CSRF implementation

0.0.4 2021-05-09 09:57 UTC

This package is auto-updated.

Last update: 2021-11-09 11:04:29 UTC


README

Latest Version on Packagist Software License Build Status Coverage Status Quality Score Total Downloads

Simple CSRF implementation.

Install

Via Composer

$ composer require publishing-kit/csrf

You will also need to include one of the supported session libraries. Currently these are:

  • symfony/http-foundation
  • laminas/laminas-session

Usage

Here is an example of using the library to create and validate a token using the Laminas backend:

$session = new Laminas\Session\Container();
$storage = new PublishingKit\Csrf\LaminasSessionTokenStorage($session);
$reader = new PublishingKit\Csrf\StoredTokenReader($storage);
$token = $reader->read('foo');
$validator = new PublishingKit\Csrf\StoredTokenValidator($storage);
$validator->validate('foo', $token);

And here we use the Symfony backend:

$session = new Symfony\Component\HttpFoundation\Session\Session(
    new Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage()
);
$storage = new PublishingKit\Csrf\SymfonySessionTokenStorage($session);
$reader = new PublishingKit\Csrf\StoredTokenReader($storage);
$token = $reader->read('foo');
$validator = new PublishingKit\Csrf\StoredTokenValidator($storage);
$validator->validate('foo', $token);

Change log

Please see CHANGELOG for more information on what has changed recently.

Testing

$ composer test

Contributing

Please see CONTRIBUTING and CODE_OF_CONDUCT for details.

Security

If you discover any security related issues, please email 450801+matthewbdaly@users.noreply.github.com instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.