Merged in release/3.2.2 (pull request #6128)

release/3.2.2 Approved-by: Paula Quispe <paula.quispe@processmaker.com>
2017-10-20 12:47:58 +00:00
parent 2032b5076a 4eb81fd01e
commit dd317925c5
24 changed files with 719 additions and 511 deletions
--- a/workflow/engine/src/ProcessMaker/Util/helpers.php
+++ b/workflow/engine/src/ProcessMaker/Util/helpers.php
@@ -1,4 +1,8 @@
 <?php
+
+use Illuminate\Session\TokenMismatchException;
+use Illuminate\Support\Str;
+
 /**
 * We will send a case note in the actions by email
 * @param object $httpData
@@ -361,3 +365,46 @@ function eprintln ($s = "", $c = null)
        print "$s\n";
    }
 }
+
+/**
+ * Initialize the user logged session
+ */
+function initUserSession($usrUid, $usrName)
+{
+    $_SESSION['USER_LOGGED'] = $usrUid;
+    $_SESSION['USR_USERNAME'] = $usrName;
+    $_SESSION['USR_CSRF_TOKEN'] = Str::random(40);
+}
+
+/**
+ * Verify token for an incoming request.
+ *
+ * @param type $request
+ * @throws TokenMismatchException
+ */
+function verifyCsrfToken($request)
+{
+    $headers = getallheaders();
+    $token = isset($request['_token'])
+        ? $request['_token']
+        : (isset($headers['X-CSRF-TOKEN'])
+        ? $headers['X-CSRF-TOKEN']
+        : null);
+    $match = is_string($_SESSION['USR_CSRF_TOKEN'])
+        && is_string($token)
+        && !empty($_SESSION['USR_CSRF_TOKEN'])
+        && hash_equals($_SESSION['USR_CSRF_TOKEN'], $token);
+    if (!$match) {
+        throw new TokenMismatchException();
+    }
+}
+
+/**
+ * Get the current user CSRF token.
+ *
+ * @return string
+ */
+function csrfToken()
+{
+    return isset($_SESSION['USR_CSRF_TOKEN']) ? $_SESSION['USR_CSRF_TOKEN'] : '';
+}