From f71e49690f57e79f09bd67516e97f2898ac60900 Mon Sep 17 00:00:00 2001 From: Stefano Torresi Date: Wed, 5 Mar 2014 17:16:31 +0100 Subject: [PATCH 01/11] add test that simulate new validator construction --- test/CsrfTest.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/test/CsrfTest.php b/test/CsrfTest.php index 27fe3127c..ccb6f5260 100644 --- a/test/CsrfTest.php +++ b/test/CsrfTest.php @@ -187,4 +187,13 @@ public function testSettingNewSessionContainerSetsHashInNewContainer() $test = $container->hash; // Doing this, as expiration hops are 1; have to grab on first access $this->assertEquals($hash, $test); } + + public function testCanValidateWithOldBehaviour() + { + $hash = $this->validator->getHash(); + + $validator = new Csrf(); + + $this->assertTrue($validator->isValid($hash)); + } } From 62bbde8662db104a0907421ed2ac95c382bacb6c Mon Sep 17 00:00:00 2001 From: Stefano Torresi Date: Wed, 5 Mar 2014 16:18:12 +0100 Subject: [PATCH 02/11] add test case --- test/CsrfTest.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/test/CsrfTest.php b/test/CsrfTest.php index ccb6f5260..0b92c01e3 100644 --- a/test/CsrfTest.php +++ b/test/CsrfTest.php @@ -196,4 +196,16 @@ public function testCanValidateWithOldBehaviour() $this->assertTrue($validator->isValid($hash)); } + + public function testMultipleValidatorsDontConflict() + { + $validatorOne = new Csrf(); + $validatorTwo = new Csrf(); + + $containerOne = $validatorOne->getSession(); + $containerTwo = $validatorOne->getSession(); + + $this->assertSame($containerOne, $containerTwo); + $this->assertNotEquals($validatorOne->getHash() , $validatorTwo->getHash()); + } } From 6a1727df8518efe326fd7906109875660b9241e5 Mon Sep 17 00:00:00 2001 From: Stefano Torresi Date: Wed, 5 Mar 2014 17:14:19 +0100 Subject: [PATCH 03/11] add $hashList session stored array --- src/Csrf.php | 49 ++++++++++++++++++++++++++++++++++++----------- test/CsrfTest.php | 5 ++++- 2 files changed, 42 insertions(+), 12 deletions(-) diff --git a/src/Csrf.php b/src/Csrf.php index 66f415727..8e0715190 100644 --- a/src/Csrf.php +++ b/src/Csrf.php @@ -68,6 +68,11 @@ class Csrf extends AbstractValidator */ protected $timeout = 300; + /** + * @var string + */ + protected $hashId; + /** * Constructor * @@ -117,9 +122,21 @@ public function isValid($value, $context = null) { $this->setValue((string) $value); - $hash = $this->getValidationToken(); + $valueArr = explode('_', $value); - if ($value !== $hash) { + $hashId = null; + + if (count($valueArr) > 1) { + $hashId = $valueArr[0]; + $hashValue = $valueArr[1]; + } else { + $hashId = $this->hashId; + $hashValue = $value; + } + + $hash = $this->getValidationToken($hashId); + + if ($hashValue !== $hash) { $this->error(self::NOT_SAME); return false; } @@ -215,9 +232,10 @@ public function getHash($regenerate = false) { if ((null === $this->hash) || $regenerate) { if ($regenerate) { + $this->hashId = null; $this->hash = null; } else { - $this->hash = $this->getValidationToken(); + $this->hash = $this->getValidationToken($this->hashId); } if (null === $this->hash) { $this->generateHash(); @@ -275,7 +293,14 @@ protected function initCsrfToken() if (null !== $timeout) { $session->setExpirationSeconds($timeout); } - $session->hash = $this->getHash(); + + $hash = $this->getHash(); + + if (! $session->hashList) { + $session->hashList = array(); + } + $session->hashList[$this->hashId] = $hash; + $session->hash = $hash; // @todo remove this, left for BC } /** @@ -288,13 +313,15 @@ protected function initCsrfToken() */ protected function generateHash() { - if (isset(static::$hashCache[$this->getSessionName()])) { - $this->hash = static::$hashCache[$this->getSessionName()]; + $this->hashId = md5(Rand::getBytes(32)); + + if (isset(static::$hashCache[$this->getSessionName()][$this->hashId])) { + $this->hash = static::$hashCache[$this->getSessionName()][$this->hashId]; } else { $this->hash = md5($this->getSalt() . Rand::getBytes(32) . $this->getName()); - static::$hashCache[$this->getSessionName()] = $this->hash; + static::$hashCache[$this->getSessionName()][$this->hashId] = $this->hash; } - $this->setValue($this->hash); + $this->setValue(sprintf('%s_%s', $this->hashId, $this->hash)); $this->initCsrfToken(); } @@ -305,11 +332,11 @@ protected function generateHash() * * @return null|string */ - protected function getValidationToken() + protected function getValidationToken($hashId = null) { $session = $this->getSession(); - if (isset($session->hash)) { - return $session->hash; + if ($hashId && isset($session->hashList[$hashId])) { + return $session->hashList[$hashId]; } return null; } diff --git a/test/CsrfTest.php b/test/CsrfTest.php index 0b92c01e3..b1a3b43ca 100644 --- a/test/CsrfTest.php +++ b/test/CsrfTest.php @@ -206,6 +206,9 @@ public function testMultipleValidatorsDontConflict() $containerTwo = $validatorOne->getSession(); $this->assertSame($containerOne, $containerTwo); - $this->assertNotEquals($validatorOne->getHash() , $validatorTwo->getHash()); + + $hashOne = $validatorOne->getHash(); + $hashTwo = $validatorTwo->getHash(); + $this->assertNotEquals($hashOne , $hashTwo); } } From 9b159f53f1b379d34819465194b91b9c3d981fb7 Mon Sep 17 00:00:00 2001 From: Stefano Torresi Date: Wed, 5 Mar 2014 17:38:46 +0100 Subject: [PATCH 04/11] Revert "add test that simulate new validator construction" This reverts commit 3afc417c83653e638435611d32a93bac2a81f11d. test was irrelevant and misleading --- test/CsrfTest.php | 9 --------- 1 file changed, 9 deletions(-) diff --git a/test/CsrfTest.php b/test/CsrfTest.php index b1a3b43ca..0aa66457c 100644 --- a/test/CsrfTest.php +++ b/test/CsrfTest.php @@ -188,15 +188,6 @@ public function testSettingNewSessionContainerSetsHashInNewContainer() $this->assertEquals($hash, $test); } - public function testCanValidateWithOldBehaviour() - { - $hash = $this->validator->getHash(); - - $validator = new Csrf(); - - $this->assertTrue($validator->isValid($hash)); - } - public function testMultipleValidatorsDontConflict() { $validatorOne = new Csrf(); From 8c9d32e8193c7d8795cc840b009e0835736a7d1d Mon Sep 17 00:00:00 2001 From: Stefano Torresi Date: Wed, 5 Mar 2014 17:45:39 +0100 Subject: [PATCH 05/11] add validation testing with both composite and simple value --- src/Csrf.php | 27 ++++++++++++++++++++++++++- test/CsrfTest.php | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/src/Csrf.php b/src/Csrf.php index 8e0715190..537aa918b 100644 --- a/src/Csrf.php +++ b/src/Csrf.php @@ -73,6 +73,11 @@ class Csrf extends AbstractValidator */ protected $hashId; + /** + * @var string + */ + protected $format = '%s_%s'; + /** * Constructor * @@ -104,6 +109,9 @@ public function __construct($options = array()) case 'timeout': $this->setTimeout($value); break; + case 'format': + $this->setFormat($value); + break; default: // ignore unknown options break; @@ -321,7 +329,7 @@ protected function generateHash() $this->hash = md5($this->getSalt() . Rand::getBytes(32) . $this->getName()); static::$hashCache[$this->getSessionName()][$this->hashId] = $this->hash; } - $this->setValue(sprintf('%s_%s', $this->hashId, $this->hash)); + $this->setValue(sprintf($this->getFormat(), $this->hashId, $this->hash)); $this->initCsrfToken(); } @@ -330,6 +338,7 @@ protected function generateHash() * * Retrieve token from session, if it exists. * + * @param string $hashId * @return null|string */ protected function getValidationToken($hashId = null) @@ -340,4 +349,20 @@ protected function