michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(csrf): replace error_log with debugLog for structured logging
All checks were successful
Test Runner / test-basic (push) Successful in 8s
Details
Test Runner / test-php (push) Successful in 8s
Details
Deploy Application / deploy (push) Successful in 45s
Details

Browse Source 
Replace raw error_log() calls with framework's debugLog() method for:
- Consistent structured logging with context data
- Sensitive data hashing (tokens, session IDs)
- Debug-mode awareness (only logs when debug enabled)
This commit is contained in:
Michael Schiemer
2025-11-25 03:52:57 +01:00
parent 68a59f460f
commit 77505edabf
1 changed files with 21 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/Framework/Http/Session/CsrfProtection.php
View File

@@ -203,7 +203,10 @@ final readonly class CsrfProtection
$otherTokenData = $csrfData->getFormData($otherFormId);
if ($otherTokenData !== null && $otherTokenData->matches($tokenString)) {
$foundInOtherForm = $otherFormId;
error_log("CsrfProtection::validateToken - Token found in different form ID: $otherFormId (requested: $formId)");
$this->debugLog('CsrfProtection::validateToken - Token found in different form ID', [
'found_in_form_id' => $otherFormId,
'requested_form_id' => $formId
]);
break;
}
}
@@ -224,10 +227,13 @@ final readonly class CsrfProtection
// Debug: Log token comparison
$storedTokenString = $tokenData->token->toString();
$requestTokenString = $token->toString();
error_log("CsrfProtection::validateToken - Comparing tokens:");
error_log(" Stored: " . substr($storedTokenString, 0, 20) . "... (length: " . strlen($storedTokenString) . ")");
error_log(" Request: " . substr($requestTokenString, 0, 20) . "... (length: " . strlen($requestTokenString) . ")");
error_log(" Match: " . ($tokenData->matches($token->toString()) ? 'YES' : 'NO'));
$this->debugLog('CsrfProtection::validateToken - Comparing tokens', [
'stored_token' => $storedTokenString,
'request_token' => $requestTokenString,
'stored_length' => strlen($storedTokenString),
'request_length' => strlen($requestTokenString),
'match' => $tokenData->matches($token->toString()) ? 'YES' : 'NO'
]);
if ($tokenData->matches($token->toString())) {
// Check if token is expired
@@ -247,7 +253,7 @@ final readonly class CsrfProtection
// Token validated - rotate to new token
$newToken = $this->tokenGenerator->generate();
error_log("CsrfProtection::validateToken - Token validated, rotating to new token for formId: $formId");
$this->debugLog('CsrfProtection::validateToken - Token validated, rotating to new token', ['form_id' => $formId]);
if ($this->sessionManager !== null) {
$this->sessionManager->updateSessionDataAtomically(
@@ -269,10 +275,12 @@ final readonly class CsrfProtection
return ['valid' => true, 'new_token' => $newToken];
}
// No matching token found - add more debug info
error_log("CsrfProtection::validateToken - No matching token found. Stored token: " . substr($tokenData->token->toString(), 0, 20) . "...");
$this->debugLog('CsrfProtection::validateToken - No matching token found', [
'stored_token' => $tokenData->token->toString()
]);
// Check if token exists for another form ID (common mistake)
$tokenString = $token->toString();
$foundInOtherForm = null;
@@ -283,7 +291,10 @@ final readonly class CsrfProtection
$otherTokenData = $csrfData->getFormData($otherFormId);
if ($otherTokenData !== null && $otherTokenData->matches($tokenString)) {
$foundInOtherForm = $otherFormId;
error_log("CsrfProtection::validateToken - Token found in different form ID: $otherFormId (requested: $formId)");
$this->debugLog('CsrfProtection::validateToken - Token found in different form ID', [
'found_in_form_id' => $otherFormId,
'requested_form_id' => $formId
]);
break;
}
}