use older version of csrf token class(L5.4)

muhamed-didovic · May 27, 2019 · fd37e68 · fd37e68
1 parent 2cbda09
commit fd37e68
Show file tree

Hide file tree

Showing 6 changed files with 427 additions and 947 deletions.
diff --git a/composer.json b/composer.json
@@ -58,7 +58,6 @@
         }
     },
     "autoload-dev": {
-
         "psr-4": {
             "MuhamedDidovic\\Tests\\": "tests",
             "Illuminate\\Foundation\\": "tests"

diff --git a/src/VerifyCsrfToken.php b/src/VerifyCsrfToken.php
@@ -3,82 +3,77 @@
 namespace MuhamedDidovic\Csrf;
 
 use Closure;
+use Carbon\Carbon;
+use Illuminate\Contracts\Container\Container;
+use Illuminate\Foundation\Application;
 use Symfony\Component\HttpFoundation\Cookie;
 use Illuminate\Contracts\Encryption\Encrypter;
-use Illuminate\Contracts\Foundation\Application;
-use Illuminate\Cookie\Middleware\EncryptCookies;
+use Illuminate\Session\TokenMismatchException;
+use Symfony\Component\HttpFoundation\Response;
 
 class VerifyCsrfToken
 {
-    use InteractsWithTime;
     /**
      * The application instance.
      *
-     * @var \Illuminate\Contracts\Foundation\Application
+     * @var \Illuminate\Foundation\Application
      */
     protected $app;
+
     /**
      * The encrypter implementation.
      *
      * @var \Illuminate\Contracts\Encryption\Encrypter
      */
     protected $encrypter;
+
     /**
      * The URIs that should be excluded from CSRF verification.
      *
      * @var array
      */
     protected $except = [];
-    /**
-     * Indicates whether the XSRF-TOKEN cookie should be set on the response.
-     *
-     * @var bool
-     */
-    protected $addHttpCookie = true;
 
     /**
      * Create a new middleware instance.
      *
-     * @param \Illuminate\Contracts\Foundation\Application $app
-     * @param \Illuminate\Contracts\Encryption\Encrypter   $encrypter
+     * @param  \Illuminate\Foundation\Application  $app
+     * @param  \Illuminate\Contracts\Encryption\Encrypter  $encrypter
      * @return void
      */
-    public function __construct(Application $app, Encrypter $encrypter)
+    public function __construct(Container $app, Encrypter $encrypter)
     {
-        $this->app       = $app;
+        $this->app = $app;
         $this->encrypter = $encrypter;
     }
 
     /**
      * Handle an incoming request.
      *
-     * @param \Illuminate\Http\Request $request
-     * @param \Closure                 $next
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
      * @return mixed
      *
      * @throws \Illuminate\Session\TokenMismatchException
      */
-    public function handle($request, Closure $next)
+    public function handle($request, Closure $next = null)
     {
         if (
             $this->isReading($request) ||
-            $this->runningUnitTests() ||
+            //$this->runningUnitTests() ||
             $this->inExceptArray($request) ||
             $this->tokensMatch($request)
         ) {
-            return tap($next($request), function ($response) use ($request) {
-                if ($this->shouldAddXsrfTokenCookie()) {
-                    $this->addCookieToResponse($request, $response);
-                }
-            });
+            return $this->addCookieToResponse($request, $next ? $next($request) : null);
         }
-        throw new TokenMismatchException('CSRF token mismatch.');
+
+        throw new TokenMismatchException;
     }
 
     /**
      * Determine if the HTTP request uses a ‘read’ verb.
      *
-     * @param \Illuminate\Http\Request $request
+     * @param  \Illuminate\Http\Request  $request
      * @return bool
      */
     protected function isReading($request)
@@ -99,7 +94,7 @@ protected function runningUnitTests()
     /**
      * Determine if the request has a URI that should pass through CSRF verification.
      *
-     * @param \Illuminate\Http\Request $request
+     * @param  \Illuminate\Http\Request  $request
      * @return bool
      */
     protected function inExceptArray($request)
@@ -108,6 +103,7 @@ protected function inExceptArray($request)
             if ($except !== '/') {
                 $except = trim($except, '/');
             }
+
             if ($request->fullUrlIs($except) || $request->is($except)) {
                 return true;
             }
@@ -119,13 +115,13 @@ protected function inExceptArray($request)
     /**
      * Determine if the session and input CSRF tokens match.
      *
-     * @param \Illuminate\Http\Request $request
+     * @param  \Illuminate\Http\Request  $request
      * @return bool
      */
     protected function tokensMatch($request)
     {
         $token = $this->getTokenFromRequest($request);
-
+        //dd(11, $token);
         return is_string($request->session()->token()) &&
                is_string($token) &&
                hash_equals($request->session()->token(), $token);
@@ -134,56 +130,40 @@ protected function tokensMatch($request)
     /**
      * Get the CSRF token from the request.
      *
-     * @param \Illuminate\Http\Request $request
+     * @param  \Illuminate\Http\Request  $request
      * @return string
      */
     protected function getTokenFromRequest($request)
     {
         $token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN');
-        if (!$token && $header = $request->header('X-XSRF-TOKEN')) {
-            $token = $this->encrypter->decrypt($header, static::serialized());
+
+        if (! $token && $header = $request->header('X-XSRF-TOKEN')) {
+            $token = $this->encrypter->decrypt($header);
         }
 
         return $token;
     }
 
-    /**
-     * Determine if the cookie should be added to the response.
-     *
-     * @return bool
-     */
-    public function shouldAddXsrfTokenCookie()
-    {
-        return $this->addHttpCookie;
-    }
-
     /**
      * Add the CSRF token to the response cookies.
      *
-     * @param \Illuminate\Http\Request                   $request
-     * @param \Symfony\Component\HttpFoundation\Response $response
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Symfony\Component\HttpFoundation\Response  $response
      * @return \Symfony\Component\HttpFoundation\Response
      */
-    protected function addCookieToResponse($request, $response)
+    protected function addCookieToResponse($request, $response = null)
     {
-        $config = config('session');
+        dd($request->session());
+        $config = require 'session.php';//config('session');
+
+        $response = $response ?: new Response;
         $response->headers->setCookie(
             new Cookie(
-                'XSRF-TOKEN', $request->session()->token(), $this->availableAt(60 * $config['lifetime']),
-                $config['path'], $config['domain'], $config['secure'], false, false, $config['same_site'] ?? null
+                'XSRF-TOKEN', $request->session()->token(), Carbon::now()->getTimestamp() + 60 * $config['lifetime'],
+                $config['path'], $config['domain'], $config['secure'], false
             )
         );
 
         return $response;
     }
-
-    /**
-     * Determine if the cookie contents should be serialized.
-     *
-     * @return bool
-     */
-    public static function serialized()
-    {
-        return EncryptCookies::serialized('XSRF-TOKEN');
-    }
 }