Added support for custom loggers and more changes

Changes in this commit
- Support for custom loggers which implements LoggerInterface interface
- Actions redefined in separate class
- All classes moved to separate files
- Added tests for custom and default loggers, which is still file based

Author: mebjas

libs/csrf/LoggerInterface.php

@@ -0,0 +1,26 @@
+<?php
+/**
+ * This file has implementation for LoggerInterface interface
+ */
+
+if (!defined('__CSRF_PROTECTOR_loggerInterface__')) {
+    // to avoid multiple declaration errors
+    define('__CSRF_PROTECTOR_loggerInterface__', true);
+
+    /**
+     * Interface for logger class
+     */
+    interface LoggerInterface {
+        /**
+         * logging method
+         *
+         * Parameters:
+         * $message - the log message
+         * $context - context array
+         * 
+         * Return:
+         * void
+         */
+        public function log($message, $context = array());
+    }
+}

libs/csrf/csrfpAction.php

@@ -0,0 +1,49 @@
+<?php
+/**
+ * This file has implementation for csrfpAction class
+ */
+
+if (!defined('__CSRF_PROTECTOR_csrfpAction__')) {
+    // to avoid multiple declaration errors
+    define('__CSRF_PROTECTOR_csrfpAction__', true);
+
+    /**
+     * Enumerator for actions
+     */
+    abstract class csrfpAction {
+        /**
+         * Variable: ForbiddenResponseAction
+         * Action of sending back 403 response code
+         * @var int
+         */
+        const ForbiddenResponseAction = 0;
+
+        /**
+         * Variable: ClearParametersAction
+         * Action of clearning all request parameters
+         * @var int
+         */
+        const ClearParametersAction = 1;
+
+        /**
+         * Variable: RedirectAction
+         * Action of redirecting users to another location
+         * @var int
+         */
+        const RedirectAction = 2;
+
+        /**
+         * Variable: CustomErrorMessageAction
+         * Action of sending back a custom message
+         * @var int
+         */
+        const CustomErrorMessageAction = 3;
+
+        /**
+         * Variable: InternalServerErrorResponseAction
+         * Action of sending back 5XX response code
+         * @var int
+         */
+        const InternalServerErrorResponseAction = 4;
+    }
+}

libs/csrf/csrfpCookieConfig.php

@@ -0,0 +1,58 @@
+<?php
+/**
+ * This file has implementation for csrfpCookieConfig class
+ */
+
+if (!defined('__CSRF_PROTECTOR_csrfpCookieConfig__')) {
+    // to avoid multiple declaration errors
+    define('__CSRF_PROTECTOR_csrfpCookieConfig__', true);
+
+    /**
+     * Cookie config class
+     */
+    class csrfpCookieConfig
+    {
+        /**
+         * Variable: $path
+         * path parameter for setcookie method
+         * @var string
+         */
+        public $path = '';
+
+        /**
+         * Variable: $domain
+         * domain parameter for setcookie method
+         * @var string
+         */
+        public $domain = '';
+
+        /**
+         * Variable: $secure
+         * secure parameter for setcookie method
+         * @var bool
+         */
+        public $secure = false;
+
+        /**
+         * Variable: $expire
+         * expiry parameter in seconds from now for setcookie method, default is 30 minutes
+         * @var int
+         */
+        public $expire = 1800;
+
+        /**
+         * Function: constructor
+         * 
+         * Parameters:
+         * @param $cfg - config array loaded from config file;
+         */
+        function __construct($cfg) {
+            if ($cfg !== null) {
+                if (isset($cfg['path'])) $this->path = $cfg['path'];
+                if (isset($cfg['domain'])) $this->domain = $cfg['domain'];
+                if (isset($cfg['secure'])) $this->secure = (bool) $cfg['secure'];
+                if (isset($cfg['expire']) && $cfg['expire']) $this->expire = (int)$cfg['expire'];
+            }
+        }
+    }
+}

libs/csrf/csrfpDefaultLogger.php

@@ -0,0 +1,88 @@
+<?php
+/**
+ * This file has implementation for csrfpDefaultLogger class
+ */
+include __DIR__ ."/LoggerInterface.php";
+
+if (!defined('__CSRF_PROTECTOR_csrfpDefaultLogger_')) {
+    // to avoid multiple declaration errors
+    define('__CSRF_PROTECTOR_csrfpDefaultLogger_', true);
+
+    class logDirectoryNotFoundException extends \exception {};
+    class logFileWriteError extends \exception {};
+
+    /**
+     * Default logger class for CSRF Protector
+     * This is a file based logger class
+     */
+    class csrfpDefaultLogger implements LoggerInterface {
+        /**
+         * Variable: $logDirectory
+         * directory for file based logging
+         */
+        private $logDirectory;
+
+        /**
+         * Constructor
+         * 
+         * Parameters:
+         * $path - the path for logs to be stored (relative or absolute)
+         * 
+         * Returns:
+         * void
+         *
+         * Throws:
+         * logDirectoryNotFoundException - if log directory is not found
+         */
+        function __construct($path) {
+            //// Check for relative path
+            $this->logDirectory = __DIR__ . "/../" . $path;
+            
+
+            //// If the relative log directory path does not
+            //// exist try as an absolute path
+            if (!is_dir($this->logDirectory)) {
+                $this->logDirectory = $path;
+            }
+
+            if (!is_dir($this->logDirectory)) {
+                throw new logDirectoryNotFoundException("OWASP CSRFProtector: Log Directory Not Found!");
+            }
+        }
+
+        /**
+         * logging method
+         *
+         * Parameters:
+         * $message - the log message
+         * $context - context array
+         * 
+         * Return:
+         * void
+         *
+         * Throws:
+         * logFileWriteError - if unable to log an attack
+         */
+        public function log($message, $context = array()) {
+            // Append to the log file, or create it if it does not exist create
+            $logFile = fopen($this->logDirectory ."/" . date("m-20y") . ".log", "a+");
+
+            //throw exception if above fopen fails
+            if (!$logFile) {
+                throw new logFileWriteError("OWASP CSRFProtector: Unable to write to the log file");    
+            }
+
+            $context['timestamp'] = time();
+            $context['message'] = $message;
+
+            //convert log array to JSON format to be logged
+            $context = json_encode($context) .PHP_EOL;
+
+            //append log to the file
+            fwrite($logFile, $context);
+
+            //close the file handler
+            fclose($logFile);
+        }
+    }
+}