PluginProbe ʕ •ᴥ•ʔ
Matomo Analytics – Powerful, Privacy-First Insights for WordPress / 5.2.0
Matomo Analytics – Powerful, Privacy-First Insights for WordPress v5.2.0
5.11.1 5.11.0 5.10.2 5.10.1 trunk 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.3.0 1.3.1 1.3.2 4.0.0 4.0.1 4.0.2 4.0.3 4.0.4 4.1.0 4.1.1 4.1.2 4.1.3 4.10.0 4.11.0 4.12.0 4.13.0 4.13.2 4.13.3 4.13.4 4.13.5 4.14.0 4.14.1 4.14.2 4.15.0 4.15.1 4.15.2 4.15.3 4.2.0 4.3.0 4.3.1 4.4.1 4.4.2 4.5.0 4.6.0 5.0.1 5.0.2 5.0.3 5.0.4 5.0.5 5.0.6 5.0.7 5.0.8 5.1.0 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.10.0 5.2.0 5.2.1 5.2.2 5.3.0 5.3.1 5.3.2 5.3.3 5.6.0 5.6.1 5.7.0 5.7.1 5.8.0 5.8.1 5.8.2
matomo / app / core / Nonce.php
matomo / app / core Last commit date
API 1 year ago Access 1 year ago Application 1 year ago Archive 1 year ago ArchiveProcessor 1 year ago Archiver 2 years ago AssetManager 1 year ago Auth 1 year ago Category 2 years ago Changes 1 year ago CliMulti 1 year ago Columns 1 year ago Concurrency 1 year ago Config 1 year ago Container 1 year ago CronArchive 1 year ago DataAccess 1 year ago DataFiles 2 years ago DataTable 1 year ago Db 1 year ago DeviceDetector 1 year ago Email 2 years ago Exception 1 year ago Http 1 year ago Intl 1 year ago Log 2 years ago Mail 1 year ago Measurable 1 year ago Menu 1 year ago Metrics 1 year ago Notification 1 year ago Period 1 year ago Plugin 1 year ago ProfessionalServices 1 year ago Report 1 year ago ReportRenderer 1 year ago Scheduler 1 year ago Segment 1 year ago Session 1 year ago Settings 1 year ago Tracker 1 year ago Translation 1 year ago Twig 1 year ago UpdateCheck 1 year ago Updater 1 year ago Updates 1 year ago Validators 1 year ago View 1 year ago ViewDataTable 1 year ago Visualization 1 year ago Widget 1 year ago .htaccess 2 years ago Access.php 1 year ago Archive.php 1 year ago ArchiveProcessor.php 1 year ago AssetManager.php 1 year ago Auth.php 2 years ago AuthResult.php 2 years ago BaseFactory.php 2 years ago Cache.php 2 years ago CacheId.php 1 year ago CliMulti.php 1 year ago Common.php 1 year ago Config.php 1 year ago Console.php 1 year ago Context.php 2 years ago Cookie.php 1 year ago CronArchive.php 1 year ago DI.php 1 year ago DataArray.php 1 year ago DataTable.php 1 year ago Date.php 1 year ago Db.php 1 year ago DbHelper.php 1 year ago Development.php 1 year ago ErrorHandler.php 1 year ago EventDispatcher.php 1 year ago ExceptionHandler.php 1 year ago FileIntegrity.php 1 year ago Filechecks.php 1 year ago Filesystem.php 1 year ago FrontController.php 1 year ago Http.php 1 year ago IP.php 1 year ago Log.php 2 years ago LogDeleter.php 1 year ago Mail.php 1 year ago Metrics.php 1 year ago NoAccessException.php 2 years ago Nonce.php 1 year ago Notification.php 1 year ago NumberFormatter.php 1 year ago Option.php 1 year ago Period.php 1 year ago Piwik.php 1 year ago Plugin.php 1 year ago Process.php 1 year ago Profiler.php 1 year ago ProxyHeaders.php 2 years ago ProxyHttp.php 1 year ago QuickForm2.php 1 year ago RankingQuery.php 1 year ago ReportRenderer.php 1 year ago Request.php 1 year ago Segment.php 1 year ago Sequence.php 2 years ago Session.php 1 year ago SettingsPiwik.php 1 year ago SettingsServer.php 1 year ago Singleton.php 2 years ago Site.php 1 year ago SiteContentDetector.php 1 year ago SupportedBrowser.php 2 years ago TCPDF.php 1 year ago Theme.php 1 year ago Timer.php 2 years ago Tracker.php 1 year ago Twig.php 1 year ago Unzip.php 1 year ago UpdateCheck.php 1 year ago Updater.php 1 year ago UpdaterErrorException.php 2 years ago Updates.php 1 year ago Url.php 1 year ago UrlHelper.php 1 year ago Version.php 1 year ago View.php 1 year ago bootstrap.php 1 year ago dispatch.php 2 years ago testMinimumPhpVersion.php 2 years ago
Nonce.php
198 lines
1 <?php
2
3 /**
4 * Matomo - free/libre analytics platform
5 *
6 * @link https://matomo.org
7 * @license https://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
8 */
9 namespace Piwik;
10
11 use Piwik\Session\SessionNamespace;
12 /**
13 * Nonce class.
