0 follower

Final Class Yiisoft\Cookies\CookieSigner

All Classes | Methods

Inheritance	Yiisoft\Cookies\CookieSigner

A CookieSigner signs the cookie value and validates whether the signed cookie value has been tampered with.

Public Methods

Hide inherited methods

Method	Description	Defined By
__construct()		Yiisoft\Cookies\CookieSigner
isSigned()	Checks whether the cookie value is validly signed.	Yiisoft\Cookies\CookieSigner
sign()	Returns a new cookie instance with the signed cookie value.	Yiisoft\Cookies\CookieSigner
validate()	Returns a new cookie instance with the clean cookie value or throws an exception if signature is not valid.	Yiisoft\Cookies\CookieSigner

Method Details

Hide inherited methods

__construct() public method

public mixed __construct ( string $key )
$key	string	The secret key used to sign and validate cookie values.

Source code

                public function __construct(string $key)
{
    $this->mac = new Mac();
    $this->key = $key;
}

isSigned() public method

Checks whether the cookie value is validly signed.

public boolean isSigned ( Yiisoft\Cookies\Cookie $cookie )
$cookie	Yiisoft\Cookies\Cookie	The cookie to check.
return	boolean	Whether the cookie value is validly signed.

Source code

                public function isSigned(Cookie $cookie): bool
{
    return strlen($cookie->getValue()) > 32 && strpos($cookie->getValue(), $this->prefix($cookie)) === 0;
}

sign() public method

Returns a new cookie instance with the signed cookie value.

public Yiisoft\Cookies\Cookie sign ( Yiisoft\Cookies\Cookie $cookie )
$cookie	Yiisoft\Cookies\Cookie	The cookie with clean value.
return	Yiisoft\Cookies\Cookie	The cookie with signed value.
throws	RuntimeException	If the cookie value is already signed.

Source code

                public function sign(Cookie $cookie): Cookie
{
    if ($this->isSigned($cookie)) {
        throw new RuntimeException("The \"{$cookie->getName()}\" cookie value is already signed.");
    }
    $prefix = $this->prefix($cookie);
    $value = $this->mac->sign($prefix . $cookie->getValue(), $this->key);
    return $cookie->withValue($prefix . $value);
}

validate() public method

Returns a new cookie instance with the clean cookie value or throws an exception if signature is not valid.

public Yiisoft\Cookies\Cookie validate ( Yiisoft\Cookies\Cookie $cookie )
$cookie	Yiisoft\Cookies\Cookie	The cookie with signed value.
return	Yiisoft\Cookies\Cookie	The cookie with unsigned value.
throws	RuntimeException	If the cookie value is tampered with or not validly signed. If you are not sure that the value of the cookie file was signed earlier, then first use the {@see \Yiisoft\Cookies\isSigned()}.

Source code

                public function validate(Cookie $cookie): Cookie
{
    if (!$this->isSigned($cookie)) {
        throw new RuntimeException("The \"{$cookie->getName()}\" cookie value is not validly signed.");
    }
    try {
        /**
         * @psalm-suppress PossiblyFalseArgument Length of the cookie value is checked in the {@see isEncrypted()}
         * method and it is greater than 32, so `substr()` never returns false. This is actual for PHP 7.4 only.
         */
        $value = $this->mac->getMessage(substr($cookie->getValue(), 32), $this->key);
        /**
         * @psalm-suppress PossiblyFalseArgument Minimal length of value is 32, so `substr()` never returns false.
         * This is actual for PHP 7.4 only.
         */
        return $cookie->withValue(substr($value, 32));
    } catch (DataIsTamperedException $e) {
        throw new RuntimeException("The \"{$cookie->getName()}\" cookie value was tampered with.");
    }
}