[Security\Csrf] Split CsrfTokenGenerator into CsrfTokenManager and TokenGeneratorv2.4.0-BETA1

author: Bernhard Schussek <bschussek@gmail.com> 2013-10-04 15:25:38 +0200
committer: Bernhard Schussek <bschussek@gmail.com> 2013-10-07 14:50:43 +0200
commit: 8780aecc6088ec65909d68dfebd867dfa99a0d77 (patch)
tree: 2b316b31b3af6f43883b7a1ac1ae1ee39b36349e /Csrf/TokenStorage/NativeSessionTokenStorage.php
parent: 45e1ca5d20c2721e3085ff45773559cc45645ce2 (diff)
download: symfony-security-8780aecc6088ec65909d68dfebd867dfa99a0d77.zip
symfony-security-8780aecc6088ec65909d68dfebd867dfa99a0d77.tar.gz
symfony-security-8780aecc6088ec65909d68dfebd867dfa99a0d77.tar.bz2
1 files changed, 25 insertions, 5 deletions
diff --git a/Csrf/TokenStorage/NativeSessionTokenStorage.php b/Csrf/TokenStorage/NativeSessionTokenStorage.php
index 8956743..c01967c 100644
--- a/Csrf/TokenStorage/NativeSessionTokenStorage.php
+++ b/Csrf/TokenStorage/NativeSessionTokenStorage.php
@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Security\Csrf\TokenStorage;
 
+use Symfony\Component\Security\Csrf\Exception\TokenNotFoundException;
+
 /**
  * Token storage that uses PHP's native session handling.
  *
@@ -49,17 +51,17 @@ class NativeSessionTokenStorage implements TokenStorageInterface
     /**
      * {@inheritdoc}
      */
-    public function getToken($tokenId, $default = null)
+    public function getToken($tokenId)
     {
         if (!$this->sessionStarted) {
             $this->startSession();
         }
 
-        if (isset($_SESSION[$this->namespace][$tokenId])) {
-            return $_SESSION[$this->namespace][$tokenId];
+        if (!isset($_SESSION[$this->namespace][$tokenId])) {
+            throw new TokenNotFoundException('The CSRF token with ID '.$tokenId.' does not exist.');
         }
 
-        return $default;
+        return (string) $_SESSION[$this->namespace][$tokenId];
     }
 
     /**
@@ -71,7 +73,7 @@ class NativeSessionTokenStorage implements TokenStorageInterface
             $this->startSession();
         }
 
-        $_SESSION[$this->namespace][$tokenId] = $token;
+        $_SESSION[$this->namespace][$tokenId] = (string) $token;
     }
 
     /**
@@ -86,6 +88,24 @@ class NativeSessionTokenStorage implements TokenStorageInterface
         return isset($_SESSION[$this->namespace][$tokenId]);
     }
 
+    /**
+     * {@inheritdoc}
+     */
+    public function removeToken($tokenId)
+    {
+        if (!$this->sessionStarted) {
+            $this->startSession();
+        }
+
+        $token = isset($_SESSION[$this->namespace][$tokenId])
+            ? $_SESSION[$this->namespace][$tokenId]
+            : null;
+
+        unset($_SESSION[$this->namespace][$tokenId]);
+
+        return $token;
+    }
+
     private function startSession()
     {
         if (version_compare(PHP_VERSION, '5.4', '>=')) {
author	Bernhard Schussek <bschussek@gmail.com>	2013-10-04 15:25:38 +0200
committer	Bernhard Schussek <bschussek@gmail.com>	2013-10-07 14:50:43 +0200
commit	8780aecc6088ec65909d68dfebd867dfa99a0d77 (patch)
tree	2b316b31b3af6f43883b7a1ac1ae1ee39b36349e /Csrf/TokenStorage/NativeSessionTokenStorage.php
parent	45e1ca5d20c2721e3085ff45773559cc45645ce2 (diff)
download	symfony-security-8780aecc6088ec65909d68dfebd867dfa99a0d77.zip symfony-security-8780aecc6088ec65909d68dfebd867dfa99a0d77.tar.gz symfony-security-8780aecc6088ec65909d68dfebd867dfa99a0d77.tar.bz2