lithium\storage\session\strategy\Hmac::read()

public method

Read strategy method.

Validates the HMAC signature of the stored data. If the signatures match, then the data is safe and will be passed through as-is.

If the stored data being read does not contain a __signature field, a MissingSignatureException is thrown. When catching this exception, you may choose to handle it by either writing out a signature (e.g. in cases where you know that no pre-existing signature may exist), or you can blackhole it as a possible tampering attempt.

Parameters

  • array $data

    The data being read.

  • array $options

    Options for this method.

Returns

array

Validated data.

Source

	public function read($data, array $options = []) {
		if ($data === null) {
			return $data;
		}
		$class = $options['class'];

		$currentData = $class::read(null, ['strategies' => false]);

		if (!isset($currentData['__signature'])) {
			throw new MissingSignatureException('HMAC signature not found.');
		}
		if (Hash::compare($currentData['__signature'], static::_signature($currentData))) {
			return $data;
		}
		throw new RuntimeException('Possible data tampering: HMAC signature does not match data.');
	}