Magento Extensions Rating 2024
Magento 2 Documentation  2.3
Documentation for Magento 2 CMS v2.3 (December 2018)
Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes
Validator Class Reference
Inheritance diagram for Validator:
ValidatorInterface

Public Member Functions

 __construct (\Magento\Framework\App\Config\ScopeConfigInterface $scopeConfig, \Magento\Framework\HTTP\PhpEnvironment\RemoteAddress $remoteAddress, $scopeType, array $skippedUserAgentList=[])
 
 validate (SessionManagerInterface $session)
 
- Public Member Functions inherited from ValidatorInterface
 validate (\Magento\Framework\Session\SessionManagerInterface $session)
 

Data Fields

const VALIDATOR_KEY = '_session_validator_data'
 
const VALIDATOR_HTTP_USER_AGENT_KEY = 'http_user_agent'
 
const VALIDATOR_HTTP_X_FORWARDED_FOR_KEY = 'http_x_forwarded_for'
 
const VALIDATOR_HTTP_VIA_KEY = 'http_via'
 
const VALIDATOR_REMOTE_ADDR_KEY = 'remote_addr'
 
const XML_PATH_USE_REMOTE_ADDR = 'web/session/use_remote_addr'
 
const XML_PATH_USE_HTTP_VIA = 'web/session/use_http_via'
 
const XML_PATH_USE_X_FORWARDED = 'web/session/use_http_x_forwarded_for'
 
const XML_PATH_USE_USER_AGENT = 'web/session/use_http_user_agent'
 

Protected Member Functions

 _validate ()
 
 _getSessionEnvironment ()
 

Protected Attributes

 $_scopeConfig
 
 $_remoteAddress
 
 $_skippedAgentList
 
 $_scopeType
 

Detailed Description

Session Validator

Definition at line 15 of file Validator.php.

Constructor & Destructor Documentation

◆ __construct()

__construct ( \Magento\Framework\App\Config\ScopeConfigInterface  $scopeConfig,
\Magento\Framework\HTTP\PhpEnvironment\RemoteAddress  $remoteAddress,
  $scopeType,
array  $skippedUserAgentList = [] 
)
Parameters
\Magento\Framework\App\Config\ScopeConfigInterface$scopeConfig
\Magento\Framework\HTTP\PhpEnvironment\RemoteAddress$remoteAddress
string$scopeType
array$skippedUserAgentList

Definition at line 61 of file Validator.php.

66  {
67  $this->_scopeConfig = $scopeConfig;
68  $this->_remoteAddress = $remoteAddress;
69  $this->_skippedAgentList = $skippedUserAgentList;
70  $this->_scopeType = $scopeType;
71  }

Member Function Documentation

◆ _getSessionEnvironment()

_getSessionEnvironment ( )
protected

Prepare session environment data for validation

Returns
array

Definition at line 172 of file Validator.php.

173  {
174  $parts = [
175  self::VALIDATOR_REMOTE_ADDR_KEY => '',
176  self::VALIDATOR_HTTP_VIA_KEY => '',
177  self::VALIDATOR_HTTP_X_FORWARDED_FOR_KEY => '',
178  self::VALIDATOR_HTTP_USER_AGENT_KEY => '',
179  ];
180 
181  // collect ip data
182  if ($this->_remoteAddress->getRemoteAddress()) {
183  $parts[self::VALIDATOR_REMOTE_ADDR_KEY] = $this->_remoteAddress->getRemoteAddress();
184  }
185  if (isset($_ENV['HTTP_VIA'])) {
186  $parts[self::VALIDATOR_HTTP_VIA_KEY] = (string)$_ENV['HTTP_VIA'];
187  }
188  if (isset($_ENV['HTTP_X_FORWARDED_FOR'])) {
189  $parts[self::VALIDATOR_HTTP_X_FORWARDED_FOR_KEY] = (string)$_ENV['HTTP_X_FORWARDED_FOR'];
190  }
191 
192  // collect user agent data
193  if (isset($_SERVER['HTTP_USER_AGENT'])) {
194  $parts[self::VALIDATOR_HTTP_USER_AGENT_KEY] = (string)$_SERVER['HTTP_USER_AGENT'];
195  }
196 
197  return $parts;
198  }

◆ _validate()

_validate ( )
protected

Validate data

Returns
bool
Exceptions
SessionException@SuppressWarnings(PHPMD.CyclomaticComplexity)

Definition at line 102 of file Validator.php.

