Wallogit.com 2017 © Pedro Peláez

Home
Sign in
- Email address
  
  Password
  
  Remember me

library csrf-tokenservice

Stateless CSRF (Cross-Site Request Forgery) token service.

schnittstabil/csrf-tokenservice

Stateless CSRF (Cross-Site Request Forgery) token service.

Sunday, July 29, 2018
by schnittstabil
Repository
2 Watchers
14 Stars
42,462 Installations

PHP
2 Dependents
0 Suggesters
1 Forks
0 Open issues
10 Versions
0 % Grown

The README.md

CSRF\TokenService

, _(*1)

Stateless CSRF (Cross-Site Request Forgery) token service :meat_on_bone:, _(*2)

Install

$ composer require schnittstabil/csrf-tokenservice

Usage

<?php
require __DIR__.'/vendor/autoload.php';

use Schnittstabil\Csrf\TokenService\TokenService;

// Shared secret key used for generating and validating token signatures:
$key = 'This key is not so secret - change it!';

// Time to Live in seconds; default is 1440 seconds === 24 minutes:
$ttl = 1440;

// create the TokenService
$tokenService = new TokenService($key, $ttl);

// generate a URL-safe token, using the name of the authenticated user as nonce:
$token = $tokenService->generate($_SERVER['PHP_AUTH_USER']);

// validate the token - stateless; no session needed
if (!$tokenService->validate($_SERVER['PHP_AUTH_USER'], $token)) {
    http_response_code(403);
    echo '

403 Access Forbidden, bad CSRF token

';
    exit();
}

schnittstabil/psr7-csrf-middleware – (stateless) PSR-7 CSRF protection middleware
schnittstabil/csrf-twig-helpers – Twig helpers for token rendering

License

MIT © Michael Mayer, _(*3)

The Versions

29/07 2018

dev-master

9999999-dev https://github.com/schnittstabil/csrf-tokenservice

Stateless CSRF (Cross-Site Request Forgery) token service.

Sources Download

MIT

The Requires

spomky-labs/base64url ^1.0
php >=7.2

The Development Requires

schnittstabil/phpunit-starter ^6.0

by Michael Mayer

service validator generator hmac token csrf stateless xsrf url-safe cross-site request forgery session riding

05/09 2017

3.1.0

3.1.0.0 https://github.com/schnittstabil/csrf-tokenservice

Stateless CSRF (Cross-Site Request Forgery) token service.

Sources Download

MIT

The Requires

php >=5.6.0
spomky-labs/base64url ^1.0

The Development Requires

schnittstabil/phpunit-starter ^6.0

by Michael Mayer

service validator generator hmac token csrf stateless xsrf url-safe cross-site request forgery session riding

18/06 2017

3.0.0

3.0.0.0 https://github.com/schnittstabil/csrf-tokenservice

Stateless CSRF (Cross-Site Request Forgery) token service.

Sources Download

MIT

The Requires

php >=5.6.0
spomky-labs/base64url ^1.0

The Development Requires

schnittstabil/phpunit-starter ^6.0

by Michael Mayer

service validator generator hmac token csrf stateless xsrf url-safe cross-site request forgery session riding

08/04 2016

2.0.1

2.0.1.0 https://github.com/schnittstabil/csrf-tokenservice

Stateless CSRF (Cross-Site Request Forgery) token service.

Sources Download

MIT

The Requires

php >=5.6.0
spomky-labs/base64url ^1.0

The Development Requires

by Michael Mayer

service validator generator hmac token csrf stateless xsrf url-safe cross-site request forgery session riding

04/04 2016

2.0.0

2.0.0.0 https://github.com/schnittstabil/csrf-tokenservice

Stateless CSRF (Cross-Site Request Forgery) token service.

Sources Download

MIT

The Requires

php >=5.6.0
spomky-labs/base64url ^1.0

The Development Requires

by Michael Mayer

service validator generator hmac token csrf stateless xsrf url-safe cross-site request forgery session riding

03/03 2016

1.0.4

1.0.4.0 https://github.com/schnittstabil/csrf-tokenservice

Stateless CSRF (Cross-Site Request Forgery) token service.

Sources Download

MIT

The Requires

spomky-labs/base64url ^1.0

The Development Requires

by Michael Mayer

service validator generator hmac token csrf stateless xsrf url-safe cross-site request forgery session riding

03/03 2016

1.0.3

1.0.3.0 https://github.com/schnittstabil/csrf-tokenservice

Stateless CSRF (Cross-Site Request Forgery) token service.

Sources Download

MIT

The Requires

spomky-labs/base64url ^1.0

The Development Requires

by Michael Mayer

service validator generator hmac token csrf stateless xsrf url-safe cross-site request forgery session riding

16/02 2016

1.0.2

1.0.2.0 https://github.com/schnittstabil/csrf-tokenservice

Stateless CSRF (Cross-Site Request Forgery) token service.

Sources Download

MIT

The Requires

spomky-labs/base64url ^1.0

The Development Requires

by Michael Mayer

service validator generator hmac token csrf stateless xsrf url-safe cross-site request forgery session riding

15/02 2016

1.0.1

1.0.1.0 https://github.com/schnittstabil/csrf-tokenservice

CSRF (Cross-Site Request Forgery) token service.

Sources Download

MIT

The Requires

spomky-labs/base64url ^1.0

The Development Requires

by Michael Mayer

service validator generator hmac token csrf stateless xsrf url-safe cross-site request forgery session riding

05/02 2016

1.0.0

1.0.0.0 https://github.com/schnittstabil/csrf-tokenservice

CSRF (Cross-Site Request Forgery) token service.

Sources Download

MIT

The Requires

spomky-labs/base64url ^1.0

The Development Requires

by Michael Mayer

service validator generator hmac token csrf stateless xsrf url-safe cross-site request forgery session riding