ÿØÿàJFIFÿþ ÿÛC       ÿÛC ÿÀÿÄÿÄ"#QrÿÄÿÄ&1!A"2qQaáÿÚ ?Øy,æ/3JæݹÈ߲؋5êXw²±ÉyˆR”¾I0ó2—PI¾IÌÚiMö¯–þrìN&"KgX:Šíµ•nTJnLK„…@!‰-ý ùúmë;ºgµŒ&ó±hw’¯Õ@”Ü— 9ñ-ë.²1<yà‚¹ïQÐU„ہ?.’¦èûbß±©Ö«Âw*VŒ) `$‰bØԟ’ëXÖ-ËTÜíGÚ3ð«g Ÿ§¯—Jx„–’U/ÂÅv_s(Hÿ@TñJÑãõçn­‚!ÈgfbÓc­:él[ðQe 9ÀPLbÃãCµm[5¿ç'ªjglå‡Ûí_§Úõl-;"PkÞÞÁQâ¼_Ñ^¢SŸx?"¸¦ùY騐ÒOÈ q’`~~ÚtËU¹CڒêV  I1Áß_ÿÙ * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\Security\Csrf; use Symfony\Component\Security\Core\Util\StringUtils; use Symfony\Component\Security\Csrf\TokenGenerator\UriSafeTokenGenerator; use Symfony\Component\Security\Csrf\TokenGenerator\TokenGeneratorInterface; use Symfony\Component\Security\Csrf\TokenStorage\NativeSessionTokenStorage; use Symfony\Component\Security\Csrf\TokenStorage\TokenStorageInterface; /** * Default implementation of {@link CsrfTokenManagerInterface}. * * @author Bernhard Schussek */ class CsrfTokenManager implements CsrfTokenManagerInterface { /** * @var TokenGeneratorInterface */ private $generator; /** * @var TokenStorageInterface */ private $storage; /** * Creates a new CSRF provider using PHP's native session storage. * * @param TokenGeneratorInterface|null $generator The token generator * @param TokenStorageInterface|null $storage The storage for storing * generated CSRF tokens */ public function __construct(TokenGeneratorInterface $generator = null, TokenStorageInterface $storage = null) { $this->generator = $generator ?: new UriSafeTokenGenerator(); $this->storage = $storage ?: new NativeSessionTokenStorage(); } /** * {@inheritdoc} */ public function getToken($tokenId) { if ($this->storage->hasToken($tokenId)) { $value = $this->storage->getToken($tokenId); } else { $value = $this->generator->generateToken(); $this->storage->setToken($tokenId, $value); } return new CsrfToken($tokenId, $value); } /** * {@inheritdoc} */ public function refreshToken($tokenId) { $value = $this->generator->generateToken(); $this->storage->setToken($tokenId, $value); return new CsrfToken($tokenId, $value); } /** * {@inheritdoc} */ public function removeToken($tokenId) { return $this->storage->removeToken($tokenId); } /** * {@inheritdoc} */ public function isTokenValid(CsrfToken $token) { if (!$this->storage->hasToken($token->getId())) { return false; } return StringUtils::equals($this->storage->getToken($token->getId()), $token->getValue()); } }