Magento Extensions Rating 2024
Magento 2 Documentation  2.3
Documentation for Magento 2 CMS v2.3 (December 2018)
Validator.php
Go to the documentation of this file.
1 <?php
7 namespace Magento\Framework\Session;
8 
9 use Magento\Framework\Exception\SessionException;
10 use Magento\Framework\Phrase;
11 
15 class Validator implements ValidatorInterface
16 {
17  const VALIDATOR_KEY = '_session_validator_data';
18 
19  const VALIDATOR_HTTP_USER_AGENT_KEY = 'http_user_agent';
20 
21  const VALIDATOR_HTTP_X_FORWARDED_FOR_KEY = 'http_x_forwarded_for';
22 
23  const VALIDATOR_HTTP_VIA_KEY = 'http_via';
24 
25  const VALIDATOR_REMOTE_ADDR_KEY = 'remote_addr';
26 
27  const XML_PATH_USE_REMOTE_ADDR = 'web/session/use_remote_addr';
28 
29  const XML_PATH_USE_HTTP_VIA = 'web/session/use_http_via';
30 
31  const XML_PATH_USE_X_FORWARDED = 'web/session/use_http_x_forwarded_for';
32 
33  const XML_PATH_USE_USER_AGENT = 'web/session/use_http_user_agent';
34 
38  protected $_scopeConfig;
39 
43  protected $_remoteAddress;
44 
48  protected $_skippedAgentList;
49 
53  protected $_scopeType;
54 
61  public function __construct(
62  \Magento\Framework\App\Config\ScopeConfigInterface $scopeConfig,
63  \Magento\Framework\HTTP\PhpEnvironment\RemoteAddress $remoteAddress,
64  $scopeType,
65  array $skippedUserAgentList = []
66  ) {
67  $this->_scopeConfig = $scopeConfig;
68  $this->_remoteAddress = $remoteAddress;
69  $this->_skippedAgentList = $skippedUserAgentList;
70  $this->_scopeType = $scopeType;
71  }
72 
80  public function validate(SessionManagerInterface $session)
81  {
82  if (!isset($_SESSION[self::VALIDATOR_KEY])) {
83  $_SESSION[self::VALIDATOR_KEY] = $this->_getSessionEnvironment();
84  } else {
85  try {
86  $this->_validate();
87  } catch (SessionException $e) {
88  $session->destroy(['clear_storage' => false]);
89  // throw core session exception
90  throw $e;
91  }
92  }
93  }
94 
102  protected function _validate()
103  {
104  $sessionData = $_SESSION[self::VALIDATOR_KEY];
105  $validatorData = $this->_getSessionEnvironment();
106 
107  if ($this->_scopeConfig->getValue(
108  self::XML_PATH_USE_REMOTE_ADDR,
109  $this->_scopeType
110  ) && $sessionData[self::VALIDATOR_REMOTE_ADDR_KEY] != $validatorData[self::VALIDATOR_REMOTE_ADDR_KEY]
111  ) {
112  throw new SessionException(
113  new Phrase(
114  'The "%1" session value is invalid. Verify and try again.',
115  [self::VALIDATOR_REMOTE_ADDR_KEY]
116  )
117  );
118  }
119  if ($this->_scopeConfig->getValue(
120  self::XML_PATH_USE_HTTP_VIA,
121  $this->_scopeType
122  ) && $sessionData[self::VALIDATOR_HTTP_VIA_KEY] != $validatorData[self::VALIDATOR_HTTP_VIA_KEY]
123  ) {
124  throw new SessionException(
125  new Phrase(
126  'The "%1" session value is invalid. Verify and try again.',
127  [self::VALIDATOR_HTTP_VIA_KEY]
128  )
129  );
130  }
131 
132  $httpXForwardedKey = $sessionData[self::VALIDATOR_HTTP_X_FORWARDED_FOR_KEY];
133  $validatorXForwarded = $validatorData[self::VALIDATOR_HTTP_X_FORWARDED_FOR_KEY];
134  if ($this->_scopeConfig->getValue(
135  self::XML_PATH_USE_X_FORWARDED,
136  $this->_scopeType
137  ) && $httpXForwardedKey != $validatorXForwarded
138  ) {
139  throw new SessionException(
140  new Phrase(
141  'The "%1" session value is invalid. Verify and try again.',
142  [self::VALIDATOR_HTTP_X_FORWARDED_FOR_KEY]
143  )
144  );
145  }
146  if ($this->_scopeConfig->getValue(
147  self::XML_PATH_USE_USER_AGENT,
148  $this->_scopeType
149  ) && $sessionData[self::VALIDATOR_HTTP_USER_AGENT_KEY] != $validatorData[self::VALIDATOR_HTTP_USER_AGENT_KEY]
150  ) {
151  foreach ($this->_skippedAgentList as $agent) {
152  if (preg_match('/' . $agent . '/iu', $validatorData[self::VALIDATOR_HTTP_USER_AGENT_KEY])) {
153  return true;
154  }
155  }
156  throw new SessionException(
157  new Phrase(
158  'The "%1" session value is invalid. Verify and try again.',
159  [self::VALIDATOR_HTTP_USER_AGENT_KEY]
160  )
161  );
162  }
163 
164  return true;
165  }
166 
172  protected function _getSessionEnvironment()
173  {
174  $parts = [
175  self::VALIDATOR_REMOTE_ADDR_KEY => '',
176  self::VALIDATOR_HTTP_VIA_KEY => '',
177  self::VALIDATOR_HTTP_X_FORWARDED_FOR_KEY => '',
178  self::VALIDATOR_HTTP_USER_AGENT_KEY => '',
179  ];
180 
181  // collect ip data
182  if ($this->_remoteAddress->getRemoteAddress()) {
183  $parts[self::VALIDATOR_REMOTE_ADDR_KEY] = $this->_remoteAddress->getRemoteAddress();
184  }
185  if (isset($_ENV['HTTP_VIA'])) {
186  $parts[self::VALIDATOR_HTTP_VIA_KEY] = (string)$_ENV['HTTP_VIA'];
187  }
188  if (isset($_ENV['HTTP_X_FORWARDED_FOR'])) {
189  $parts[self::VALIDATOR_HTTP_X_FORWARDED_FOR_KEY] = (string)$_ENV['HTTP_X_FORWARDED_FOR'];
190  }
191 
192  // collect user agent data
193  if (isset($_SERVER['HTTP_USER_AGENT'])) {
194  $parts[self::VALIDATOR_HTTP_USER_AGENT_KEY] = (string)$_SERVER['HTTP_USER_AGENT'];
195  }
196 
197  return $parts;
198  }
199 }
Magento\Framework\Session\Validator\validate
validate(SessionManagerInterface $session)
Definition: Validator.php:80
$session
$session
Definition: quote_with_configurable_product_last_variation.php:62
Magento\Framework\Session\Validator\__construct
__construct(\Magento\Framework\App\Config\ScopeConfigInterface $scopeConfig, \Magento\Framework\HTTP\PhpEnvironment\RemoteAddress $remoteAddress, $scopeType, array $skippedUserAgentList=[])
Definition: Validator.php:61