}
50
51	3	if (is_string($token) && !empty($token)) {
52	3	return hash_equals($savedToken, $token);
53		}
54
55	1	return false;
56		}
57
58	5	protected function set(string $page = 'default'): string
59		{
60	5	assert(isset($_SESSION[$this->sessionKey]) && is_array($_SESSION[$this->sessionKey]));
61
62	5	$token = base64_encode(random_bytes(32));
63	5	$_SESSION[$this->sessionKey][$page] = $token;
64
65	5	return $token;
66		}
67		}
68

coniadev / session

Csrf::verify() B last analyzed 2023-01-23 10:24 UTC

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like

Csrf::verify() B
last analyzed 2023-01-23 10:24 UTC