getValidationToken($hashId = null) } return null; } + + /** + * @return string + */ + public function getFormat() + { + return $this->format; + } + + /** + * @param string $format + */ + public function setFormat($format) + { + $this->format = $format; + } } diff --git a/test/CsrfTest.php b/test/CsrfTest.php index 0aa66457c..0f0f1c0e5 100644 --- a/test/CsrfTest.php +++ b/test/CsrfTest.php @@ -202,4 +202,38 @@ public function testMultipleValidatorsDontConflict() $hashTwo = $validatorTwo->getHash(); $this->assertNotEquals($hashOne , $hashTwo); } + + public function tesCanValidateOnlyHisOwnTokenWhenPlainHashIsSupplied() + { + $validatorOne = new Csrf(); + $validatorTwo = new Csrf(); + + $hashOne = $validatorOne->getHash(); + $hashTwo = $validatorTwo->getHash(); + + $this->assertTrue($validatorOne->isValid($hashOne)); + $this->assertFalse($validatorOne->isValid($hashTwo)); + $this->assertFalse($validatorTwo->isValid($hashOne)); + $this->assertTrue($validatorTwo->isValid($hashTwo)); + } + + public function testCanValidateAnyTokenWhenCompositeValueIsSupplied() + { + $validatorOne = new Csrf(); + $validatorTwo = new Csrf(); + + $hashOne = $validatorOne->getHash(); + $hashTwo = $validatorTwo->getHash(); + + $hashIdOne = $this->readAttribute($validatorOne, 'hashId'); + $hashIdTwo = $this->readAttribute($validatorTwo, 'hashId'); + + $valueOne = sprintf($validatorOne->getFormat(), $hashIdOne, $hashOne); + $valueTwo = sprintf($validatorTwo->getFormat(), $hashIdTwo, $hashTwo); + + $this->assertTrue($validatorOne->isValid($valueOne)); + $this->assertTrue($validatorOne->isValid($valueTwo)); + $this->assertTrue($validatorTwo->isValid($valueOne)); + $this->assertTrue($validatorTwo->isValid($valueTwo)); + } } From 4279293b387d0723946719e50ca42198e9cbd2d0 Mon Sep 17 00:00:00 2001 From: Stefano Torresi Date: Wed, 5 Mar 2014 23:25:03 +0100 Subject: [PATCH 06/11] streamline csrf validator --- src/Csrf.php | 99 +++++++++++++++++++++++------------------------ test/CsrfTest.php | 26 ++----------- 2 files changed, 52 insertions(+), 73 deletions(-) diff --git a/src/Csrf.php b/src/Csrf.php index 537aa918b..511cce60c 100644 --- a/src/Csrf.php +++ b/src/Csrf.php @@ -68,16 +68,6 @@ class Csrf extends AbstractValidator */ protected $timeout = 300; - /** - * @var string - */ - protected $hashId; - - /** - * @var string - */ - protected $format = '%s_%s'; - /** * Constructor * @@ -109,9 +99,6 @@ public function __construct($options = array()) case 'timeout': $this->setTimeout($value); break; - case 'format': - $this->setFormat($value); - break; default: // ignore unknown options break; @@ -130,21 +117,10 @@ public function isValid($value, $context = null) { $this->setValue((string) $value); - $valueArr = explode('_', $value); - - $hashId = null; - - if (count($valueArr) > 1) { - $hashId = $valueArr[0]; - $hashValue = $valueArr[1]; - } else { - $hashId = $this->hashId; - $hashValue = $value; - } + $tokenId = $this->getTokenIdFromHash($value); + $hash = $this->getValidationToken($tokenId); - $hash = $this->getValidationToken($hashId); - - if ($hashValue !== $hash) { + if ($value !== $hash) { $this->error(self::NOT_SAME); return false; } @@ -240,10 +216,9 @@ public function getHash($regenerate = false) { if ((null === $this->hash) || $regenerate) { if ($regenerate) { - $this->hashId = null; $this->hash = null; } else { - $this->hash = $this->getValidationToken($this->hashId); + $this->hash = $this->getValidationToken(); } if (null === $this->hash) { $this->generateHash(); @@ -296,18 +271,19 @@ public function getTimeout() protected function initCsrfToken() { $session = $this->getSession(); - //$session->setExpirationHops(1, null); $timeout = $this->getTimeout(); if (null !