museum-digital/MD_STD
35
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Improve test coverage for MD_STD_SEC

Browse Source
This commit is contained in:
Joshua Ramon Enslin
2024-07-11 15:32:50 +02:00
parent 11faeaa7e7
commit cbc66c4140
3 changed files with 77 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/MD_STD_SEC.php
View File

@ -25,6 +25,10 @@ final class MD_STD_SEC {
*/
public static function getAntiCsrfToken():string {
if(session_status() !== PHP_SESSION_ACTIVE) {
throw new Exception("Session needs to be started to get csrf token");
}
if (empty($_SESSION['csrf-token'])) {
$_SESSION['csrf-token'] = bin2hex(random_bytes(32));
}
@ -105,7 +109,7 @@ final class MD_STD_SEC {
// Unstable but working way to get the user's IP. If the IP is falsified,
// this can't be found out anyway and security is established by _common.
$ip = \filter_var($_SERVER['REMOTE_ADDR'] ?: ($_SERVER['HTTP_X_FORWARDED_FOR'] ?: $_SERVER['HTTP_CLIENT_IP']), \FILTER_VALIDATE_IP) ?: "Failed to find";
$ip = \filter_var($_SERVER['REMOTE_ADDR'] ?? ($_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['HTTP_CLIENT_IP'] ?? ""), \FILTER_VALIDATE_IP) ?: "Failed to find";
// Set name of log file
$logfile_common = \sys_get_temp_dir() . "/logins_{$tool_name}.json";