function OneTimeAuthentication::verifyHmac

Same name and namespace in other branches

main core/modules/user/src/OneTimeAuthentication.php \Drupal\user\OneTimeAuthentication::verifyHmac()

Verify a one time authentication code and its timestamp.

For a usage example, see \Drupal\user\OneTimeAuthentication::generateCancelConfirmUrl() and \Drupal\user\Controller\UserController::confirmCancel().

Parameters

\Drupal\user\UserInterface $account: An account for which to verify the authentication code.

int $timestamp: The timestamp of the authentication code.

string $hmac: One time authentication code.

int $timeout: Expiration timeout of authentication code.

Return value

bool Whether the provided data are valid.

File

core/modules/user/src/OneTimeAuthentication.php, line 78

Class

OneTimeAuthentication: Generate and verify one time authentication codes.

Namespace

Drupal\user

Code

public function verifyHmac(UserInterface $account, int $timestamp, string $hmac, int $timeout = 0) : bool {
  $current = $this->time
    ->getRequestTime();
  $timeout_valid = !empty($timeout) && $current - $timestamp < $timeout || empty($timeout);
  return $timestamp >= $account->getLastLoginTime() && $timestamp <= $current && $timeout_valid && hash_equals($hmac, $this->generateHmac($account, $timestamp));
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.

Breadcrumb