== $timeout) { $session->setExpirationSeconds($timeout); } $hash = $this->getHash(); + $token = $this->getTokenFromHash($hash); + $tokenId = $this->getTokenIdFromHash($hash); - if (! $session->hashList) { - $session->hashList = array(); + if (! $session->tokenList) { + $session->tokenList = array(); } - $session->hashList[$this->hashId] = $hash; + $session->tokenList[$tokenId] = $token; $session->hash = $hash; // @todo remove this, left for BC } @@ -321,15 +297,12 @@ protected function initCsrfToken() */ protected function generateHash() { - $this->hashId = md5(Rand::getBytes(32)); + $tokenId = md5(Rand::getBytes(32)); + $token = md5($this->getSalt() . Rand::getBytes(32) . $this->getName()); - if (isset(static::$hashCache[$this->getSessionName()][$this->hashId])) { - $this->hash = static::$hashCache[$this->getSessionName()][$this->hashId]; - } else { - $this->hash = md5($this->getSalt() . Rand::getBytes(32) . $this->getName()); - static::$hashCache[$this->getSessionName()][$this->hashId] = $this->hash; - } - $this->setValue(sprintf($this->getFormat(), $this->hashId, $this->hash)); + $this->hash = $this->formatHash($token, $tokenId); + + $this->setValue($this->hash); $this->initCsrfToken(); } @@ -338,31 +311,57 @@ protected function generateHash() * * Retrieve token from session, if it exists. * - * @param string $hashId + * @param string $value * @return null|string */ - protected function getValidationToken($hashId = null) + protected function getValidationToken($tokenId = null) { $session = $this->getSession(); - if ($hashId && isset($session->hashList[$hashId])) { - return $session->hashList[$hashId]; + + if (! $tokenId && ! empty($session->tokenList)) { + $ids = array_keys($session->tokenList); + $tokenId = array_shift($ids); + } + + if ($tokenId && isset($session->tokenList[$tokenId])) { + return $this->formatHash($session->tokenList[$tokenId], $tokenId); } + return null; } /** + * @param $token + * @param $tokenId + * @return string + */ + protected function formatHash($token, $tokenId) + { + return sprintf('%s-%s', $token, $tokenId); + } + + /** + * @param $hash * @return string */ - public function getFormat() + protected function getTokenFromHash($hash) { - return $this->format; + $data = explode('-', $hash); + return $data[0] ?: null; } /** - * @param string $format + * @param $hash + * @return string */ - public function setFormat($format) + protected function getTokenIdFromHash($hash) { - $this->format = $format; + $data = explode('-', $hash); + + if (! isset($data[1])) { + return null; + } + + return $data[1]; } } diff --git a/test/CsrfTest.php b/test/CsrfTest.php index 0f0f1c0e5..48540de80 100644 --- a/test/CsrfTest.php +++ b/test/CsrfTest.php @@ -203,7 +203,7 @@ public function testMultipleValidatorsDontConflict() $this->assertNotEquals($hashOne , $hashTwo); } - public function tesCanValidateOnlyHisOwnTokenWhenPlainHashIsSupplied() + public function testCanValidateAnyHashWithinTheSameContainer() { $validatorOne = new Csrf(); $validatorTwo = new Csrf(); @@ -212,28 +212,8 @@ public function tesCanValidateOnlyHisOwnTokenWhenPlainHashIsSupplied() $hashTwo = $validatorTwo->getHash(); $this->assertTrue($validatorOne->isValid($hashOne)); - $this->assertFalse($validatorOne->isValid($hashTwo)); - $this->assertFalse($validatorTwo->isValid($hashOne)); + $this->assertTrue($validatorOne->isValid($hashTwo)); + $this->assertTrue($validatorTwo->isValid($hashOne)); $this->assertTrue($validatorTwo->isValid($hashTwo)); } - - public function testCanValidateAnyTokenWhenCompositeValueIsSupplied() - { - $validatorOne = new Csrf(); - $validatorTwo = new Csrf(); - - $hashOne = $validatorOne->getHash(); - $hashTwo = $validatorTwo->getHash(); - - $hashIdOne = $this->readAttribute($validatorOne, 