Remove CSRF class and check behavior

* CSRF is Cross-Site Request Forgery.
* The class was mislabeled CSRF instead of AntiCSRF when it was created.
* Anti-CSRF features worked well but was seen as unnecessary.
* Since Memcache is being ripped out which this depends on, this is
  going with.

Author: carlbennett

src/controllers/Comment/Delete.php

@@ -3,7 +3,6 @@
 namespace BNETDocs\Controllers\Comment;
 
 use \BNETDocs\Libraries\Authentication;
-use \BNETDocs\Libraries\CSRF;
 use \BNETDocs\Libraries\Comment;
 use \BNETDocs\Libraries\EventTypes;
 use \BNETDocs\Libraries\Exceptions\CommentNotFoundException;
@@ -24,8 +23,6 @@ public function &run(Router &$router, View &$view, array &$args) {
     $data                = $router->getRequestQueryArray();
     $model               = new CommentDeleteModel();
     $model->comment      = null;
-    $model->csrf_id      = mt_rand();
-    $model->csrf_token   = CSRF::generate($model->csrf_id);
     $model->error        = null;
     $model->id           = (isset($data['id']) ? $data['id'] : null);
     $model->parent_id    = null;
@@ -68,19 +65,7 @@ protected function tryDelete(Router &$router, CommentDeleteModel &$model) {
       return;
     }
 
-    $data       = $router->getRequestBodyArray();
-    $csrf_id    = (isset($data['csrf_id'   ]) ? $data['csrf_id'   ] : null);
-    $csrf_token = (isset($data['csrf_token']) ? $data['csrf_token'] : null);
-    $csrf_valid = CSRF::validate($csrf_id, $csrf_token);
-
-    if (!$csrf_valid) {
-      $model->error = 'INVALID_CSRF';
-      return;
-    }
-    CSRF::invalidate($csrf_id);
-
     $model->error = false;
-
     $id           = (int) $model->id;
     $parent_type  = (int) $model->parent_type;
     $parent_id    = (int) $model->parent_id;

src/controllers/Comment/Edit.php

@@ -3,7 +3,6 @@
 namespace BNETDocs\Controllers\Comment;
 
 use \BNETDocs\Libraries\Authentication;
-use \BNETDocs\Libraries\CSRF;
 use \BNETDocs\Libraries\Comment;
 use \BNETDocs\Libraries\EventTypes;
 use \BNETDocs\Libraries\Exceptions\CommentNotFoundException;
@@ -30,14 +29,8 @@ public function &run( Router &$router, View &$view, array &$args ) {
     $post_data = $router->getRequestBodyArray();
 
     $model = new CommentEditModel();
-
-    $model->csrf_id     = mt_rand();
-    $model->csrf_token  = CSRF::generate( $model->csrf_id );
-    $model->user        = Authentication::$user;
-
-    $model->id          = (
-      isset( $query_data[ 'id' ]) ? $query_data[ 'id' ] : null
-    );
+    $model->user = Authentication::$user;
+    $model->id = (isset( $query_data[ 'id' ]) ? $query_data[ 'id' ] : null);
     $model->content = (
       isset( $post_data[ 'content' ]) ? $post_data[ 'content' ] : null
     );
@@ -100,23 +93,6 @@ protected function tryModify( Router &$router, CommentEditModel &$model ) {
       return;
     }
 
-    $post_data = $router->getRequestBodyArray();
-
-    $csrf_id = (
-      isset( $post_data[ 'csrf_id' ]) ? $post_data[ 'csrf_id' ] : null
-    );
-    $csrf_token = (
-      isset( $post_data[ 'csrf_token' ]) ? $post_data[ 'csrf_token' ] : null
-    );
-    $csrf_valid = CSRF::validate( $csrf_id, $csrf_token );
-
-    if ( !$csrf_valid ) {
-      $model->error = 'INVALID_CSRF';
-      return;
-    }
-
-    CSRF::invalidate( $csrf_id );
-
     $model->error = false;
 
     $id          = (int) $model->id;

src/controllers/Document/Create.php

@@ -3,7 +3,6 @@
 namespace BNETDocs\Controllers\Document;
 
 use \BNETDocs\Libraries\Authentication;
-use \BNETDocs\Libraries\CSRF;
 use \BNETDocs\Libraries\Document;
 use \BNETDocs\Libraries\EventTypes;
 use \BNETDocs\Libraries\Logger;
@@ -19,8 +18,6 @@
 class Create extends Controller {
   public function &run(Router &$router, View &$view, array &$args) {
     $model               = new DocumentCreateModel();
-    $model->csrf_id      = mt_rand();
-    $model->csrf_token   = CSRF::generate($model->csrf_id, 7200); // 2 hours
     $model->error        = null;
     $model->user         = Authentication::$user;
 
