Cadoles/hydra-sql
22
0
Fork 0
Code Issues 5 Pull Requests 3 Projects Releases Wiki Activity

login consent app sql

Browse Source
This commit is contained in:
Rudy Masson
2022-05-03 08:54:45 +02:00
parent e7253acfd8
commit f9a6535906
1652 changed files with 187600 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
vendor/symfony/security-csrf/CHANGELOG.md vendored Normal file
View File

@ -0,0 +1,7 @@
CHANGELOG
=========
5.3
---
The CHANGELOG for version 5.3 and earlier can be found at https://github.com/symfony/symfony/blob/5.3/src/Symfony/Component/Security/CHANGELOG.md

59
vendor/symfony/security-csrf/CsrfToken.php vendored Normal file
View File

@ -0,0 +1,59 @@
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Security\Csrf;
/**
* A CSRF token.
*
* @author Bernhard Schussek <bschussek@gmail.com>
*/
class CsrfToken
{
private $id;
private $value;
public function __construct(string $id, ?string $value)
{
$this->id = $id;
$this->value = $value ?? '';
}
/**
* Returns the ID of the CSRF token.
*
* @return string
*/
public function getId()
{
return $this->id;
}
/**
* Returns the value of the CSRF token.
*
* @return string
*/
public function getValue()
{
return $this->value;
}
/**
* Returns the value of the CSRF token.
*
* @return string
*/
public function __toString()
{
return $this->value;
}
}

150
vendor/symfony/security-csrf/CsrfTokenManager.php vendored Normal file
View File

@ -0,0 +1,150 @@
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Security\Csrf;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
use Symfony\Component\Security\Csrf\TokenGenerator\TokenGeneratorInterface;
use Symfony\Component\Security\Csrf\TokenGenerator\UriSafeTokenGenerator;
use Symfony\Component\Security\Csrf\TokenStorage\NativeSessionTokenStorage;
use Symfony\Component\Security\Csrf\TokenStorage\TokenStorageInterface;
/**
* Default implementation of {@link CsrfTokenManagerInterface}.
*
* @author Bernhard Schussek <bschussek@gmail.com>
* @author Kévin Dunglas <dunglas@gmail.com>
*/
class CsrfTokenManager implements CsrfTokenManagerInterface
{
private $generator;
private $storage;
private $namespace;
/**
* @param string|RequestStack|callable|null $namespace
* * null: generates a namespace using $_SERVER['HTTPS']
* * string: uses the given string
* * RequestStack: generates a namespace using the current main request
* * callable: uses the result of this callable (must return a string)
*/
public function __construct(TokenGeneratorInterface $generator = null, TokenStorageInterface $storage = null, $namespace = null)
{
$this->generator = $generator ?? new UriSafeTokenGenerator();
$this->storage = $storage ?? new NativeSessionTokenStorage();
$superGlobalNamespaceGenerator = function () {
return !empty($_SERVER['HTTPS']) && 'off' !== strtolower($_SERVER['HTTPS']) ? 'https-' : '';
};
if (null === $namespace) {
$this->namespace = $superGlobalNamespaceGenerator;
} elseif ($namespace instanceof RequestStack) {
$this->namespace = function () use ($namespace, $superGlobalNamespaceGenerator) {
if ($request = $namespace->getMainRequest()) {
return $request->isSecure() ? 'https-' : '';
}
return $superGlobalNamespaceGenerator();
};
} elseif (\is_callable($namespace) || \is_string($namespace)) {
$this->namespace = $namespace;
} else {
throw new InvalidArgumentException(sprintf('$namespace must be a string, a callable returning a string, null or an instance of "RequestStack". "%s" given.', get_debug_type($namespace)));
}
}
/**
* {@inheritdoc}
*/
public function getToken(string $tokenId)
{
$namespacedId = $this->getNamespace().$tokenId;
if ($this->storage->hasToken($namespacedId)) {
$value = $this->storage->getToken($namespacedId);
} else {
$value = $this->generator->generateToken();
$this->storage->setToken($namespacedId, $value);
}
return new CsrfToken($tokenId, $this->randomize($value));
}
/**
* {@inheritdoc}
*/
public function refreshToken(string $tokenId)
{
$namespacedId = $this->getNamespace().$tokenId;
$value = $this->generator->generateToken();
$this->storage->setToken($namespacedId, $value);
return new CsrfToken($tokenId, $this->randomize($value));
}
/**
* {@inheritdoc}
*/
public function removeToken(string $tokenId)
{
return $this->storage->removeToken($this->getNamespace().$tokenId);
}
/**
* {@inheritdoc}
*/
public function isTokenValid(CsrfToken $token)
{
$namespacedId = $this->getNamespace().$token->getId();
if (!$this->storage->hasToken($namespacedId)) {
return false;
}
return hash_equals($this->storage->getToken($namespacedId), $this->derandomize($token->getValue()));
}
private function getNamespace(): string
{
return \is_callable($ns = $this->namespace) ? $ns() : $ns;
}
private function randomize(string $value): string
{
$key = random_bytes(32);
$value = $this->xor($value, $key);
return sprintf('%s.%s.%s', substr(md5($key), 0, 1 + (\ord($key[0]) % 32)), rtrim(strtr(base64_encode($key), '+/', '-_'), '='), rtrim(strtr(base64_encode($value), '+/', '-_'), '='));
}
private function derandomize(string $value): string
{
$parts = explode('.', $value);
if (3 !== \count($parts)) {
return $value;
}
$key = base64_decode(strtr($parts[1], '-_', '+/'));
$value = base64_decode(strtr($parts[2], '-_', '+/'));
return $this->xor($value, $key);
}
private function xor(string $value, string $key): string
{
if (\strlen($value) > \strlen($key)) {
$key = str_repeat($key, ceil(\strlen($value) / \strlen($key)));
}
return $value ^ $key;
}
}

