Csrf::getTokenFromRequest() - Code Metrics - htmlburger/wpemerge - Measure and Improve Code Quality continuously with Scrutinizer

Csrf::getTokenFromRequest() A
last analyzed 2022-04-16 17:23 UTC

↳ Parent: Csrf

Complexity

Conditions	4
Paths	4

Size

Total Lines	17
Code Lines	10

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	20

Importance

Changes

Metric	Value
cc	4
eloc	10
c	0
b	0
f	0
nc	4
nop	1
dl	0
loc	17
ccs	0
cts	11
cp	0
crap	20
rs	9.9332

<?php
/**
 * @package   WPEmerge
 * @author    Atanas Angelov <[email protected]>
 * @copyright 2017-2019 Atanas Angelov
 * @license   https://www.gnu.org/licenses/gpl-2.0.html GPL-2.0
 * @link      https://wpemerge.com/
 */

namespace WPEmerge\Csrf;

use WPEmerge\Requests\RequestInterface;

/**
 * Provide CSRF protection utilities through WordPress nonces.
 */
class Csrf {
	/**
	 * Convenience header to check for the token.
	 *
	 * @var string
	 */
	protected $header = 'X-CSRF-TOKEN';

	/**
	 * GET/POST parameter key to check for the token.
	 *
	 * @var string
	 */
	protected $key = '';

	/**
	 * Maximum token lifetime.
	 *
	 * @link https://codex.wordpress.org/Function_Reference/wp_verify_nonce
	 * @var integer
	 */
	protected $maximum_lifetime = 2;

	/**
	 * Last generated tokens.
	 *
	 * @var array<string, string>
	 */
	protected $tokens = [];

	/**
	 * Constructor.
	 *
	 * @codeCoverageIgnore
	 * @param string  $key
	 * @param integer $maximum_lifetime
	 */
	public function __construct( $key = '__wpemergeCsrfToken', $maximum_lifetime = 2 ) {
		$this->key = $key;
		$this->maximum_lifetime = $maximum_lifetime;
	}

	/**
	 * Get the last generated token.
	 *
	 * @param  int|string $action
	 * @return string
	 */
	public function getToken( $action = -1 ) {
		if ( ! isset( $this->tokens[ $action ] ) ) {
			return $this->generateToken( $action );
		}

		return $this->tokens[ $action ];
	}

	/**
	 * Get the csrf token from a request.
	 *
	 * @param  RequestInterface $request
	 * @return string
	 */
	public function getTokenFromRequest( RequestInterface $request ) {
		$query = $request->query( $this->key );
		if ( $query ) {
			return $query;
		}

		$body = $request->body( $this->key );
		if ( $body ) {
			return $body;
		}

		$header = $request->getHeaderLine( $this->header );
		if ( $header ) {
			return $header;
		}

		return '';
	}

	/**
	 * Generate a new token.
	 *
	 * @param  int|string $action
	 * @return string
	 */
	public function generateToken( $action = -1 ) {
		$action = $action === -1 ? session_id() : $action;

		$this->tokens[ $action ] = wp_create_nonce( $action );

		return $this->getToken( $action );
	}

	/**
	 * Check if a token is valid.
	 *
	 * @param  string     $token
	 * @param  int|string $action
	 * @return boolean
	 */
	public function isValidToken( $token, $action = -1 ) {
		$action = $action === -1 ? session_id() : $action;
		$lifetime = (int) wp_verify_nonce( $token, $action );

		return ( $lifetime > 0 && $lifetime <= $this->maximum_lifetime );
	}

	/**
	 * Add the token to a URL.
	 *
	 * @param  string     $url
	 * @param  int|string $action
	 * @return string
	 */
	public function url( $url, $action = -1 ) {
		return add_query_arg( $this->key, $this->getToken( $action ), $url );
	}

	/**
	 * Return the markup for a hidden input which holds the current token.
	 *
	 * @param  int|string $action
	 * @return void
	 */
	public function field( $action = -1 ) {
		echo sprintf(
			'<input type="hidden" name="%1$s" value="%2$s" />',
			esc_attr( $this->key ),
			esc_attr( $this->getToken( $action ) )
		);
	}
}