@@ -48,9 +45,6 @@ protected function handlePost(Router &$router, DocumentCreateModel &$model) {
       Common::$database = DatabaseDriver::getDatabaseObject();
     }
     $data       = $router->getRequestBodyArray();
-    $csrf_id    = (isset($data['csrf_id'   ]) ? $data['csrf_id'   ] : null);
-    $csrf_token = (isset($data['csrf_token']) ? $data['csrf_token'] : null);
-    $csrf_valid = CSRF::validate($csrf_id, $csrf_token);
     $title      = (isset($data['title'     ]) ? $data['title'     ] : null);
     $markdown   = (isset($data['markdown'  ]) ? $data['markdown'  ] : null);
     $content    = (isset($data['content'   ]) ? $data['content'   ] : null);
@@ -61,12 +55,6 @@ protected function handlePost(Router &$router, DocumentCreateModel &$model) {
     $model->markdown = $markdown;
     $model->content  = $content;
 
-    if (!$csrf_valid) {
-      $model->error = 'INVALID_CSRF';
-      return;
-    }
-    CSRF::invalidate($csrf_id);
-
     if (empty($title)) {
       $model->error = 'EMPTY_TITLE';
     } else if (empty($content)) {

src/controllers/Document/Delete.php

@@ -3,7 +3,6 @@
 namespace BNETDocs\Controllers\Document;
 
 use \BNETDocs\Libraries\Authentication;
-use \BNETDocs\Libraries\CSRF;
 use \BNETDocs\Libraries\Document;
 use \BNETDocs\Libraries\EventTypes;
 use \BNETDocs\Libraries\Exceptions\DocumentNotFoundException;
@@ -22,8 +21,6 @@ class Delete extends Controller {
   public function &run(Router &$router, View &$view, array &$args) {
     $data                = $router->getRequestQueryArray();
     $model               = new DocumentDeleteModel();
-    $model->csrf_id      = mt_rand();
-    $model->csrf_token   = CSRF::generate($model->csrf_id);
     $model->document     = null;
     $model->error        = null;
     $model->id           = (isset($data['id']) ? $data['id'] : null);
@@ -59,17 +56,6 @@ protected function tryDelete(Router &$router, DocumentDeleteModel &$model) {
       return;
     }
 
-    $data       = $router->getRequestBodyArray();
-    $csrf_id    = (isset($data['csrf_id'   ]) ? $data['csrf_id'   ] : null);
-    $csrf_token = (isset($data['csrf_token']) ? $data['csrf_token'] : null);
-    $csrf_valid = CSRF::validate($csrf_id, $csrf_token);
-
-    if (!$csrf_valid) {
-      $model->error = 'INVALID_CSRF';
-      return;
-    }
-    CSRF::invalidate($csrf_id);
-
     if (!$model->acl_allowed) {
       $model->error = 'ACL_NOT_SET';
       return;

src/controllers/Document/Edit.php

@@ -3,7 +3,6 @@
 namespace BNETDocs\Controllers\Document;
 
 use \BNETDocs\Libraries\Authentication;
-use \BNETDocs\Libraries\CSRF;
 use \BNETDocs\Libraries\Document;
 use \BNETDocs\Libraries\EventTypes;
 use \BNETDocs\Libraries\Exceptions\DocumentNotFoundException;
@@ -26,8 +25,6 @@ public function &run(Router &$router, View &$view, array &$args) {
     $data                = $router->getRequestQueryArray();
     $model               = new DocumentEditModel();
     $model->content      = null;
-    $model->csrf_id      = mt_rand();
-    $model->csrf_token   = CSRF::generate($model->csrf_id, 7200); // 2 hours
     $model->document     = null;
     $model->document_id  = (isset($data['id']) ? $data['id'] : null);
     $model->error        = null;
@@ -74,9 +71,6 @@ protected function handlePost(Router &$router, DocumentEditModel &$model) {
     }
 
     $data       = $router->getRequestBodyArray();
-    $csrf_id    = (isset($data['csrf_id'   ]) ? $data['csrf_id'   ] : null);
-    $csrf_token = (isset($data['csrf_token']) ? $data['csrf_token'] : null);
-    $csrf_valid = CSRF::validate($csrf_id, $csrf_token);
     $category   = (isset($data['category'  ]) ? $data['category'  ] : null);
     $title      = (isset($data['title'     ]) ? $data['title'     ] : null);
     $markdown   = (isset($data['markdown'  ]) ? $data['markdown'  ] : null);
@@ -89,12 +83,6 @@ protected function handlePost(Router &$router, DocumentEditModel &$model) {
     $model->markdown = $markdown;
     $model->content  = $content;
 