'hashId'); - $hashIdTwo = $this->readAttribute($validatorTwo, 'hashId'); - - $valueOne = sprintf($validatorOne->getFormat(), $hashIdOne, $hashOne); - $valueTwo = sprintf($validatorTwo->getFormat(), $hashIdTwo, $hashTwo); - - $this->assertTrue($validatorOne->isValid($valueOne)); - $this->assertTrue($validatorOne->isValid($valueTwo)); - $this->assertTrue($validatorTwo->isValid($valueOne)); - $this->assertTrue($validatorTwo->isValid($valueTwo)); - } } From 3ccce1f3573e566b3ffa760bfa914a252f7231f9 Mon Sep 17 00:00:00 2001 From: Stefano Torresi Date: Wed, 5 Mar 2014 23:26:39 +0100 Subject: [PATCH 07/11] always generate a new token but when validating --- src/Csrf.php | 20 ++++++++++++++++---- test/CsrfTest.php | 21 ++++++++++++++++++++- 2 files changed, 36 insertions(+), 5 deletions(-) diff --git a/src/Csrf.php b/src/Csrf.php index 511cce60c..88bf18641 100644 --- a/src/Csrf.php +++ b/src/Csrf.php @@ -39,6 +39,7 @@ class Csrf extends AbstractValidator /** * Static cache of the session names to generated hashes + * @todo unused, left here to avoid BC breaks * * @var array */ @@ -218,7 +219,7 @@ public function getHash($regenerate = false) if ($regenerate) { $this->hash = null; } else { - $this->hash = $this->getValidationToken(); + $this->hash = $this->getValidationToken($this->generateTokenId()); } if (null === $this->hash) { $this->generateHash(); @@ -297,27 +298,38 @@ protected function initCsrfToken() */ protected function generateHash() { - $tokenId = md5(Rand::getBytes(32)); $token = md5($this->getSalt() . Rand::getBytes(32) . $this->getName()); - $this->hash = $this->formatHash($token, $tokenId); + $this->hash = $this->formatHash($token, $this->generateTokenId()); $this->setValue($this->hash); $this->initCsrfToken(); } + /** + * @return string + */ + protected function generateTokenId() + { + return md5(Rand::getBytes(32)); + } + /** * Get validation token * * Retrieve token from session, if it exists. * - * @param string $value + * @param string $tokenId * @return null|string */ protected function getValidationToken($tokenId = null) { $session = $this->getSession(); + /** + * if no tokenId is passed we just grub the first one available. + * this handle validation of an old hash + */ if (! $tokenId && ! empty($session->tokenList)) { $ids = array_keys($session->tokenList); $tokenId = array_shift($ids); diff --git a/test/CsrfTest.php b/test/CsrfTest.php index 48540de80..13ef3e57b 100644 --- a/test/CsrfTest.php +++ b/test/CsrfTest.php @@ -188,7 +188,7 @@ public function testSettingNewSessionContainerSetsHashInNewContainer() $this->assertEquals($hash, $test); } - public function testMultipleValidatorsDontConflict() + public function testMultipleValidatorsSharingContainerGenerateDifferentHashes() { $validatorOne = new Csrf(); $validatorTwo = new Csrf(); @@ -216,4 +216,23 @@ public function testCanValidateAnyHashWithinTheSameContainer() $this->assertTrue($validatorTwo->isValid($hashOne)); $this->assertTrue($validatorTwo->isValid($hashTwo)); } + + public function testCannotValidateHashesOfOtherContainers() + { + $validatorOne = new Csrf(); + $validatorTwo = new Csrf(array('name' => 'foo')); + + $containerOne = $validatorOne->getSession(); + $containerTwo = $validatorTwo->getSession(); + + $this->assertNotSame($containerOne, $containerTwo); + + $hashOne = $validatorOne->getHash(); + $hashTwo = $validatorTwo->getHash(); + + $this->assertTrue($validatorOne->isValid($hashOne)); + $this->assertFalse($validatorOne->isValid($hashTwo)); + $this->assertFalse($validatorTwo->isValid($hashOne)); + $this->assertTrue($validatorTwo->isValid($hashTwo)); + } } From e3718385c45597acfca819b53ce3b8f6ead4da1a Mon Sep 17 00:00:00 2001 From: Stefano Torresi Date: Thu, 6 Mar 2014 00:01:54 +0100 Subject: [PATCH 08/11] add csrf expiration test --- test/CsrfTest.