docs: add doc comments

kenjis · kenjis · commit 2b890fe8678e · 2022-07-31T16:21:48.000+09:00
diff --git a/system/Security/Security.php b/system/Security/Security.php
@@ -54,7 +54,7 @@ class Security implements SecurityInterface
     protected $tokenRandomize = false;
 
     /**
-     * CSRF Hash
+     * CSRF Hash (without randomization)
      *
      * Random hash for Cross Site Request Forgery protection.
      *
@@ -88,7 +88,7 @@ class Security implements SecurityInterface
     protected $cookie;
 
     /**
-     * CSRF Cookie Name
+     * CSRF Cookie Name (with Prefix)
      *
      * Cookie name for Cross Site Request Forgery protection.
      *
@@ -155,7 +155,10 @@ class Security implements SecurityInterface
     private ?Session $session = null;
 
     /**
-     * CSRF Hash in Cookie
+     * CSRF Hash in Request Cookie
+     *
+     * The cookie value is always CSRF hash (without randomization) even if
+     * $tokenRandomize is true.
      */
     private ?string $hashInCookie = null;
 
@@ -249,7 +252,7 @@ public function CSRFVerify(RequestInterface $request)
     }
 
     /**
-     * Returns the CSRF Hash.
+     * Returns the CSRF Token.
      *
      * @deprecated Use `CodeIgniter\Security\Security::getHash()` instead of using this method.
      *
@@ -351,7 +354,7 @@ private function getPostedToken(RequestInterface $request): ?string
     }
 
     /**
-     * Returns the CSRF Hash.
+     * Returns the CSRF Token.
      */
     public function getHash(): ?string
     {
@@ -360,6 +363,10 @@ public function getHash(): ?string
 
     /**
      * Randomize hash to avoid BREACH attacks.
+     *
+     * @params string $hash CSRF hash
+     *
+     * @return string CSRF token
      */
     protected function randomize(string $hash): string
     {
@@ -376,7 +383,11 @@ protected function randomize(string $hash): string
     /**
      * Derandomize the token.
      *
+     * @params string $token CSRF token
+     *
      * @throws InvalidArgumentException "hex2bin(): Hexadecimal input string must have an even length"
+     *
+     * @return string CSRF hash
      */
     protected function derandomize(string $token): string
     {

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ class Security implements SecurityInterface`
`54`	`54`	`protected $tokenRandomize = false;`
`55`	`55`
`56`	`56`	`/**`
`57`		`- * CSRF Hash`
	`57`	`+ * CSRF Hash (without randomization)`
`58`	`58`	`*`
`59`	`59`	`* Random hash for Cross Site Request Forgery protection.`
`60`	`60`	`*`
`@@ -88,7 +88,7 @@ class Security implements SecurityInterface`
`88`	`88`	`protected $cookie;`
`89`	`89`
`90`	`90`	`/**`
`91`		`- * CSRF Cookie Name`
	`91`	`+ * CSRF Cookie Name (with Prefix)`
`92`	`92`	`*`
`93`	`93`	`* Cookie name for Cross Site Request Forgery protection.`
`94`	`94`	`*`
`@@ -155,7 +155,10 @@ class Security implements SecurityInterface`
`155`	`155`	`private ?Session $session = null;`
`156`	`156`
`157`	`157`	`/**`
`158`		`- * CSRF Hash in Cookie`
	`158`	`+ * CSRF Hash in Request Cookie`
	`159`	`+ *`
	`160`	`+ * The cookie value is always CSRF hash (without randomization) even if`
	`161`	`+ * $tokenRandomize is true.`
`159`	`162`	`*/`
`160`	`163`	`private ?string $hashInCookie = null;`
`161`	`164`
`@@ -249,7 +252,7 @@ public function CSRFVerify(RequestInterface $request)`
`249`	`252`	`}`
`250`	`253`
`251`	`254`	`/**`
`252`		`- * Returns the CSRF Hash.`
	`255`	`+ * Returns the CSRF Token.`
`253`	`256`	`*`
`254`	`257`	* @deprecated Use `CodeIgniter\Security\Security::getHash()` instead of using this method.
`255`	`258`	`*`
`@@ -351,7 +354,7 @@ private function getPostedToken(RequestInterface $request): ?string`
`351`	`354`	`}`
`352`	`355`
`353`	`356`	`/**`
`354`		`- * Returns the CSRF Hash.`
	`357`	`+ * Returns the CSRF Token.`
`355`	`358`	`*/`
`356`	`359`	`public function getHash(): ?string`
`357`	`360`	`{`
`@@ -360,6 +363,10 @@ public function getHash(): ?string`
`360`	`363`
`361`	`364`	`/**`
`362`	`365`	`* Randomize hash to avoid BREACH attacks.`
	`366`	`+ *`
	`367`	`+ * @params string $hash CSRF hash`
	`368`	`+ *`
	`369`	`+ * @return string CSRF token`
`363`	`370`	`*/`
`364`	`371`	`protected function randomize(string $hash): string`
`365`	`372`	`{`
`@@ -376,7 +383,11 @@ protected function randomize(string $hash): string`
`376`	`383`	`/**`
`377`	`384`	`* Derandomize the token.`
`378`	`385`	`*`
	`386`	`+ * @params string $token CSRF token`
	`387`	`+ *`
`379`	`388`	`* @throws InvalidArgumentException "hex2bin(): Hexadecimal input string must have an even length"`
	`389`	`+ *`
	`390`	`+ * @return string CSRF hash`
`380`	`391`	`*/`
`381`	`392`	`protected function derandomize(string $token): string`
`382`	`393`	`{`