-    if (!$csrf_valid) {
-      $model->error = 'INVALID_CSRF';
-      return;
-    }
-    CSRF::invalidate($csrf_id);
-
     if (empty($title)) {
       $model->error = 'EMPTY_TITLE';
     } else if (empty($content)) {

src/controllers/News/Create.php

@@ -3,7 +3,6 @@
 namespace BNETDocs\Controllers\News;
 
 use \BNETDocs\Libraries\Authentication;
-use \BNETDocs\Libraries\CSRF;
 use \BNETDocs\Libraries\EventTypes;
 use \BNETDocs\Libraries\Exceptions\UnspecifiedViewException;
 use \BNETDocs\Libraries\Logger;
@@ -21,8 +20,6 @@
 class Create extends Controller {
   public function &run(Router &$router, View &$view, array &$args) {
     $model                  = new NewsCreateModel();
-    $model->csrf_id         = mt_rand();
-    $model->csrf_token      = CSRF::generate($model->csrf_id, 7200); // 2 hours
     $model->error           = null;
     $model->news_categories = null;
     $model->user            = Authentication::$user;
@@ -60,9 +57,6 @@ protected function handlePost(Router &$router, NewsCreateModel &$model) {
       Common::$database = DatabaseDriver::getDatabaseObject();
     }
     $data       = $router->getRequestBodyArray();
-    $csrf_id    = (isset($data['csrf_id'   ]) ? $data['csrf_id'   ] : null);
-    $csrf_token = (isset($data['csrf_token']) ? $data['csrf_token'] : null);
-    $csrf_valid = CSRF::validate($csrf_id, $csrf_token);
     $category   = (isset($data['category'  ]) ? $data['category'  ] : null);
     $title      = (isset($data['title'     ]) ? $data['title'     ] : null);
     $markdown   = (isset($data['markdown'  ]) ? $data['markdown'  ] : null);
@@ -77,12 +71,6 @@ protected function handlePost(Router &$router, NewsCreateModel &$model) {
     $model->content    = $content;
     $model->rss_exempt = $rss_exempt;
 
-    if (!$csrf_valid) {
-      $model->error = 'INVALID_CSRF';
-      return;
-    }
-    CSRF::invalidate($csrf_id);
-
     if (empty($title)) {
       $model->error = 'EMPTY_TITLE';
     } else if (empty($content)) {

src/controllers/News/Delete.php

@@ -3,7 +3,6 @@
 namespace BNETDocs\Controllers\News;
 
 use \BNETDocs\Libraries\Authentication;
-use \BNETDocs\Libraries\CSRF;
 use \BNETDocs\Libraries\EventTypes;
 use \BNETDocs\Libraries\Exceptions\NewsPostNotFoundException;
 use \BNETDocs\Libraries\Logger;
@@ -22,8 +21,6 @@ class Delete extends Controller {
   public function &run(Router &$router, View &$view, array &$args) {
     $data                = $router->getRequestQueryArray();
     $model               = new NewsDeleteModel();
-    $model->csrf_id      = mt_rand();
-    $model->csrf_token   = CSRF::generate($model->csrf_id);
     $model->error        = null;
     $model->id           = (isset($data['id']) ? $data['id'] : null);
     $model->news_post    = null;
@@ -59,17 +56,6 @@ protected function tryDelete(Router &$router, NewsDeleteModel &$model) {
       return;
     }
 
-    $data       = $router->getRequestBodyArray();
-    $csrf_id    = (isset($data['csrf_id'   ]) ? $data['csrf_id'   ] : null);
-    $csrf_token = (isset($data['csrf_token']) ? $data['csrf_token'] : null);
-    $csrf_valid = CSRF::validate($csrf_id, $csrf_token);
-
-    if (!$csrf_valid) {
-      $model->error = 'INVALID_CSRF';
-      return;
-    }
-    CSRF::invalidate($csrf_id);
-
     if (!$model->acl_allowed) {
       $model->error = 'ACL_NOT_SET';
       return;

src/controllers/News/Edit.php

@@ -3,7 +3,6 @@
 namespace BNETDocs\Controllers\News;
 
 use \BNETDocs\Libraries\Authentication;
-use \BNETDocs\Libraries\CSRF;
 use \BNETDocs\Libraries\EventTypes;
 use \BNETDocs\Libraries\Exceptions\NewsPostNotFoundException;
 use \BNETDocs\Libraries\Logger;
@@ -28,8 +27,6 @@ public function &run(Router &$router, View &$view, array &$args) {
     $model                  = new NewsEditModel();
     $model->category        = null;
     $model->content         = null;
-    $model->csrf_id         = mt_rand();
-    $model->csrf_token      = CSRF::generate($model->csrf_id, 7200); // 2 hours
     $model->error           = null;
     $model->markdown        = null;
     $model->news_categories = null;
@@ -88,9 +85,6 @@ protected function handlePost(Router &$router, NewsEditModel &$model) {
     }
 
