Dropbox在会话中缺少CSRF令牌

时间:2015-06-01 18:21:40

标签: php dropbox csrf dropbox-api

我已经找到了很少有关于此的帖子,但没有回答对我有帮助。

这是我的"请求"文件:

<?php

require_once "Dropbox/Dropbox/autoload.php";
use \Dropbox as dbx;

function getWebAuth(){
    session_start();
    $appInfo = dbx\AppInfo::loadFromJsonFile("configdbx.json");
    $clientIdentifier = "Fototeca/1.0";
    $redirectUri = "https://myurl.com/info.php";
    $csrfTokenStore = new dbx\ArrayEntryStore($_SESSION, 'dropbox-auth-csrf-token');
    return new dbx\WebAuth($appInfo, $clientIdentifier, $redirectUri, $csrfTokenStore);
}

echo "teste";

error_reporting(E_ALL);
ini_set('display_errors', 1);

$authorizeUrl = getWebAuth()->start();
header("Location: $authorizeUrl");
?>

这家伙工作得很好。

当它被重定向到&#34; info.php&#34;文件,它应该在哪里开始请求,它向我显示CSRF缺失错误:

info.php文件:

<?
require_once "Dropbox/Dropbox/autoload.php";
use \Dropbox as dbx;

function getWebAuth(){
    session_start();
    $appInfo = dbx\AppInfo::loadFromJsonFile("configdbx.json");
    $clientIdentifier = "Fototeca/1.0";
    $redirectUri = "https://myurl.com/info.php";
    $csrfTokenStore = new dbx\ArrayEntryStore($_SESSION, 'dropbox-auth-csrf-token');
    return new dbx\WebAuth($appInfo, $clientIdentifier, $redirectUri, $csrfTokenStore);
  }

try {
   list($accessToken, $userId, $state) = getWebAuth()->finish($_GET);
}
catch (dbx\WebAuthException_BadRequest $ex) {
   echo("/dropbox-auth-finish: bad request: " . $ex->getMessage());
   // Respond with an HTTP 400 and display error page...
}
catch (dbx\WebAuthException_BadState $ex) {
   // Auth session expired.  Restart the auth process.
   //header('Location: /request.php');
   echo('Location: /request.php');
   var_dump($ex);
}
catch (dbx\WebAuthException_Csrf $ex) {
   echo("/dropbox-auth-finish: CSRF mismatch: " . $ex->getMessage());
   var_dump($ex);
   // Respond with HTTP 403 and display error page...
}
catch (dbx\WebAuthException_NotApproved $ex) {
   echo("/dropbox-auth-finish: not approved: " . $ex->getMessage());
}
catch (dbx\WebAuthException_Provider $ex) {
   echo("/dropbox-auth-finish: error redirect from Dropbox: " . $ex->getMessage());
}
catch (dbx\Exception $ex) {
   echo("/dropbox-auth-finish: error communicating with Dropbox API: " . $ex->getMessage());
}

// We can now use $accessToken to make API requests.
$dbxClient = new dbx\Client($accessToken, "PHP-Example/1.0");
?>

session_start就在那里。

错误发生在&#34;列表($ accesstoken ... = getWebAuth() - &gt;完成($ _ GET);&#34;,并将我发送到第二个catch并且$ ex var_dump为:

object(Dropbox\WebAuthException_BadState)#5 (7) { ["message":protected]=> string(30) "Missing CSRF token in session." ["string":"Exception":private]=> string(0) "" ["code":protected]=> int(0) ["file":protected]=> string(77) "/home/storage/7/48/18/myurl/public_html/Dropbox/Dropbox/WebAuth.php" ["line":protected]=> int(230) ["trace":"Exception":private]=> array(1) { [0]=> array(6) { ["file"]=> string(58) "/home/storage/7/48/18/myurl/public_html/info.php" ["line"]=> int(16) ["function"]=> string(6) "finish" ["class"]=> string(15) "Dropbox\WebAuth" ["type"]=> string(2) "->" ["args"]=> array(1) { [0]=> array(2) { ["state"]=> string(24) "RfkdmUNynjaof7rylfXsQw==" ["code"]=> string(43) "x7QaUiXWwCEAAAAAAAAMxJ3ptKdTsMdJhkDmrUZ2ZcM" } } } } ["previous":"Exception":private]=> NULL }

1 个答案:

答案 0 :(得分:0)

谢谢smarx!

我发现了Session variables not working php

并意识到我的命运网址与第一个不同