63
vendor/symfony/security-csrf/CsrfTokenManagerInterface.php vendored Normal file
View File

@ -0,0 +1,63 @@
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Security\Csrf;
/**
* Manages CSRF tokens.
*
* @author Bernhard Schussek <bschussek@gmail.com>
*/
interface CsrfTokenManagerInterface
{
/**
* Returns a CSRF token for the given ID.
*
* If previously no token existed for the given ID, a new token is
* generated. Otherwise the existing token is returned (with the same value,
* not the same instance).
*
* @param string $tokenId The token ID. You may choose an arbitrary value
* for the ID
*
* @return CsrfToken
*/
public function getToken(string $tokenId);
/**
* Generates a new token value for the given ID.
*
* This method will generate a new token for the given token ID, independent
* of whether a token value previously existed or not. It can be used to
* enforce once-only tokens in environments with high security needs.
*
* @param string $tokenId The token ID. You may choose an arbitrary value
* for the ID
*
* @return CsrfToken
*/
public function refreshToken(string $tokenId);
/**
* Invalidates the CSRF token with the given ID, if one exists.
*
* @return string|null Returns the removed token value if one existed, NULL
* otherwise
*/
public function removeToken(string $tokenId);
/**
* Returns whether the given CSRF token is valid.
*
* @return bool
*/
public function isTokenValid(CsrfToken $token);
}

21
vendor/symfony/security-csrf/Exception/TokenNotFoundException.php vendored Normal file
View File

@ -0,0 +1,21 @@
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Security\Csrf\Exception;
use Symfony\Component\Security\Core\Exception\RuntimeException;
/**
* @author Bernhard Schussek <bschussek@gmail.com>
*/
class TokenNotFoundException extends RuntimeException
{
}

19
vendor/symfony/security-csrf/LICENSE vendored Normal file
View File

@ -0,0 +1,19 @@
Copyright (c) 2004-2022 Fabien Potencier
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

29
vendor/symfony/security-csrf/README.md vendored Normal file
View File

@ -0,0 +1,29 @@
Security Component - CSRF
=========================
The Security CSRF (cross-site request forgery) component provides a class
`CsrfTokenManager` for generating and validating CSRF tokens.
Sponsor
-------
The Security component for Symfony 5.4/6.0 is [backed][1] by [SymfonyCasts][2].
Learn Symfony faster by watching real projects being built and actively coding
along with them. SymfonyCasts bridges that learning gap, bringing you video
tutorials and coding challenges. Code on!
Help Symfony by [sponsoring][3] its development!
Resources
---------
* [Documentation](https://symfony.com/doc/current/components/security.html)
* [Contributing](https://symfony.com/doc/current/contributing/index.html)
* [Report issues](https://github.com/symfony/symfony/issues) and
[send Pull Requests](https://github.com/symfony/symfony/pulls)
in the [main Symfony repository](https://github.com/symfony/symfony)
[1]: https://symfony.com/backers
[2]: https://symfonycasts.com
[3]: https://symfony.com/sponsor

27
vendor/symfony/security-csrf/TokenGenerator/TokenGeneratorInterface.php vendored Normal file
View File

@ -0,0 +1,27 @@
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Security\Csrf\TokenGenerator;
/**
* Generates CSRF tokens.
*
* @author Bernhard Schussek <bschussek@gmail.com>
*/
interface TokenGeneratorInterface
{
/**
* Generates a CSRF token.
*
* @return string
*/
public function generateToken();
}

