2017 © Pedro Peláez
 

library php-itsdangerous

image

icedevml/php-itsdangerous

  • Friday, July 14, 2017
  • by icedevml
  • Repository
  • 1 Watchers
  • 0 Stars
  • 24 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 0 Forks
  • 0 Open issues
  • 2 Versions
  • 20 % Grown

The README.md

php-itsdangerous

A very simple library which resembles basic functionality of Python's itsdangerous module. Two functions are provided:, (*1)

// take $data, serialize it with JSON, append a HMAC signature to it and finally base64-encode it
Signing::dump($data, $secret, $hash_func='sha256')

// do the reverse: decode base64, read and validate the signature and unserialize JSON-encoded data
Signing::load($data, $secret, $hash_func='sha256')

Works with any data that could be succesfully JSON serialized/unserialized., (*2)

A user which has got a token generated with Signing::dump: * can figure out the original data which is signed (unless you encrypt it with AES prior to signing or do something similiar) * can not tamper the data, as this will make signature invalid, so Signing::load will throw InvalidSignatureException upon loading * can not generate another token by himself, assuming that he doesn't know the shared secret value (in this case: some_random_secret), (*3)

Example:

use IceDev\itsdangerous\Signing;

$s = new Signing('some_random_secret');

$s->dump(['foo', 'bar']);
// returns: string(104) "WyJmb28iLCJiYXIiXS41ZTkxYjQ3M2E1MmEwNDg3YWNhZGM4MGExYjQwYjIwNDM4NThjODg2NjI3ZDNiODM5OTIzN2E4ZTM1ZGM2ZmIy"

$s->load('WyJmb28iLCJiYXIiXS41ZTkxYjQ3M2E1MmEwNDg3YWNhZGM4MGExYjQwYjIwNDM4NThjODg2NjI3ZDNiODM5OTIzN2E4ZTM1ZGM2ZmIy');
// returns: array(2) { [0]=> string(3) "foo", [1]=> string(3) "bar" }

The Versions

14/07 2017

dev-master

9999999-dev

  Sources   Download

MIT

14/07 2017

1.0.0-stable

1.0.0.0

  Sources   Download

MIT