vendor/symfony/security-http/EventListener/CsrfProtectionListener.php line 35

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <fabien@symfony.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Component\Security\Http\EventListener;
  14. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  15. use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
  16. use Symfony\Component\Security\Csrf\CsrfToken;
  17. use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
  18. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge;
  19. use Symfony\Component\Security\Http\Event\CheckPassportEvent;
  21. /**
  22. * @author Wouter de Jong <wouter@wouterj.nl>
  23. *
  24. * @final
  25. */
  26. class CsrfProtectionListener implements EventSubscriberInterface
  27. {
  28. private $csrfTokenManager;
  30. public function __construct(CsrfTokenManagerInterface $csrfTokenManager)
  31. {
  32. $this->csrfTokenManager = $csrfTokenManager;
  33. }
  35. public function checkPassport(CheckPassportEvent $event): void
  36. {
  37. $passport = $event->getPassport();
  38. if (!$passport->hasBadge(CsrfTokenBadge::class)) {
  39. return;
  40. }
  42. /** @var CsrfTokenBadge $badge */
  43. $badge = $passport->getBadge(CsrfTokenBadge::class);
  44. if ($badge->isResolved()) {
  45. return;
  46. }
  48. $csrfToken = new CsrfToken($badge->getCsrfTokenId(), $badge->getCsrfToken());
  50. if (false === $this->csrfTokenManager->isTokenValid($csrfToken)) {
  51. throw new InvalidCsrfTokenException('Invalid CSRF token.');
  52. }
  54. $badge->markResolved();
  55. }
  57. public static function getSubscribedEvents(): array
  58. {
  59. return [CheckPassportEvent::class => ['checkPassport', 512]];
  60. }
  61. }