45
vendor/symfony/security-csrf/TokenGenerator/UriSafeTokenGenerator.php vendored Normal file
View File

@ -0,0 +1,45 @@
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Security\Csrf\TokenGenerator;
/**
* Generates CSRF tokens.
*
* @author Bernhard Schussek <bernhard.schussek@symfony.com>
*/
class UriSafeTokenGenerator implements TokenGeneratorInterface
{
private $entropy;
/**
* Generates URI-safe CSRF tokens.
*
* @param int $entropy The amount of entropy collected for each token (in bits)
*/
public function __construct(int $entropy = 256)
{
$this->entropy = $entropy;
}
/**
* {@inheritdoc}
*/
public function generateToken()
{
// Generate an URI safe base64 encoded string that does not contain "+",
// "/" or "=" which need to be URL encoded and make URLs unnecessarily
// longer.
$bytes = random_bytes($this->entropy / 8);
return rtrim(strtr(base64_encode($bytes), '+/', '-_'), '=');
}
}

23
vendor/symfony/security-csrf/TokenStorage/ClearableTokenStorageInterface.php vendored Normal file
View File

@ -0,0 +1,23 @@
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Security\Csrf\TokenStorage;
/**
* @author Christian Flothmann <christian.flothmann@sensiolabs.de>
*/
interface ClearableTokenStorageInterface extends TokenStorageInterface
{
/**
* Removes all CSRF tokens.
*/
public function clear();
}

121
vendor/symfony/security-csrf/TokenStorage/NativeSessionTokenStorage.php vendored Normal file
View File

@ -0,0 +1,121 @@
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Security\Csrf\TokenStorage;
use Symfony\Component\Security\Csrf\Exception\TokenNotFoundException;
/**
* Token storage that uses PHP's native session handling.
*
* @author Bernhard Schussek <bschussek@gmail.com>
*/
class NativeSessionTokenStorage implements ClearableTokenStorageInterface
{
/**
* The namespace used to store values in the session.
*/
public const SESSION_NAMESPACE = '_csrf';
private $sessionStarted = false;
private $namespace;
/**
* Initializes the storage with a session namespace.
*
* @param string $namespace The namespace under which the token is stored in the session
*/
public function __construct(string $namespace = self::SESSION_NAMESPACE)
{
$this->namespace = $namespace;
}
/**
* {@inheritdoc}
*/
public function getToken(string $tokenId)
{
if (!$this->sessionStarted) {
$this->startSession();
}
if (!isset($_SESSION[$this->namespace][$tokenId])) {
throw new TokenNotFoundException('The CSRF token with ID '.$tokenId.' does not exist.');
}
return (string) $_SESSION[$this->namespace][$tokenId];
}
/**
* {@inheritdoc}
*/
public function setToken(string $tokenId, string $token)
{
if (!$this->sessionStarted) {
$this->startSession();
}
$_SESSION[$this->namespace][$tokenId] = $token;
}
/**
* {@inheritdoc}
*/
public function hasToken(string $tokenId)
{
if (!$this->sessionStarted) {
$this->startSession();
}
return isset($_SESSION[$this->namespace][$tokenId]);
}
/**
* {@inheritdoc}
*/
public function removeToken(string $tokenId)
{
if (!$this->sessionStarted) {
$this->startSession();
}
if (!isset($_SESSION[$this->namespace][$tokenId])) {
return null;
}
$token = (string) $_SESSION[$this->namespace][$tokenId];
unset($_SESSION[$this->namespace][$tokenId]);
if (!$_SESSION[$this->namespace]) {
unset($_SESSION[$this->namespace]);
}
return $token;
}
/**
* {@inheritdoc}
*/
public function clear()
{
unset($_SESSION[$this->namespace]);
}
private function startSession()
{
if (\PHP_SESSION_NONE === session_status()) {
session_start();
}
$this->sessionStarted = true;
}
}

140
vendor/symfony/security-csrf/TokenStorage/SessionTokenStorage.php vendored Normal file
View File