1			<?php
2			/**
3			* @package WPEmerge
4			* @author Atanas Angelov <[email protected]>
5			* @copyright 2017-2019 Atanas Angelov
6			* @license https://www.gnu.org/licenses/gpl-2.0.html GPL-2.0
7			* @link https://wpemerge.com/
8			*/
9
10			namespace WPEmerge\Csrf;
11
12			use WPEmerge\Requests\RequestInterface;
13
14			/**
15			* Provide CSRF protection utilities through WordPress nonces.
16			*/
17			class Csrf {
18			/**
19			* Convenience header to check for the token.
20			*
21			* @var string
22			*/
23			protected $header = 'X-CSRF-TOKEN';
24
25			/**
26			* GET/POST parameter key to check for the token.
27			*
28			* @var string
29			*/
30			protected $key = '';
31
32			/**
33			* Maximum token lifetime.
34			*
35			* @link https://codex.wordpress.org/Function_Reference/wp_verify_nonce
36			* @var integer
37			*/
38			protected $maximum_lifetime = 2;
39
40			/**
41			* Last generated tokens.
42			*
43			* @var array<string, string>
44			*/
45			protected $tokens = [];
46
47			/**
48			* Constructor.
49			*
50			* @codeCoverageIgnore
51			* @param string $key
52			* @param integer $maximum_lifetime
53			*/
54			public function __construct( $key = '__wpemergeCsrfToken', $maximum_lifetime = 2 ) {
55			$this->key = $key;
56			$this->maximum_lifetime = $maximum_lifetime;
57			}
58
59			/**
60			* Get the last generated token.
61			*
62			* @param int\|string $action
63			* @return string
64			*/
65			public function getToken( $action = -1 ) {
66			if ( ! isset( $this->tokens[ $action ] ) ) {
67			return $this->generateToken( $action );
68			}
69
70			return $this->tokens[ $action ];
71			}
72
73			/**
74			* Get the csrf token from a request.
75			*
76			* @param RequestInterface $request
77			* @return string
78			*/
79			public function getTokenFromRequest( RequestInterface $request ) {
80			$query = $request->query( $this->key );
81			if ( $query ) {
82			return $query;
83			}
84
85			$body = $request->body( $this->key );
86			if ( $body ) {
87			return $body;
88			}
89
90			$header = $request->getHeaderLine( $this->header );
91			if ( $header ) {
92			return $header;
93			}
94
95			return '';
96			}
97
98			/**
99			* Generate a new token.
100			*
101			* @param int\|string $action
102			* @return string
103			*/
104			public function generateToken( $action = -1 ) {
105			$action = $action === -1 ? session_id() : $action;
106
107			$this->tokens[ $action ] = wp_create_nonce( $action );
108
109			return $this->getToken( $action );
110			}
111
112			/**
113			* Check if a token is valid.
114			*
115			* @param string $token
116			* @param int\|string $action
117			* @return boolean
118			*/
119			public function isValidToken( $token, $action = -1 ) {
120			$action = $action === -1 ? session_id() : $action;
121			$lifetime = (int) wp_verify_nonce( $token, $action );
122
123			return ( $lifetime > 0 && $lifetime <= $this->maximum_lifetime );
124			}
125
126			/**
127			* Add the token to a URL.
128			*
129			* @param string $url
130			* @param int\|string $action
131			* @return string
132			*/
133			public function url( $url, $action = -1 ) {
134			return add_query_arg( $this->key, $this->getToken( $action ), $url );
135			}
136
137			/**
138			* Return the markup for a hidden input which holds the current token.
139			*
140			* @param int\|string $action
141			* @return void
142			*/
143			public function field( $action = -1 ) {
144			echo sprintf(
145			'<input type="hidden" name="%1$s" value="%2$s" />',
146			esc_attr( $this->key ),
147			esc_attr( $this->getToken( $action ) )
148			);
149			}
150			}
151

htmlburger / wpemerge

Csrf::getTokenFromRequest() A last analyzed 2022-04-16 17:23 UTC

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like

Csrf::getTokenFromRequest() A
last analyzed 2022-04-16 17:23 UTC