26406401144

Committed 25 May 2026 02:49PM UTC coverage: 21.037% (-0.06%) from 21.101%

Build # 26406401144

Build Type

push

github

Committed by

SyntaxPilot

Commit Message

update session storage for csrf tokens

Coverage Stats

0 of 19 new or added lines in 1 file covered. (0.0%)

276 of 1312 relevant lines covered (21.04%)

0.56 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/Security/SessionCsrfTokenStorage.php

<?php
/**
 * Copyright (c) 2027 Nicholas English
 *
 * This file is licensed under the MIT License.
 * See the LICENSE file in the project root for full license information.
 */

declare(strict_types=1);

namespace SyntaxPilot\Session\Security;

use SyntaxPilot\Security\Csrf\CsrfTokenPayload;
use SyntaxPilot\Security\Csrf\CsrfTokenStorageInterface;
use SyntaxPilot\Session\Contract\SessionStoreInterface;

/**
 * Session-backed CSRF token storage.
 */
final class SessionCsrfTokenStorage implements CsrfTokenStorageInterface
{
    public function __construct(
        private readonly SessionStoreInterface $session,
        private readonly string $key = '_csrf_tokens',
    ) {
    }

    public function get(string $id): ?CsrfTokenPayload
    {
        $tokens = $this->tokens();

        $payload = $tokens[$id] ?? null;

        return is_array($payload) ? CsrfTokenPayload::fromArray($payload) : null;
    }

    public function set(string $id, CsrfTokenPayload $payload): void
    {
        $tokens = $this->tokens();

        $tokens[$id] = $payload->toArray();

        $this->session->set($this->key, $tokens);
    }

    public function has(string $id): bool
    {
        return $this->get($id) instanceof CsrfTokenPayload;
    }

    public function remove(string $id): void
    {
        $tokens = $this->tokens();

        unset($tokens[$id]);

        $this->session->set($this->key, $tokens);
    }

    public function clear(): void
    {
        $this->session->remove($this->key);
    }

    public function prune(): void
    {
        $tokens = $this->tokens();

        foreach ($tokens as $id => $payload) {
            if (!is_array($payload)) {
                unset($tokens[$id]);
                continue;
            }

            $csrfPayload = CsrfTokenPayload::fromArray($payload);

            if (!$csrfPayload instanceof CsrfTokenPayload || $csrfPayload->isExpired()) {
                unset($tokens[$id]);
            }
        }

        $this->session->set($this->key, $tokens);
    }

    /**
     * @return array<string, mixed>
     */
    private function tokens(): array
    {
        $tokens = $this->session->get($this->key, []);

        return is_array($tokens) ? $tokens : [];
    }
}

1	<?php
2	/**
3	* Copyright (c) 2027 Nicholas English
4	*
5	* This file is licensed under the MIT License.
6	* See the LICENSE file in the project root for full license information.
7	*/
8
9	declare(strict_types=1);
10
11	namespace SyntaxPilot\Session\Security;
12
13	use SyntaxPilot\Security\Csrf\CsrfTokenPayload;
14	use SyntaxPilot\Security\Csrf\CsrfTokenStorageInterface;
15	use SyntaxPilot\Session\Contract\SessionStoreInterface;
16
17	/**
18	* Session-backed CSRF token storage.
19	*/
20	final class SessionCsrfTokenStorage implements CsrfTokenStorageInterface
21	{
22	public function __construct(	×
23	private readonly SessionStoreInterface $session,
24	private readonly string $key = '_csrf_tokens',
25	) {
26	}	×
27
NEW 28	public function get(string $id): ?CsrfTokenPayload	×
29	{
30	$tokens = $this->tokens();	×
31
NEW 32	$payload = $tokens[$id] ?? null;	×
33
NEW 34	return is_array($payload) ? CsrfTokenPayload::fromArray($payload) : null;	×
35	}
36
NEW 37	public function set(string $id, CsrfTokenPayload $payload): void	×
38	{
39	$tokens = $this->tokens();	×
40
NEW 41	$tokens[$id] = $payload->toArray();	×
42
43	$this->session->set($this->key, $tokens);	×
44	}
45
46	public function has(string $id): bool	×
47	{
NEW 48	return $this->get($id) instanceof CsrfTokenPayload;	×
49	}
50
51	public function remove(string $id): void	×
52	{
53	$tokens = $this->tokens();	×
54
55	unset($tokens[$id]);	×
56
57	$this->session->set($this->key, $tokens);	×
58	}
59
60	public function clear(): void	×
61	{
62	$this->session->remove($this->key);	×
63	}
64
NEW 65	public function prune(): void	×
66	{
NEW 67	$tokens = $this->tokens();	×
68
NEW 69	foreach ($tokens as $id => $payload) {	×
NEW 70	if (!is_array($payload)) {	×
NEW 71	unset($tokens[$id]);	×
NEW 72	continue;	×
73	}
74
NEW 75	$csrfPayload = CsrfTokenPayload::fromArray($payload);	×
76
NEW 77	if (!$csrfPayload instanceof CsrfTokenPayload \|\| $csrfPayload->isExpired()) {	×
NEW 78	unset($tokens[$id]);	×
79	}
80	}
81
NEW 82	$this->session->set($this->key, $tokens);	×
83	}
84
85	/**
86	* @return array<string, mixed>
87	*/
NEW 88	private function tokens(): array	×
89	{
NEW 90	$tokens = $this->session->get($this->key, []);	×
91
NEW 92	return is_array($tokens) ? $tokens : [];	×
93	}
94	}

SyntaxPilot / Session / 26406401144

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous