return self::$server;
}
- /**
- * Get a token for protecting a form.
- *
- * @param string $seed TODO
- *
- * @return TODO
- */
- static public function getRequestToken($seed)
- {
- $token = Horde_Token::generateId($seed);
- $_SESSION['horde_form_secrets'][$token] = time();
- return $token;
- }
-
- /**
- * Check if a token for a form is valid.
- *
- * @param string $seed TODO
- * @param string $token TODO
- *
- * @throws Horde_Exception
- */
- static public function checkRequestToken($seed, $token)
- {
- if (empty($_SESSION['horde_form_secrets'][$token])) {
- throw new Horde_Exception(_("We cannot verify that this request was really sent by you. It could be a malicious request. If you intended to perform this action, you can retry it now."));
- }
-
- if ($_SESSION['horde_form_secrets'][$token] + $GLOBALS['conf']['server']['token_lifetime'] < time()) {
- throw new Horde_Exception(sprintf(_("This request cannot be completed because the link you followed or the form you submitted was only valid for %d minutes. Please try again now."), round($GLOBALS['conf']['server']['token_lifetime'] / 60)));
- }
- }
-
public function getObject($uid)
{
return $this->getServer()->fetch($uid);
* to use the standard form mechanisms via CLI. Think of some
* alternatives here.
*/
- $koward = &Koward::singleton();
- $token = $koward->getRequestToken('cli');
+ $token = Horde::getRequestToken('cli');
$this->_cmd_argv['koward_form_object_formToken'] = $token;
/**
/**
* Provide a token for immediate deletion.
*/
- $koward = &Koward::singleton();
- $this->_cmd_argv['token'] = $koward->getRequestToken('object.delete');
+ $this->_cmd_argv['token'] = Horde::getRequestToken('object.delete');
break;
}
$this->submit_url = $this->urlFor(array('controller' => 'object',
'action' => 'delete',
'id' => $this->params->id,
- 'token' => $this->koward->getRequestToken('object.delete')));
+ 'token' => Horde::getRequestToken('object.delete')));
$this->return_url = $this->urlFor(array('controller' => 'object',
'action' => 'listall'));
} else {
$token = $this->params->token;
}
- $this->koward->checkRequestToken('object.delete', $token);
+ Horde::checkRequestToken('object.delete', $token);
$result = $this->object->delete();
if ($result === true) {
$this->koward->notification->push(sprintf(_("Successfully deleted the object \"%s\""),
} else {
$token = $this->params->token;
}
- $this->koward->checkRequestToken('object.' . $this->params->oaction, $token);
+ Horde::checkRequestToken('object.' . $this->params->oaction, $token);
$action = $this->params->oaction;
$result = $this->object->$action();
'action' => 'view',
'id' => $this->params->id,
'action' => $action,
- 'token' => $this->koward->getRequestToken('object.' . $action)));
+ 'token' => Horde::getRequestToken('object.' . $action)));
$this->return_url = $this->urlFor(array('controller' => 'object',
'action' => 'view',
'id' => $this->params->id));
$this->assertType('Horde_Kolab_Server_Object', $this->koward->getObject('cn=Gunnar Wrobel,dc=example,dc=org'));
}
- /**
- * Verify token processing mechanisms.
- *
- * @return NULL
- */
- public function testToken()
- {
- // Get the token.
- $token = $this->koward->getRequestToken('test');
- // Checking it should be fine.
- $this->koward->checkRequestToken('test', $token);
- // Now we set the token to a value that will be considered a timeout.
- $_SESSION['horde_form_secrets'][$token] = time() - 100000;
- try {
- $this->koward->checkRequestToken('test', $token);
- $this->fail('The rquest token is still valid which was not expected.');
- } catch (Horde_Exception $e) {
- $this->assertContains(_("This request cannot be completed because the link you followed or the form you submitted was only valid for"), $e->getMessage());
- }
- // Now we remove the token
- unset($_SESSION['horde_form_secrets'][$token]);
- try {
- $this->koward->checkRequestToken('test', $token);
- $this->fail('The rquest token is still valid which was not expected.');
- } catch (Horde_Exception $e) {
- $this->assertEquals(_("We cannot verify that this request was really sent by you. It could be a malicious request. If you intended to perform this action, you can retry it now."), $e->getMessage());
- }
- }
}
projects / horde.git / commitdiff