@ -0,0 +1,140 @@
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Security\Csrf\TokenStorage;
use Symfony\Component\HttpFoundation\Exception\SessionNotFoundException;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\HttpFoundation\Session\SessionInterface;
use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
use Symfony\Component\Security\Csrf\Exception\TokenNotFoundException;
/**
* Token storage that uses a Symfony Session object.
*
* @author Bernhard Schussek <bschussek@gmail.com>
*/
class SessionTokenStorage implements ClearableTokenStorageInterface
{
/**
* The namespace used to store values in the session.
*/
public const SESSION_NAMESPACE = '_csrf';
private $requestStack;
private $namespace;
/**
* To be removed in Symfony 6.0.
*/
private $session;
/**
* Initializes the storage with a RequestStack object and a session namespace.
*
* @param RequestStack $requestStack
* @param string $namespace The namespace under which the token is stored in the requestStack
*/
public function __construct(/* RequestStack*/ $requestStack, string $namespace = self::SESSION_NAMESPACE)
{
if ($requestStack instanceof SessionInterface) {
trigger_deprecation('symfony/security-csrf', '5.3', 'Passing a "%s" to "%s" is deprecated, use a "%s" instead.', SessionInterface::class, __CLASS__, RequestStack::class);
$request = new Request();
$request->setSession($requestStack);
$requestStack = new RequestStack();
$requestStack->push($request);
}
$this->requestStack = $requestStack;
$this->namespace = $namespace;
}
/**
* {@inheritdoc}
*/
public function getToken(string $tokenId)
{
$session = $this->getSession();
if (!$session->isStarted()) {
$session->start();
}
if (!$session->has($this->namespace.'/'.$tokenId)) {
throw new TokenNotFoundException('The CSRF token with ID '.$tokenId.' does not exist.');
}
return (string) $session->get($this->namespace.'/'.$tokenId);
}
/**
* {@inheritdoc}
*/
public function setToken(string $tokenId, string $token)
{
$session = $this->getSession();
if (!$session->isStarted()) {
$session->start();
}
$session->set($this->namespace.'/'.$tokenId, $token);
}
/**
* {@inheritdoc}
*/
public function hasToken(string $tokenId)
{
$session = $this->getSession();
if (!$session->isStarted()) {
$session->start();
}
return $session->has($this->namespace.'/'.$tokenId);
}
/**
* {@inheritdoc}
*/
public function removeToken(string $tokenId)
{
$session = $this->getSession();
if (!$session->isStarted()) {
$session->start();
}
return $session->remove($this->namespace.'/'.$tokenId);
}
/**
* {@inheritdoc}
*/
public function clear()
{
$session = $this->getSession();
foreach (array_keys($session->all()) as $key) {
if (str_starts_with($key, $this->namespace.'/')) {
$session->remove($key);
}
}
}
private function getSession(): SessionInterface
{
try {
return $this->session ?? $this->requestStack->getSession();
} catch (SessionNotFoundException $e) {
trigger_deprecation('symfony/security-csrf', '5.3', 'Using the "%s" without a session has no effect and is deprecated. It will throw a "%s" in Symfony 6.0', __CLASS__, SessionNotFoundException::class);
return $this->session ?? $this->session = new Session(new MockArraySessionStorage());
}
}
}

49
vendor/symfony/security-csrf/TokenStorage/TokenStorageInterface.php vendored Normal file
View File

@ -0,0 +1,49 @@
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Security\Csrf\TokenStorage;
/**
* Stores CSRF tokens.
*
* @author Bernhard Schussek <bschussek@gmail.com>
*/
interface TokenStorageInterface
{
/**
* Reads a stored CSRF token.
*
* @return string
*
* @throws \Symfony\Component\Security\Csrf\Exception\TokenNotFoundException If the token ID does not exist
*/
public function getToken(string $tokenId);
/**
* Stores a CSRF token.
*/
public function setToken(string $tokenId, string $token);
/**
* Removes a CSRF token.
*
* @return string|null Returns the removed token if one existed, NULL
* otherwise
*/
public function removeToken(string $tokenId);
/**
* Checks whether a token with the given token ID exists.
*
* @return bool
*/
public function hasToken(string $tokenId);
}

39
vendor/symfony/security-csrf/composer.json vendored Normal file
View File

@ -0,0 +1,39 @@
{
"name": "symfony/security-csrf",
"type": "library",
"description": "Symfony Security Component - CSRF Library",
"keywords": [],
"homepage": "https://symfony.com",
"license": "MIT",
"authors": [
{
"name": "Fabien Potencier",
"email": "fabien@symfony.com"
},
{
"name": "Symfony Community",
"homepage": "https://symfony.com/contributors"
}
],
"require": {
"php": ">=7.2.5",
"symfony/polyfill-php80": "^1.16",
"symfony/security-core": "^4.4|^5.0|^6.0"
},
"require-dev": {
"symfony/http-foundation": "^5.3|^6.0"
},
"conflict": {
"symfony/http-foundation": "<5.3"
},
"suggest": {
"symfony/http-foundation": "For using the class SessionTokenStorage."
},
"autoload": {
"psr-4": { "Symfony\\Component\\Security\\Csrf\\": "" },
"exclude-from-classmap": [
"/Tests/"
]
},
"minimum-stability": "dev"
}