Skip to content

Commit 9a617d0

Browse files
kbondkbond
committed
doVerify
1 parent fa8524e commit 9a617d0

File tree

1 file changed

+61
-36
lines changed

1 file changed

+61
-36
lines changed

src/Symfony/Component/HttpFoundation/UriSigner.php

Lines changed: 61 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,11 @@
2222
*/
2323
class UriSigner
2424
{
25+
private const STATUS_VALID = 1;
26+
private const STATUS_INVALID = 2;
27+
private const STATUS_MISSING = 3;
28+
private const STATUS_EXPIRED = 4;
29+
2530
/**
2631
* @param string $hashParameter Query string parameter to use
2732
* @param string $expirationParameter Query string parameter to use for expiration
@@ -93,24 +98,12 @@ public function sign(string $uri/* , \DateTimeInterface|\DateInterval|int|null $
9398
*/
9499
public function check(string $uri): bool
95100
{
96-
try {
97-
$this->verify($uri);
98-
} catch (SignedUriException) {
99-
return false;
100-
}
101-
102-
return true;
101+
return self::STATUS_VALID === $this->doVerify($uri);
103102
}
104103

105104
public function checkRequest(Request $request): bool
106105
{
107-
try {
108-
$this->verify($request);
109-
} catch (SignedUriException) {
110-
return false;
111-
}
112-
113-
return true;
106+
return self::STATUS_VALID === $this->doVerify(self::normalize($request));
114107
}
115108

116109
/**
@@ -123,37 +116,24 @@ public function checkRequest(Request $request): bool
123116
*/
124117
public function verify(Request|string $uri): void
125118
{
126-
if ($uri instanceof Request) {
127-
$qs = ($qs = $uri->server->get('QUERY_STRING')) ? '?'.$qs : '';
128-
$uri = $uri->getSchemeAndHttpHost().$uri->getBaseUrl().$uri->getPathInfo().$qs;
129-
}
119+
$uri = self::normalize($uri);
120+
$status = $this->doVerify($uri);
130121

131-
$url = parse_url($uri);
132-
$params = [];
133-
134-
if (isset($url['query'])) {
135-
parse_str($url['query'], $params);
122+
if (self::STATUS_VALID === $status) {
123+
return;
136124
}
137125

138-
if (empty($params[$this->hashParameter])) {
126+
if (self::STATUS_MISSING === $status) {
139127
throw new UnsignedUriException($uri);
140128
}
141129

142-
$hash = $params[$this->hashParameter];
143-
unset($params[$this->hashParameter]);
144-
145-
// In 8.0, remove support for non-url-safe tokens
146-
if (!hash_equals($this->computeHash($this->buildUrl($url, $params)), strtr(rtrim($hash, '='), ['/' => '_', '+' => '-']))) {
130+
if (self::STATUS_INVALID === $status) {
147131
throw new UnverifiedSignedUriException($uri);
148132
}
149133

150-
if (!$expiration = $params[$this->expirationParameter] ?? false) {
151-
return;
152-
}
153-
154-
if (time() < $expiration) {
155-
return;
156-
}
134+
$url = parse_url($uri);
135+
parse_str($url['query'], $params);
136+
$expiration = $params[$this->expirationParameter];
157137

158138
throw new ExpiredSignedUriException(\DateTimeImmutable::createFromFormat('U', $expiration), $uri);
159139
}
@@ -193,4 +173,49 @@ private function getExpirationTime(\DateTimeInterface|\DateInterval|int $expirat
193173

194174
return (string) $expiration;
195175
}
176+
177+
/**
178+
* @return self::STATUS_*
179+
*/
180+
private function doVerify(string $uri): int
181+
{
182+
$url = parse_url($uri);
183+
$params = [];
184+
185+
if (isset($url['query'])) {
186+
parse_str($url['query'], $params);
187+
}
188+
189+
if (empty($params[$this->hashParameter])) {
190+
return self::STATUS_MISSING;
191+
}
192+
193+
$hash = $params[$this->hashParameter];
194+
unset($params[$this->hashParameter]);
195+
196+
// In 8.0, remove support for non-url-safe tokens
197+
if (!hash_equals($this->computeHash($this->buildUrl($url, $params)), strtr(rtrim($hash, '='), ['/' => '_', '+' => '-']))) {
198+
return self::STATUS_INVALID;
199+
}
200+
201+
if (!$expiration = $params[$this->expirationParameter] ?? false) {
202+
return self::STATUS_VALID;
203+
}
204+
205+
if (time() < $expiration) {
206+
return self::STATUS_VALID;
207+
}
208+
209+
return self::STATUS_EXPIRED;
210+
}
211+
212+
private static function normalize(Request|string $uri): string
213+
{
214+
if ($uri instanceof Request) {
215+
$qs = ($qs = $uri->server->get('QUERY_STRING')) ? '?'.$qs : '';
216+
$uri = $uri->getSchemeAndHttpHost().$uri->getBaseUrl().$uri->getPathInfo().$qs;
217+
}
218+
219+
return $uri;
220+
}
196221
}

0 commit comments

Comments
 (0)