diff --git a/src/Controller.php b/src/Controller.php index 768436a..70c65fd 100755 --- a/src/Controller.php +++ b/src/Controller.php @@ -12,7 +12,6 @@ namespace Rudra\Controller; use Rudra\Container\Facades\Session; -use Rudra\Container\Interfaces\RudraInterface; class Controller implements ControllerInterface { @@ -24,31 +23,36 @@ public function __construct() /** * @return void */ + #[\Override] public function init(): void {} /** * @return void */ + #[\Override] public function before(): void {} /** * @return void */ + #[\Override] public function after(): void {} /** * Method to protect against CSRF attack + * --------------- + * Метод защиты от CSRF-атак * * @return void */ public function csrfProtection(): void { if (!isset($_SESSION)) { - $local = (php_sapi_name() == "cli-server"); + $local = (php_sapi_name() === "cli-server"); session_set_cookie_params([ 'lifetime' => 604800, // 7 days - 'path' => '/', - 'secure' => !$local, + 'path' => '/', + 'secure' => !$local, 'httponly' => true, 'samesite' => 'Lax' ]); @@ -56,8 +60,8 @@ public function csrfProtection(): void } if (Session::has("csrf_token")) { - unset($_SESSION["csrf_token"][count($_SESSION["csrf_token"]) - 1]); - array_unshift($_SESSION["csrf_token"], md5(uniqid((string)mt_rand(), true))); + array_pop($_SESSION["csrf_token"]); + array_unshift($_SESSION["csrf_token"], bin2hex(random_bytes(32))); return; } diff --git a/tests/ControllerTest.php b/tests/ControllerTest.php index c318cf1..249c719 100755 --- a/tests/ControllerTest.php +++ b/tests/ControllerTest.php @@ -14,13 +14,12 @@ namespace Rudra\Controller\Tests; -use PHPUnit\Framework\TestCase; use Rudra\Container\Facades\Session; use Rudra\Container\Facades\Rudra as Rudra; -use Rudra\Container\Interfaces\RudraInterface; -use Rudra\Controller\{Controller, ControllerInterface}; +use Rudra\Controller\Controller; +use Rudra\Controller\ControllerInterface; -class ControllerTest extends TestCase +class ControllerTest extends \PHPUnit\Framework\TestCase { protected ControllerInterface $controller;