From 77505edabf7f7969208759b924c1500666bcf7c9 Mon Sep 17 00:00:00 2001 From: Michael Schiemer Date: Tue, 25 Nov 2025 03:52:57 +0100 Subject: [PATCH] refactor(csrf): replace error_log with debugLog for structured logging Replace raw error_log() calls with framework's debugLog() method for: - Consistent structured logging with context data - Sensitive data hashing (tokens, session IDs) - Debug-mode awareness (only logs when debug enabled) --- src/Framework/Http/Session/CsrfProtection.php | 31 +++++++++++++------ 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/src/Framework/Http/Session/CsrfProtection.php b/src/Framework/Http/Session/CsrfProtection.php index a0d76223..10925031 100644 --- a/src/Framework/Http/Session/CsrfProtection.php +++ b/src/Framework/Http/Session/CsrfProtection.php @@ -203,7 +203,10 @@ final readonly class CsrfProtection $otherTokenData = $csrfData->getFormData($otherFormId); if ($otherTokenData !== null && $otherTokenData->matches($tokenString)) { $foundInOtherForm = $otherFormId; - error_log("CsrfProtection::validateToken - Token found in different form ID: $otherFormId (requested: $formId)"); + $this->debugLog('CsrfProtection::validateToken - Token found in different form ID', [ + 'found_in_form_id' => $otherFormId, + 'requested_form_id' => $formId + ]); break; } } @@ -224,10 +227,13 @@ final readonly class CsrfProtection // Debug: Log token comparison $storedTokenString = $tokenData->token->toString(); $requestTokenString = $token->toString(); - error_log("CsrfProtection::validateToken - Comparing tokens:"); - error_log(" Stored: " . substr($storedTokenString, 0, 20) . "... (length: " . strlen($storedTokenString) . ")"); - error_log(" Request: " . substr($requestTokenString, 0, 20) . "... (length: " . strlen($requestTokenString) . ")"); - error_log(" Match: " . ($tokenData->matches($token->toString()) ? 'YES' : 'NO')); + $this->debugLog('CsrfProtection::validateToken - Comparing tokens', [ + 'stored_token' => $storedTokenString, + 'request_token' => $requestTokenString, + 'stored_length' => strlen($storedTokenString), + 'request_length' => strlen($requestTokenString), + 'match' => $tokenData->matches($token->toString()) ? 'YES' : 'NO' + ]); if ($tokenData->matches($token->toString())) { // Check if token is expired @@ -247,7 +253,7 @@ final readonly class CsrfProtection // Token validated - rotate to new token $newToken = $this->tokenGenerator->generate(); - error_log("CsrfProtection::validateToken - Token validated, rotating to new token for formId: $formId"); + $this->debugLog('CsrfProtection::validateToken - Token validated, rotating to new token', ['form_id' => $formId]); if ($this->sessionManager !== null) { $this->sessionManager->updateSessionDataAtomically( @@ -269,10 +275,12 @@ final readonly class CsrfProtection return ['valid' => true, 'new_token' => $newToken]; } - + // No matching token found - add more debug info - error_log("CsrfProtection::validateToken - No matching token found. Stored token: " . substr($tokenData->token->toString(), 0, 20) . "..."); - + $this->debugLog('CsrfProtection::validateToken - No matching token found', [ + 'stored_token' => $tokenData->token->toString() + ]); + // Check if token exists for another form ID (common mistake) $tokenString = $token->toString(); $foundInOtherForm = null; @@ -283,7 +291,10 @@ final readonly class CsrfProtection $otherTokenData = $csrfData->getFormData($otherFormId); if ($otherTokenData !== null && $otherTokenData->matches($tokenString)) { $foundInOtherForm = $otherFormId; - error_log("CsrfProtection::validateToken - Token found in different form ID: $otherFormId (requested: $formId)"); + $this->debugLog('CsrfProtection::validateToken - Token found in different form ID', [ + 'found_in_form_id' => $otherFormId, + 'requested_form_id' => $formId + ]); break; } }