PluginProbe ʕ •ᴥ•ʔ
Matomo Analytics – Powerful, Privacy-First Insights for WordPress / 5.8.2
Matomo Analytics – Powerful, Privacy-First Insights for WordPress v5.8.2
5.11.1 5.11.0 5.10.2 5.10.1 trunk 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.3.0 1.3.1 1.3.2 4.0.0 4.0.1 4.0.2 4.0.3 4.0.4 4.1.0 4.1.1 4.1.2 4.1.3 4.10.0 4.11.0 4.12.0 4.13.0 4.13.2 4.13.3 4.13.4 4.13.5 4.14.0 4.14.1 4.14.2 4.15.0 4.15.1 4.15.2 4.15.3 4.2.0 4.3.0 4.3.1 4.4.1 4.4.2 4.5.0 4.6.0 5.0.1 5.0.2 5.0.3 5.0.4 5.0.5 5.0.6 5.0.7 5.0.8 5.1.0 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.10.0 5.2.0 5.2.1 5.2.2 5.3.0 5.3.1 5.3.2 5.3.3 5.6.0 5.6.1 5.7.0 5.7.1 5.8.0 5.8.1 5.8.2
matomo / app / core / Nonce.php
matomo / app / core Last commit date
API 3 months ago Access 3 months ago Application 3 months ago Archive 3 months ago ArchiveProcessor 3 months ago Archiver 2 years ago AssetManager 3 months ago Auth 6 months ago Category 6 months ago Changes 3 months ago CliMulti 1 year ago Columns 3 months ago Concurrency 3 months ago Config 3 months ago Container 3 months ago CronArchive 3 months ago DataAccess 3 months ago DataFiles 2 years ago DataTable 3 months ago Db 3 months ago DeviceDetector 1 year ago Email 2 years ago Exception 4 months ago Http 4 months ago Intl 3 months ago Log 2 years ago Mail 1 year ago Measurable 6 months ago Menu 3 months ago Metrics 3 months ago Notification 6 months ago Period 3 months ago Plugin 3 months ago Policy 3 months ago ProfessionalServices 1 year ago Report 1 year ago ReportRenderer 3 months ago Request 3 months ago Scheduler 3 months ago Segment 3 months ago Session 3 months ago Settings 3 months ago Tracker 3 months ago Translation 3 months ago Twig 1 year ago UpdateCheck 3 months ago Updater 4 months ago Updates 3 months ago Validators 1 year ago View 6 months ago ViewDataTable 3 months ago Visualization 1 year ago Widget 3 months ago .htaccess 2 years ago Access.php 3 months ago Archive.php 3 months ago ArchiveProcessor.php 4 months ago AssetManager.php 3 months ago Auth.php 6 months ago AuthResult.php 6 months ago BaseFactory.php 2 years ago Cache.php 2 years ago CacheId.php 4 months ago CliMulti.php 3 months ago Common.php 3 months ago Config.php 3 months ago Console.php 3 months ago Context.php 2 years ago Cookie.php 1 year ago CronArchive.php 3 months ago DI.php 3 months ago DataArray.php 5 months ago DataTable.php 3 months ago Date.php 3 months ago Db.php 3 months ago DbHelper.php 3 months ago Development.php 1 year ago ErrorHandler.php 6 months ago EventDispatcher.php 1 year ago ExceptionHandler.php 4 months ago FileIntegrity.php 3 months ago Filechecks.php 1 year ago Filesystem.php 3 months ago FrontController.php 4 months ago Http.php 4 months ago IP.php 1 year ago Log.php 3 months ago LogDeleter.php 1 year ago Mail.php 1 year ago Metrics.php 3 months ago NoAccessException.php 2 years ago Nonce.php 6 months ago Notification.php 6 months ago NumberFormatter.php 5 months ago Option.php 5 months ago Period.php 3 months ago Piwik.php 3 months ago Plugin.php 3 months ago Process.php 1 year ago Profiler.php 6 months ago ProxyHeaders.php 4 months ago ProxyHttp.php 5 months ago QuickForm2.php 3 months ago RankingQuery.php 5 months ago ReportRenderer.php 3 months ago Request.php 3 months ago Segment.php 3 months ago Sequence.php 6 months ago Session.php 3 months ago SettingsPiwik.php 3 months ago SettingsServer.php 1 year ago Singleton.php 2 years ago Site.php 4 months ago SiteContentDetector.php 3 months ago SupportedBrowser.php 2 years ago TCPDF.php 1 year ago Theme.php 1 year ago Timer.php 2 years ago Tracker.php 3 months ago Twig.php 3 months ago Unzip.php 1 year ago UpdateCheck.php 3 months ago Updater.php 3 months ago UpdaterErrorException.php 2 years ago Updates.php 3 months ago Url.php 3 months ago UrlHelper.php 3 months ago Version.php 3 months ago View.php 3 months ago bootstrap.php 1 year ago dispatch.php 2 years ago testMinimumPhpVersion.php 6 months ago
Nonce.php
202 lines
1 <?php
2
3 /**
4 * Matomo - free/libre analytics platform
5 *
6 * @link https://matomo.org
7 * @license https://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
8 */
9 namespace Piwik;
10
11 use Piwik\Session\SessionNamespace;
12 /**
13 * Nonce class.
14 *
15 * A cryptographic nonce -- "number used only once" -- is often recommended as
16 * part of a robust defense against cross-site request forgery (CSRF/XSRF). This
17 * class provides static methods that create and manage nonce values.
18 *
19 * Nonces in Piwik are stored as a session variable and have a configurable expiration.
20 *
21 * Learn more about nonces [here](https://en.wikipedia.org/wiki/Cryptographic_nonce).
22 *
23 * @api
24 */
25 class Nonce
26 {
27 /**
28 * Returns an existing nonce by ID. If none exists, a new nonce will be generated.
29 *
30 * @param string $id Unique id to avoid namespace conflicts, e.g., `'ModuleName.ActionName'`.
31 * @param int $ttl Optional time-to-live in seconds; default is 5 minutes. (ie, in 5 minutes,
32 * the nonce will no longer be valid).
33 * @return string
34 */
35 public static function getNonce($id, $ttl = 600)
36 {
37 // save session-dependent nonce
38 $ns = new SessionNamespace($id);
39 $nonce = $ns->nonce;
40 // re-use an unexpired nonce (a small deviation from the "used only once" principle, so long as we do not reset the expiration)
41 // to handle browser pre-fetch or double fetch caused by some browser add-ons/extensions
42 if (empty($nonce)) {
43 // generate a new nonce
44 $nonce = md5(\Piwik\SettingsPiwik::getSalt() . time() . \Piwik\Common::generateUniqId());
45 $ns->nonce = $nonce;
46 }
47 // extend lifetime if nonce is requested again to prevent from early timeout if nonce is requested again
48 // a few seconds before timeout
49 $ns->setExpirationSeconds($ttl, 'nonce');
50 return $nonce;
51 }
52 /**
53 * Returns if a nonce is valid and comes from a valid request.
54 *
55 * A nonce is valid if it matches the current nonce and if the current nonce
56 * has not expired.
57 *
58 * The request is valid if the referrer is a local URL (see {@link Url::isLocalUrl()})
59 * and if the HTTP origin is valid (see {@link getAcceptableOrigins()}).
60 *
61 * @param string $id The nonce's unique ID. See {@link getNonce()}.
62 * @param string $cnonce Nonce sent from client.
63 * @param null|string $allowedReferrerHost The allowed referrer host for the HTTP referrer URL.
64 * @return bool `true` if valid; `false` otherwise.
65 */
66 public static function verifyNonce($id, $cnonce, $allowedReferrerHost = null)
67 {
68 // load error with message function.
69 $error = self::verifyNonceWithErrorMessage($id, $cnonce, $allowedReferrerHost);
70 return $error === "";
71 }
72 /**
73 * Returns an error message, if any of the individual checks fails.
74 *
75 * A nonce must match the current nonce and must not be expired.
76 *
77 * If a referrer is present, it must match $allowedReferrerHost. The exception is a referrer that resolves to local,
78 * which is allowed if $allowedReferrerHost is empty.
79 * If a referrer is not present, then $allowedReferrerHost is ignored.
80 *
81 * The HTTP origin must be valid (see {@link getAcceptableOrigins()}).
82 *
83 * @param string $id The nonce's unique ID. See {@link getNonce()}.
84 * @param string $cnonce Nonce sent from client.
85 * @param string|null $allowedReferrerHost The allowed referrer for the HTTP referrer URL. See method description.
86 * @return string if empty is valid otherwise return error message
87 */
88 public static function verifyNonceWithErrorMessage($id, $cnonce, $allowedReferrerHost = null)
89 {
90 $ns = new SessionNamespace($id);
91 $nonce = $ns->nonce;
92 $additionalErrors = '';
93 // The Session cookie is set to a secure cookie, when SSL is mis-configured, it can cause the PHP session cookie ID to change on each page view.
94 // Indicate to user how to solve this particular use case by forcing secure connections.
95 if (\Piwik\Url::isSecureConnectionAssumedByPiwikButNotForcedYet()) {
96 $additionalErrors = '<br/><br/>' . \Piwik\Piwik::translate('Login_InvalidNonceSSLMisconfigured', [\Piwik\Url::getExternalLinkTag('https://matomo.org/faq/how-to/faq_91/'), '</a>', 'config/config.ini.php', '<pre>force_ssl=1</pre>', '<pre>[General]</pre>']);
97 }
98 // validate token
99 if (empty($cnonce) || $cnonce !== $nonce) {
100 return \Piwik\Piwik::translate('Login_InvalidNonceToken');
101 }
102 // Validate referrer if present
103 $referrer = \Piwik\Url::getReferrer();
104 if (!empty($referrer)) {
105 // Allow the instance host by default, if no allowedReferrerHost is specified.
106 if (empty($allowedReferrerHost) && !\Piwik\Url::isLocalUrl($referrer)) {
107 return \Piwik\Piwik::translate('Login_InvalidNonceReferrer', [\Piwik\Url::getExternalLinkTag('https://matomo.org/faq/how-to-install/faq_98'), '</a>']) . $additionalErrors;
108 }
109 // Test that referrer matches what is allowed.
110 if (!empty($allowedReferrerHost) && !self::isReferrerHostValid($referrer, $allowedReferrerHost)) {
111 return \Piwik\Piwik::translate('Login_InvalidNonceUnexpectedReferrer') . $additionalErrors;
112 }
113 }
114 // validate origin
115 $origin = self::getOrigin();
116 if (!empty($origin) && ($origin == 'null' || !in_array($origin, self::getAcceptableOrigins()))) {
117 return \Piwik\Piwik::translate('Login_InvalidNonceOrigin') . $additionalErrors;
118 }
119 return '';
120 }
121 // public for tests
122 public static function isReferrerHostValid($referrer, $allowedReferrerHost)
123 {
124 if (empty($referrer)) {
125 return \false;
126 }
127 $referrerHost = \Piwik\Url::getHostFromUrl($referrer);
128 return preg_match('/(^|\\.)' . preg_quote($allowedReferrerHost) . '$/i', $referrerHost);
129 }
130 /**
131 * Force expiration of the current nonce.
132 *
133 * @param string $id The unique nonce ID.
134 */
135 public static function discardNonce($id)
136 {
137 $ns = new SessionNamespace($id);
138 $ns->unsetAll();
139 }
140 /**
141 * Returns the **Origin** HTTP header or `false` if not found.
142 *
143 * @return string|bool
144 */
145 public static function getOrigin()
146 {
147 if (!empty($_SERVER['HTTP_ORIGIN'])) {
148 return $_SERVER['HTTP_ORIGIN'];
149 }
150 return \false;
151 }
152 /**
153 * Returns a list acceptable values for the HTTP **Origin** header.
154 *
155 * @return array
156 */
157 public static function getAcceptableOrigins()
158 {
159 $host = \Piwik\Url::getCurrentHost(null);
160 if (empty($host)) {
161 return array();
162 }
163 // parse host:port
164 if (preg_match('/^([^:]+):([0-9]+)$/D', $host, $matches)) {
165 $host = $matches[1];
166 $port = $matches[2];
167 $origins = array('http://' . $host, 'https://' . $host);
168 if ($port != 443) {
169 $origins[] = 'http://' . $host . ':' . $port;
170 }
171 $origins[] = 'https://' . $host . ':' . $port;
172 } elseif (\Piwik\Config::getInstance()->General['force_ssl']) {
173 $origins = array('https://' . $host, 'https://' . $host . ':443');
174 } else {
175 $origins = array('http://' . $host, 'https://' . $host, 'http://' . $host . ':80', 'https://' . $host . ':443');
176 }
177 return $origins;
178 }
179 /**
180 * Verifies and discards a nonce.
181 *
182 * @param string $nonceName The nonce's unique ID. See {@link getNonce()}.
183 * @param string|null $nonce The nonce from the client. If `null`, the value from the
184 * **nonce** query parameter is used.
185 * @throws \Exception if the nonce is invalid. See {@link verifyNonce()}.
186 */
187 public static function checkNonce($nonceName, $nonce = null, $allowedReferrerHost = null)
188 {
189 if ($nonce === null) {
190 $nonce = \Piwik\Common::getRequestVar('nonce', null, 'string');
191 }
192 if (!self::verifyNonce($nonceName, $nonce, $allowedReferrerHost)) {
193 if (!empty($nonce)) {
194 self::discardNonce($nonceName);
195 // Invalidate nonce on failed attempts
196 }
197 throw new \Exception(\Piwik\Piwik::translate('General_ExceptionSecurityCheckFailed'));
198 }
199 self::discardNonce($nonceName);
200 }
201 }
202