     $data       = $router->getRequestBodyArray();
-    $csrf_id    = (isset($data['csrf_id'   ]) ? $data['csrf_id'   ] : null);
-    $csrf_token = (isset($data['csrf_token']) ? $data['csrf_token'] : null);
-    $csrf_valid = CSRF::validate($csrf_id, $csrf_token);
     $category   = (isset($data['category'  ]) ? $data['category'  ] : null);
     $title      = (isset($data['title'     ]) ? $data['title'     ] : null);
     $markdown   = (isset($data['markdown'  ]) ? $data['markdown'  ] : null);
@@ -105,12 +99,6 @@ protected function handlePost(Router &$router, NewsEditModel &$model) {
     $model->content    = $content;
     $model->rss_exempt = $rss_exempt;
 
-    if (!$csrf_valid) {
-      $model->error = 'INVALID_CSRF';
-      return;
-    }
-    CSRF::invalidate($csrf_id);
-
     if (empty($title)) {
       $model->error = 'EMPTY_TITLE';
     } else if (empty($content)) {

src/controllers/Packet/Delete.php

@@ -3,7 +3,6 @@
 namespace BNETDocs\Controllers\Packet;
 
 use \BNETDocs\Libraries\Authentication;
-use \BNETDocs\Libraries\CSRF;
 use \BNETDocs\Libraries\Packet;
 use \BNETDocs\Libraries\EventTypes;
 use \BNETDocs\Libraries\Exceptions\PacketNotFoundException;
@@ -22,8 +21,6 @@ class Delete extends Controller {
   public function &run(Router &$router, View &$view, array &$args) {
     $data                = $router->getRequestQueryArray();
     $model               = new PacketDeleteModel();
-    $model->csrf_id      = mt_rand();
-    $model->csrf_token   = CSRF::generate($model->csrf_id);
     $model->error        = null;
     $model->id           = (isset($data['id']) ? $data['id'] : null);
     $model->packet       = null;
@@ -60,17 +57,6 @@ protected function tryDelete(Router &$router, PacketDeleteModel &$model) {
       return;
     }
 
-    $data       = $router->getRequestBodyArray();
-    $csrf_id    = (isset($data['csrf_id'   ]) ? $data['csrf_id'   ] : null);
-    $csrf_token = (isset($data['csrf_token']) ? $data['csrf_token'] : null);
-    $csrf_valid = CSRF::validate($csrf_id, $csrf_token);
-
-    if (!$csrf_valid) {
-      $model->error = 'INVALID_CSRF';
-      return;
-    }
-    CSRF::invalidate($csrf_id);
-
     if (!$model->acl_allowed) {
       $model->error = 'ACL_NOT_SET';
       return;

src/controllers/Packet/Edit.php

@@ -3,7 +3,6 @@
 namespace BNETDocs\Controllers\Packet;
 
 use \BNETDocs\Libraries\Authentication;
-use \BNETDocs\Libraries\CSRF;
 use \BNETDocs\Libraries\EventTypes;
 use \BNETDocs\Libraries\Exceptions\PacketNotFoundException;
 use \BNETDocs\Libraries\Logger;
@@ -26,8 +25,6 @@ class Edit extends Controller {
   public function &run(Router &$router, View &$view, array &$args) {
     $data              = $router->getRequestQueryArray();
     $model             = new PacketEditModel();
-    $model->csrf_id    = mt_rand();
-    $model->csrf_token = CSRF::generate($model->csrf_id, 7200); // 2 hours
     $model->deprecated = null;
     $model->error      = null;
     $model->format     = null;
@@ -84,9 +81,6 @@ protected function handlePost(Router &$router, PacketEditModel &$model) {
     }
 
     $data       = $router->getRequestBodyArray();
-    $csrf_id    = (isset($data['csrf_id'   ]) ? $data['csrf_id'   ] : null);
-    $csrf_token = (isset($data['csrf_token']) ? $data['csrf_token'] : null);
-    $csrf_valid = CSRF::validate($csrf_id, $csrf_token);
     $id         = (isset($data['id'        ]) ? $data['id'        ] : null);
     $name       = (isset($data['name'      ]) ? $data['name'      ] : null);
     $format     = (isset($data['format'    ]) ? $data['format'    ] : null);
@@ -108,12 +102,6 @@ protected function handlePost(Router &$router, PacketEditModel &$model) {
     $model->research   = $research;
     $model->published  = $published;
 
-    if (!$csrf_valid) {
-      $model->error = 'INVALID_CSRF';
-      return;
-    }
-    CSRF::invalidate($csrf_id);
-
     if (empty($name)) {
       $model->error = 'EMPTY_NAME';
     } else if (empty($format)) {