14 *
15 * A cryptographic nonce -- "number used only once" -- is often recommended as
16 * part of a robust defense against cross-site request forgery (CSRF/XSRF). This
17 * class provides static methods that create and manage nonce values.
18 *
19 * Nonces in Piwik are stored as a session variable and have a configurable expiration.
20 *
21 * Learn more about nonces [here](http://en.wikipedia.org/wiki/Cryptographic_nonce).
22 *
23 * @api
24 */
25 class Nonce
26 {
27 /**
28 * Returns an existing nonce by ID. If none exists, a new nonce will be generated.
29 *
30 * @param string $id Unique id to avoid namespace conflicts, e.g., `'ModuleName.ActionName'`.
31 * @param int $ttl Optional time-to-live in seconds; default is 5 minutes. (ie, in 5 minutes,
32 * the nonce will no longer be valid).
33 * @return string
34 */
35 public static function getNonce($id, $ttl = 600)
36 {
37 // save session-dependent nonce
38 $ns = new SessionNamespace($id);
39 $nonce = $ns->nonce;
40 // re-use an unexpired nonce (a small deviation from the "used only once" principle, so long as we do not reset the expiration)
41 // to handle browser pre-fetch or double fetch caused by some browser add-ons/extensions
42 if (empty($nonce)) {
43 // generate a new nonce
44 $nonce = md5(\Piwik\SettingsPiwik::getSalt() . time() . \Piwik\Common::generateUniqId());
45 $ns->nonce = $nonce;
46 }
47 // extend lifetime if nonce is requested again to prevent from early timeout if nonce is requested again
48 // a few seconds before timeout
49 $ns->setExpirationSeconds($ttl, 'nonce');
50 return $nonce;
51 }
52 /**
53 * Returns if a nonce is valid and comes from a valid request.
54 *
55 * A nonce is valid if it matches the current nonce and if the current nonce
56 * has not expired.
57 *
58 * The request is valid if the referrer is a local URL (see {@link Url::isLocalUrl()})
59 * and if the HTTP origin is valid (see {@link getAcceptableOrigins()}).
60 *
61 * @param string $id The nonce's unique ID. See {@link getNonce()}.
62 * @param string $cnonce Nonce sent from client.
63 * @param null|string $allowedReferrerHost The allowed referrer host for the HTTP referrer URL.
64 * @return bool `true` if valid; `false` otherwise.
65 */
66 public static function verifyNonce($id, $cnonce, $allowedReferrerHost = null)
67 {
68 // load error with message function.
69 $error = self::verifyNonceWithErrorMessage($id, $cnonce, $allowedReferrerHost);
70 return $error === "";
71 }
72 /**
73 * Returns an error message, if any of the individual checks fails.
74 *
75 * A nonce must match the current nonce and must not be expired.
76 *
77 * If a referrer is present, it must match $allowedReferrerHost. The exception is a referrer that resolves to local,
78 * which is allowed if $allowedReferrerHost is empty.
79 * If a referrer is not present, then $allowedReferrerHost is ignored.
80 *
81 * The HTTP origin must be valid (see {@link getAcceptableOrigins()}).
82 *
83 * @param string $id The nonce's unique ID. See {@link getNonce()}.
84 * @param string $cnonce Nonce sent from client.
85 * @param string|null $allowedReferrerHost The allowed referrer for the HTTP referrer URL. See method description.
86 * @return string if empty is valid otherwise return error message
87 */
88 public static function verifyNonceWithErrorMessage($id, $cnonce, $allowedReferrerHost = null)
89 {
90 $ns = new SessionNamespace($id);
91 $nonce = $ns->nonce;
92 $additionalErrors = '';
93 // The Session cookie is set to a secure cookie, when SSL is mis-configured, it can cause the PHP session cookie ID to change on each page view.
94 // Indicate to user how to solve this particular use case by forcing secure connections.
95 if (\Piwik\Url::isSecureConnectionAssumedByPiwikButNotForcedYet()) {
96 $additionalErrors = '<br/><br/>' . \Piwik\Piwik::translate('Login_InvalidNonceSSLMisconfigured', array('<a target="_blank" rel="noreferrer noopener" href="' . \Piwik\Url::addCampaignParametersToMatomoLink('https://matomo.org/faq/how-to/faq_91/') . '">', '</a>', 'config/config.ini.php', '<pre>force_ssl=1</pre>', '<pre>[General]</pre>'));
97 }
98 // validate token
99 if (empty($cnonce) || $cnonce !== $nonce) {
100 return \Piwik\Piwik::translate('Login_InvalidNonceToken');
101 }
102 // Validate referrer if present
103 $referrer = \Piwik\Url::getReferrer();
104 if (!empty($referrer)) {
105 // Allow the instance host by default, if no allowedReferrerHost is specified.
106 if (empty($allowedReferrerHost) && !\Piwik\Url::isLocalUrl($referrer)) {
107 return \Piwik\Piwik::translate('Login_InvalidNonceReferrer', array('<a target="_blank" rel="noreferrer noopener" href="' . \Piwik\Url::addCampaignParametersToMatomoLink('https://matomo.org/faq/how-to-install/faq_98') . '">', '</a>')) . $additionalErrors;
108 }
109 // Test that referrer matches what is allowed.
110 if (!empty($allowedReferrerHost) && !self::isReferrerHostValid($referrer, $allowedReferrerHost)) {
111 return \Piwik\Piwik::translate('Login_InvalidNonceUnexpectedReferrer') . $additionalErrors;
112 }
113 }
114 // validate origin
115 $origin = self::getOrigin();
116 if (!empty($origin) && ($origin == 'null' || !in_array($origin, self::getAcceptableOrigins()))) {
117 return \Piwik\Piwik::translate('Login_InvalidNonceOrigin') . $additionalErrors;
118 }
119 return '';
120 }
121 // public for tests
122 public static function isReferrerHostValid($referrer, $allowedReferrerHost)
123 {
124 if (empty($referrer)) {
125 return \false;
126 }
127 $referrerHost = \Piwik\Url::getHostFromUrl($referrer);
128 return preg_match('/(^|\\.)' . preg_quote($allowedReferrerHost) . '$/i', $referrerHost);
129 }
130 /**
131 * Force expiration of the current nonce.
132 *
133 * @param string $id The unique nonce ID.
134 */
135 public static function discardNonce($id)
136 {
137 $ns = new SessionNamespace($id);
138 $ns->unsetAll();
139 }
140 /**
141 * Returns the **Origin** HTTP header or `false` if not found.
142 *
143 * @return string|bool
144 */
145 public static function getOrigin()
146 {
147 if (!empty($_SERVER['HTTP_ORIGIN'])) {
148 return $_SERVER['HTTP_ORIGIN'];
149 }
150 return \false;
151 }
152 /**
153 * Returns a list acceptable values for the HTTP **Origin** header.
154 *
155 * @return array
156 */
157 public static function getAcceptableOrigins()
158 {
159 $host = \Piwik\Url::getCurrentHost(null);
160 if (empty($host)) {
161 return array();
162 }
163 // parse host:port
164 if (preg_match('/^([^:]+):([0-9]+)$/D', $host, $matches)) {
165 $host = $matches[1];
166 $port = $matches[2];
167 $origins = array('http://' . $host, 'https://' . $host);
168 if ($port != 443) {
169 $origins[] = 'http://' . $host . ':' . $port;
170 }
171 $origins[] = 'https://' . $host . ':' . $port;
172 } elseif (\Piwik\Config::getInstance()->General['force_ssl']) {
173 $origins = array('https://' . $host, 'https://' . $host . ':443');
174 } else {
175 $origins = array('http://' . $host, 'https://' . $host, 'http://' . $host . ':80', 'https://' . $host . ':443');
176 }
177 return $origins;
178 }
179 /**
180 * Verifies and discards a nonce.
181 *
182 * @param string $nonceName The nonce's unique ID. See {@link getNonce()}.
183 * @param string|null $nonce The nonce from the client. If `null`, the value from the
184 * **nonce** query parameter is used.
185 * @throws \Exception if the nonce is invalid. See {@link verifyNonce()}.
186 */
187 public static function checkNonce($nonceName, $nonce = null, $allowedReferrerHost = null)
188 {
189 if ($nonce === null) {
190 $nonce = \Piwik\Common::getRequestVar('nonce', null, 'string');
191 }
192 if (!self::verifyNonce($nonceName, $nonce, $allowedReferrerHost)) {
193 throw new \Exception(\Piwik\Piwik::translate('General_ExceptionSecurityCheckFailed'));
194 }
195 self::discardNonce($nonceName);
196 }
197 }
198