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/test/CsrfTest.php b/test/CsrfTest.php index 13ef3e57b..4772efcf9 100644 --- a/test/CsrfTest.php +++ b/test/CsrfTest.php @@ -235,4 +235,18 @@ public function testCannotValidateHashesOfOtherContainers() $this->assertFalse($validatorTwo->isValid($hashOne)); $this->assertTrue($validatorTwo->isValid($hashTwo)); } + + public function testCannotReValidateAnExpiredHash() + { + $hash = $this->validator->getHash(); + + $this->assertTrue($this->validator->isValid($hash)); + + $this->sessionManager->getStorage()->setMetadata( + $this->validator->getSession()->getName(), + array('EXPIRE' => $_SERVER['REQUEST_TIME'] - 18600) + ); + + $this->assertFalse($this->validator->isValid($hash)); + } } From 87da25844b50734c2462d11009dc34e2e6a7b06d Mon Sep 17 00:00:00 2001 From: Stefano Torresi Date: Thu, 6 Mar 2014 00:06:21 +0100 Subject: [PATCH 09/11] better csrf BC behaviour --- src/Csrf.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/Csrf.php b/src/Csrf.php index 88bf18641..66120d0b9 100644 --- a/src/Csrf.php +++ b/src/Csrf.php @@ -327,12 +327,11 @@ protected function getValidationToken($tokenId = null) $session = $this->getSession(); /** - * if no tokenId is passed we just grub the first one available. - * this handle validation of an old hash + * if no tokenId is passed we revert to the old behaviour + * @todo remove, here for BC */ - if (! $tokenId && ! empty($session->tokenList)) { - $ids = array_keys($session->tokenList); - $tokenId = array_shift($ids); + if (! $tokenId && isset($session->hash)) { + return $session->hash; } if ($tokenId && isset($session->tokenList[$tokenId])) { From f2fdd2b77bd08f627bcbf59b26781b894fd4e9b7 Mon Sep 17 00:00:00 2001 From: Stefano Torresi Date: Thu, 6 Mar 2014 00:25:20 +0100 Subject: [PATCH 10/11] ensure csrf BC --- src/Csrf.php | 2 +- test/CsrfTest.php | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/Csrf.php b/src/Csrf.php index 66120d0b9..d612f7428 100644 --- a/src/Csrf.php +++ b/src/Csrf.php @@ -121,7 +121,7 @@ public function isValid($value, $context = null) $tokenId = $this->getTokenIdFromHash($value); $hash = $this->getValidationToken($tokenId); - if ($value !== $hash) { + if ($this->getTokenFromHash($value) !== $this->getTokenFromHash($hash)) { $this->error(self::NOT_SAME); return false; } diff --git a/test/CsrfTest.php b/test/CsrfTest.php index 4772efcf9..7c2f8511e 100644 --- a/test/CsrfTest.php +++ b/test/CsrfTest.php @@ -249,4 +249,15 @@ public function testCannotReValidateAnExpiredHash() $this->assertFalse($this->validator->isValid($hash)); } + + public function testCanValidateHasheWithoutId() + { + $method = new \ReflectionMethod(get_class($this->validator), 'getTokenFromHash'); + $method->setAccessible(true); + + $hash = $this->validator->getHash(); + $bareToken = $method->invoke($this->validator, $hash); + + $this->assertTrue($this->validator->isValid($bareToken)); + } } From cb2ce1e744df09c5c4dd9e0ee2ff79f567fc0861 Mon Sep 17 00:00:00 2001 From: Stefano Torresi Date: Thu, 6 Mar 2014 00:36:38 +0100 Subject: [PATCH 11/11] clean getHash up --- src/Csrf.php | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/src/Csrf.php b/src/Csrf.php index d612f7428..6272c0be7 100644 --- a/src/Csrf.php +++ b/src/Csrf.php @@ -216,14 +216,7 @@ public function getSalt() public function getHash($regenerate = false) { if ((null === $this->hash) || $regenerate) { - if ($regenerate) { - $this->hash = null; - } else { - $this->hash = $this->getValidationToken($this->generateTokenId()); - } - if (null === $this->hash) { - $this->generateHash(); - } + $this->generateHash(); } return $this->hash; }