103  {
104  $sessionData = $_SESSION[self::VALIDATOR_KEY];
105  $validatorData = $this->_getSessionEnvironment();
106 
107  if ($this->_scopeConfig->getValue(
108  self::XML_PATH_USE_REMOTE_ADDR,
109  $this->_scopeType
110  ) && $sessionData[self::VALIDATOR_REMOTE_ADDR_KEY] != $validatorData[self::VALIDATOR_REMOTE_ADDR_KEY]
111  ) {
112  throw new SessionException(
113  new Phrase(
114  'The "%1" session value is invalid. Verify and try again.',
115  [self::VALIDATOR_REMOTE_ADDR_KEY]
116  )
117  );
118  }
119  if ($this->_scopeConfig->getValue(
120  self::XML_PATH_USE_HTTP_VIA,
121  $this->_scopeType
122  ) && $sessionData[self::VALIDATOR_HTTP_VIA_KEY] != $validatorData[self::VALIDATOR_HTTP_VIA_KEY]
123  ) {
124  throw new SessionException(
125  new Phrase(
126  'The "%1" session value is invalid. Verify and try again.',
127  [self::VALIDATOR_HTTP_VIA_KEY]
128  )
129  );
130  }
131 
132  $httpXForwardedKey = $sessionData[self::VALIDATOR_HTTP_X_FORWARDED_FOR_KEY];
133  $validatorXForwarded = $validatorData[self::VALIDATOR_HTTP_X_FORWARDED_FOR_KEY];
134  if ($this->_scopeConfig->getValue(
135  self::XML_PATH_USE_X_FORWARDED,
136  $this->_scopeType
137  ) && $httpXForwardedKey != $validatorXForwarded
138  ) {
139  throw new SessionException(
140  new Phrase(
141  'The "%1" session value is invalid. Verify and try again.',
142  [self::VALIDATOR_HTTP_X_FORWARDED_FOR_KEY]
143  )
144  );
145  }
146  if ($this->_scopeConfig->getValue(
147  self::XML_PATH_USE_USER_AGENT,
148  $this->_scopeType
149  ) && $sessionData[self::VALIDATOR_HTTP_USER_AGENT_KEY] != $validatorData[self::VALIDATOR_HTTP_USER_AGENT_KEY]
150  ) {
151  foreach ($this->_skippedAgentList as $agent) {
152  if (preg_match('/' . $agent . '/iu', $validatorData[self::VALIDATOR_HTTP_USER_AGENT_KEY])) {
153  return true;
154  }
155  }
156  throw new SessionException(
157  new Phrase(
158  'The "%1" session value is invalid. Verify and try again.',
159  [self::VALIDATOR_HTTP_USER_AGENT_KEY]
160  )
161  );
162  }
163 
164  return true;
165  }

◆ validate()

validate ( SessionManagerInterface  $session)

Validate session

Parameters
SessionManagerInterface$session
Returns
void
Exceptions
SessionException

Definition at line 80 of file Validator.php.

81  {
82  if (!isset($_SESSION[self::VALIDATOR_KEY])) {
83  $_SESSION[self::VALIDATOR_KEY] = $this->_getSessionEnvironment();
84  } else {
85  try {
86  $this->_validate();
87  } catch (SessionException $e) {
88  $session->destroy(['clear_storage' => false]);
89  // throw core session exception
90  throw $e;
91  }
92  }
93  }
$session
$session
Definition: quote_with_configurable_product_last_variation.php:62

Field Documentation

◆ $_remoteAddress

$_remoteAddress
protected

Definition at line 43 of file Validator.php.

◆ $_scopeConfig

$_scopeConfig
protected

Definition at line 38 of file Validator.php.

◆ $_scopeType

$_scopeType
protected

Definition at line 53 of file Validator.php.

◆ $_skippedAgentList

$_skippedAgentList
protected

Definition at line 48 of file Validator.php.

◆ VALIDATOR_HTTP_USER_AGENT_KEY

const VALIDATOR_HTTP_USER_AGENT_KEY = 'http_user_agent'

Definition at line 19 of file Validator.php.

◆ VALIDATOR_HTTP_VIA_KEY

const VALIDATOR_HTTP_VIA_KEY = 'http_via'

Definition at line 23 of file Validator.php.

◆ VALIDATOR_HTTP_X_FORWARDED_FOR_KEY

const VALIDATOR_HTTP_X_FORWARDED_FOR_KEY = 'http_x_forwarded_for'

Definition at line 21 of file Validator.php.

◆ VALIDATOR_KEY

const VALIDATOR_KEY = '_session_validator_data'

Definition at line 17 of file Validator.php.

◆ VALIDATOR_REMOTE_ADDR_KEY

const VALIDATOR_REMOTE_ADDR_KEY = 'remote_addr'

Definition at line 25 of file Validator.php.

◆ XML_PATH_USE_HTTP_VIA

const XML_PATH_USE_HTTP_VIA = 'web/session/use_http_via'

Definition at line 29 of file Validator.php.

◆ XML_PATH_USE_REMOTE_ADDR

const XML_PATH_USE_REMOTE_ADDR = 'web/session/use_remote_addr'

Definition at line 27 of file Validator.php.

◆ XML_PATH_USE_USER_AGENT

const XML_PATH_USE_USER_AGENT = 'web/session/use_http_user_agent'

Definition at line 33 of file Validator.php.

◆ XML_PATH_USE_X_FORWARDED

const XML_PATH_USE_X_FORWARDED = 'web/session/use_http_x_forwarded_for'

Definition at line 31 of file Validator.php.

The documentation for this class was generated from the following file: