PluginProbe ʕ •ᴥ•ʔ
Matomo Analytics – Powerful, Privacy-First Insights for WordPress / trunk
Matomo Analytics – Powerful, Privacy-First Insights for WordPress vtrunk
5.11.1 5.11.0 5.10.2 5.10.1 trunk 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.3.0 1.3.1 1.3.2 4.0.0 4.0.1 4.0.2 4.0.3 4.0.4 4.1.0 4.1.1 4.1.2 4.1.3 4.10.0 4.11.0 4.12.0 4.13.0 4.13.2 4.13.3 4.13.4 4.13.5 4.14.0 4.14.1 4.14.2 4.15.0 4.15.1 4.15.2 4.15.3 4.2.0 4.3.0 4.3.1 4.4.1 4.4.2 4.5.0 4.6.0 5.0.1 5.0.2 5.0.3 5.0.4 5.0.5 5.0.6 5.0.7 5.0.8 5.1.0 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.10.0 5.2.0 5.2.1 5.2.2 5.3.0 5.3.1 5.3.2 5.3.3 5.6.0 5.6.1 5.7.0 5.7.1 5.8.0 5.8.1 5.8.2
matomo / app / core / Nonce.php
matomo / app / core Last commit date
API 1 month ago Access 3 months ago Application 1 month ago Archive 1 month ago ArchiveProcessor 1 month ago Archiver 2 years ago AssetManager 1 month ago Auth 6 months ago Category 6 months ago Changes 1 month ago CliMulti 1 year ago Columns 1 month ago Concurrency 1 month ago Config 1 month ago Container 1 month ago CronArchive 3 months ago DataAccess 1 month ago DataFiles 2 years ago DataTable 2 weeks ago Db 2 weeks ago DeviceDetector 1 year ago Email 2 years ago Exception 4 months ago Http 4 months ago Intl 3 months ago Log 2 years ago Mail 1 year ago Measurable 6 months ago Menu 1 month ago Metrics 3 months ago Notification 6 months ago Period 1 month ago Plugin 2 weeks ago Policy 1 month ago ProfessionalServices 1 year ago Report 1 year ago ReportRenderer 3 months ago Request 3 months ago Scheduler 1 month ago Segment 1 month ago Session 2 weeks ago Settings 1 month ago Tracker 2 weeks ago Translation 1 month ago Twig 1 year ago UpdateCheck 3 months ago Updater 1 month ago Updates 2 days ago Validators 1 year ago View 1 month ago ViewDataTable 2 weeks ago Visualization 1 year ago Widget 1 month ago .htaccess 2 years ago Access.php 1 month ago Archive.php 1 month ago ArchiveProcessor.php 1 month ago AssetManager.php 1 month ago Auth.php 6 months ago AuthResult.php 6 months ago BaseFactory.php 2 years ago Cache.php 2 years ago CacheId.php 4 months ago CliMulti.php 1 month ago Common.php 2 weeks ago Config.php 1 month ago Console.php 3 months ago Context.php 2 years ago Cookie.php 1 year ago CronArchive.php 1 month ago DI.php 3 months ago DataArray.php 1 month ago DataTable.php 1 month ago Date.php 1 month ago Db.php 1 month ago DbHelper.php 1 month ago Development.php 1 year ago ErrorHandler.php 6 months ago EventDispatcher.php 1 month ago ExceptionHandler.php 4 months ago FileIntegrity.php 1 month ago Filechecks.php 1 year ago Filesystem.php 1 month ago FrontController.php 4 months ago Http.php 1 month ago IP.php 1 year ago Log.php 3 months ago LogDeleter.php 1 year ago Mail.php 1 year ago Metrics.php 1 month ago NoAccessException.php 2 years ago Nonce.php 6 months ago Notification.php 1 month ago NumberFormatter.php 5 months ago Option.php 5 months ago Period.php 1 month ago Piwik.php 1 month ago Plugin.php 1 month ago Process.php 1 month ago Profiler.php 6 months ago ProxyHeaders.php 4 months ago ProxyHttp.php 5 months ago QuickForm2.php 3 months ago RankingQuery.php 1 month ago ReportRenderer.php 1 month ago Request.php 1 month ago Segment.php 1 month ago Sequence.php 6 months ago Session.php 2 weeks ago SettingsPiwik.php 1 month ago SettingsServer.php 1 year ago Singleton.php 2 years ago Site.php 1 month ago SiteContentDetector.php 1 month ago SupportedBrowser.php 2 years ago TCPDF.php 1 year ago Theme.php 1 year ago Timer.php 1 month ago Tracker.php 1 month ago Twig.php 1 month ago Unzip.php 1 year ago UpdateCheck.php 1 month ago Updater.php 1 month ago UpdaterErrorException.php 2 years ago Updates.php 3 months ago Url.php 3 months ago UrlHelper.php 1 month ago Version.php 2 days ago View.php 1 month ago bootstrap.php 1 year ago dispatch.php 2 years ago testMinimumPhpVersion.php 6 months ago
Nonce.php
202 lines
1 <?php
2
3 /**
4 * Matomo - free/libre analytics platform
5 *
6 * @link https://matomo.org
7 * @license https://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
8 */
9 namespace Piwik;
10
11 use Piwik\Session\SessionNamespace;
12 /**
13 * Nonce class.
14 *
15 * A cryptographic nonce -- "number used only once" -- is often recommended as
16 * part of a robust defense against cross-site request forgery (CSRF/XSRF). This
17 * class provides static methods that create and manage nonce values.
18 *
19 * Nonces in Piwik are stored as a session variable and have a configurable expiration.
20 *
21 * Learn more about nonces [here](https://en.wikipedia.org/wiki/Cryptographic_nonce).
22 *
23 * @api
24 */
25 class Nonce
26 {
27 /**
28 * Returns an existing nonce by ID. If none exists, a new nonce will be generated.
29 *
30 * @param string $id Unique id to avoid namespace conflicts, e.g., `'ModuleName.ActionName'`.
31 * @param int $ttl Optional time-to-live in seconds; default is 5 minutes. (ie, in 5 minutes,
32 * the nonce will no longer be valid).
33 * @return string
34 */
35 public static function getNonce($id, $ttl = 600)
36 {
37 // save session-dependent nonce
38 $ns = new SessionNamespace($id);
39 $nonce = $ns->nonce;
40 // re-use an unexpired nonce (a small deviation from the "used only once" principle, so long as we do not reset the expiration)
41 // to handle browser pre-fetch or double fetch caused by some browser add-ons/extensions
42 if (empty($nonce)) {
43 // generate a new nonce
44 $nonce = md5(\Piwik\SettingsPiwik::getSalt() . time() . \Piwik\Common::generateUniqId());
45 $ns->nonce = $nonce;
46 }
47 // extend lifetime if nonce is requested again to prevent from early timeout if nonce is requested again
48 // a few seconds before timeout
49 $ns->setExpirationSeconds($ttl, 'nonce');
50 return $nonce;
51 }
52 /**
53 * Returns if a nonce is valid and comes from a valid request.
54 *
55 * A nonce is valid if it matches the current nonce and if the current nonce
56 * has not expired.
57 *
58 * The request is valid if the referrer is a local URL (see {@link Url::isLocalUrl()})
59 * and if the HTTP origin is valid (see {@link getAcceptableOrigins()}).
60 *
61 * @param string $id The nonce's unique ID. See {@link getNonce()}.
62 * @param string $cnonce Nonce sent from client.
63 * @param null|string $allowedReferrerHost The allowed referrer host for the HTTP referrer URL.
64 * @return bool `true` if valid; `false` otherwise.
65 */
66 public static function verifyNonce($id, $cnonce, $allowedReferrerHost = null)
67 {
68 // load error with message function.
69 $error = self::verifyNonceWithErrorMessage($id, $cnonce, $allowedReferrerHost);
70 return $error === "";
71 }
72 /**
73 * Returns an error message, if any of the individual checks fails.
74 *
75 * A nonce must match the current nonce and must not be expired.
76 *
77 * If a referrer is present, it must match $allowedReferrerHost. The exception is a referrer that resolves to local,
78 * which is allowed if $allowedReferrerHost is empty.
79 * If a referrer is not present, then $allowedReferrerHost is ignored.
80 *
81 * The HTTP origin must be valid (see {@link getAcceptableOrigins()}).
82 *
83 * @param string $id The nonce's unique ID. See {@link getNonce()}.
84 * @param string $cnonce Nonce sent from client.
85 * @param string|null $allowedReferrerHost The allowed referrer for the HTTP referrer URL. See method description.
86 * @return string if empty is valid otherwise return error message
87 */
88 public static function verifyNonceWithErrorMessage($id, $cnonce, $allowedReferrerHost = null)
89 {
90 $ns = new SessionNamespace($id);
91 $nonce = $ns->nonce;
92 $additionalErrors = '';
93 // The Session cookie is set to a secure cookie, when SSL is mis-configured, it can cause the PHP session cookie ID to change on each page view.
94 // Indicate to user how to solve this particular use case by forcing secure connections.
95 if (\Piwik\Url::isSecureConnectionAssumedByPiwikButNotForcedYet()) {
96 $additionalErrors = '<br/><br/>' . \Piwik\Piwik::translate('Login_InvalidNonceSSLMisconfigured', [\Piwik\Url::getExternalLinkTag('https://matomo.org/faq/how-to/faq_91/'), '</a>', 'config/config.ini.php', '<pre>force_ssl=1</pre>', '<pre>[General]</pre>']);
97 }
98 // validate token
99 if (empty($cnonce) || $cnonce !== $nonce) {
100 return \Piwik\Piwik::translate('Login_InvalidNonceToken');
101 }
102 // Validate referrer if present
103 $referrer = \Piwik\Url::getReferrer();
104 if (!empty($referrer)) {
105 // Allow the instance host by default, if no allowedReferrerHost is specified.
106 if (empty($allowedReferrerHost) && !\Piwik\Url::isLocalUrl($referrer)) {
107 return \Piwik\Piwik::translate('Login_InvalidNonceReferrer', [\Piwik\Url::getExternalLinkTag('https://matomo.org/faq/how-to-install/faq_98'), '</a>']) . $additionalErrors;
108 }
109 // Test that referrer matches what is allowed.
110 if (!empty($allowedReferrerHost) && !self::isReferrerHostValid($referrer, $allowedReferrerHost)) {
111 return \Piwik\Piwik::translate('Login_InvalidNonceUnexpectedReferrer') . $additionalErrors;
112 }
113 }
114 // validate origin
115 $origin = self::getOrigin();
116 if (!empty($origin) && ($origin == 'null' || !in_array($origin, self::getAcceptableOrigins()))) {
117 return \Piwik\Piwik::translate('Login_InvalidNonceOrigin') . $additionalErrors;
118 }
119 return '';
120 }
121 // public for tests
122 public static function isReferrerHostValid($referrer, $allowedReferrerHost)
123 {
124 if (empty($referrer)) {
125 return \false;
126 }
127 $referrerHost = \Piwik\Url::getHostFromUrl($referrer);
128 return preg_match('/(^|\\.)' . preg_quote($allowedReferrerHost) . '$/i', $referrerHost);
129 }
130 /**
131 * Force expiration of the current nonce.
132 *
133 * @param string $id The unique nonce ID.
134 */
135 public static function discardNonce($id)
136 {
137 $ns = new SessionNamespace($id);
138 $ns->unsetAll();
139 }
140 /**
141 * Returns the **Origin** HTTP header or `false` if not found.
142 *
143 * @return string|bool
144 */
145 public static function getOrigin()
146 {
147 if (!empty($_SERVER['HTTP_ORIGIN'])) {
148 return $_SERVER['HTTP_ORIGIN'];
149 }
150 return \false;
151 }
152 /**
153 * Returns a list acceptable values for the HTTP **Origin** header.
154 *
155 * @return array
156 */
157 public static function getAcceptableOrigins()
158 {
159 $host = \Piwik\Url::getCurrentHost(null);
160 if (empty($host)) {
161 return array();
162 }
163 // parse host:port
164 if (preg_match('/^([^:]+):([0-9]+)$/D', $host, $matches)) {
165 $host = $matches[1];
166 $port = $matches[2];
167 $origins = array('http://' . $host, 'https://' . $host);
168 if ($port != 443) {
169 $origins[] = 'http://' . $host . ':' . $port;
170 }
171 $origins[] = 'https://' . $host . ':' . $port;
172 } elseif (\Piwik\Config::getInstance()->General['force_ssl']) {
173 $origins = array('https://' . $host, 'https://' . $host . ':443');
174 } else {
175 $origins = array('http://' . $host, 'https://' . $host, 'http://' . $host . ':80', 'https://' . $host . ':443');
176 }
177 return $origins;
178 }
179 /**
180 * Verifies and discards a nonce.
181 *
182 * @param string $nonceName The nonce's unique ID. See {@link getNonce()}.
183 * @param string|null $nonce The nonce from the client. If `null`, the value from the
184 * **nonce** query parameter is used.
185 * @throws \Exception if the nonce is invalid. See {@link verifyNonce()}.
186 */
187 public static function checkNonce($nonceName, $nonce = null, $allowedReferrerHost = null)
188 {
189 if ($nonce === null) {
190 $nonce = \Piwik\Common::getRequestVar('nonce', null, 'string');
191 }
192 if (!self::verifyNonce($nonceName, $nonce, $allowedReferrerHost)) {
193 if (!empty($nonce)) {
194 self::discardNonce($nonceName);
195 // Invalidate nonce on failed attempts
196 }
197 throw new \Exception(\Piwik\Piwik::translate('General_ExceptionSecurityCheckFailed'));
198 }
199 self::discardNonce($nonceName);
200 }
201 }
202