From 099c9ce41bccddac4bfc84dd240326ab707771da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juli=C3=A1n=20Guti=C3=A9rrez?= Date: Sat, 13 Feb 2016 14:07:09 +0100 Subject: [PATCH] move token identifier generation --- src/Grant/AbstractGrant.php | 29 +++++++++++++++++++---- src/Utils/SecureKey.php | 47 ------------------------------------- 2 files changed, 25 insertions(+), 51 deletions(-) delete mode 100644 src/Utils/SecureKey.php diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php index 39fbf543..c18058f8 100644 --- a/src/Grant/AbstractGrant.php +++ b/src/Grant/AbstractGrant.php @@ -23,7 +23,6 @@ use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\Repositories\ClientRepositoryInterface; use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; -use League\OAuth2\Server\Utils\SecureKey; use Psr\Http\Message\ServerRequestInterface; /** @@ -310,7 +309,7 @@ abstract class AbstractGrant implements GrantTypeInterface array $scopes = [] ) { $accessToken = new AccessTokenEntity(); - $accessToken->setIdentifier(SecureKey::generate()); + $accessToken->setIdentifier($this->generateUniqueIdentifier()); $accessToken->setExpiryDateTime((new \DateTime())->add($tokenTTL)); $accessToken->setClient($client); $accessToken->setUserIdentifier($userIdentifier); @@ -342,7 +341,7 @@ abstract class AbstractGrant implements GrantTypeInterface array $scopes = [] ) { $authCode = new AuthCodeEntity(); - $authCode->setIdentifier(SecureKey::generate()); + $authCode->setIdentifier($this->generateUniqueIdentifier()); $authCode->setExpiryDateTime((new \DateTime())->add($tokenTTL)); $authCode->setClient($client); $authCode->setUserIdentifier($userIdentifier); @@ -363,13 +362,35 @@ abstract class AbstractGrant implements GrantTypeInterface protected function issueRefreshToken(AccessTokenEntity $accessToken) { $refreshToken = new RefreshTokenEntity(); - $refreshToken->setIdentifier(SecureKey::generate()); + $refreshToken->setIdentifier($this->generateUniqueIdentifier()); $refreshToken->setExpiryDateTime((new \DateTime())->add($this->refreshTokenTTL)); $refreshToken->setAccessToken($accessToken); return $refreshToken; } + /** + * Generate a new unique identifier + * + * @param int $length + * + * @return string + * + * @throws \League\OAuth2\Server\Exception\OAuthServerException + */ + protected function generateUniqueIdentifier($length = 40) + { + try { + return bin2hex(random_bytes($length)); + } catch (\TypeError $e) { + throw OAuthServerException::serverError('An unexpected error has occurred'); + } catch (\Error $e) { + throw OAuthServerException::serverError('An unexpected error has occurred'); + } catch (\Exception $e) { + throw OAuthServerException::serverError('Could not generate a random string'); + } + } + /** * @inheritdoc */ diff --git a/src/Utils/SecureKey.php b/src/Utils/SecureKey.php deleted file mode 100644 index f5078bbf..00000000 --- a/src/Utils/SecureKey.php +++ /dev/null @@ -1,47 +0,0 @@ - - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages - * @license http://mit-license.org/ - * @link http://github.com/php-loep/oauth2-server - */ - -namespace League\OAuth2\Server\Utils; - -use League\OAuth2\Server\Exception\OAuthServerException; - - -/** - * SecureKey class - */ -class SecureKey -{ - /** - * Generate a new unique code - * - * @param integer $len Length of the generated code - * - * @return string - * @throws \League\OAuth2\Server\Exception\OAuthServerException - */ - public static function generate($len = 40) - { - try { - $string = random_bytes($len); - } catch (\TypeError $e) { - // Well, it's an integer, so this IS unexpected. - throw OAuthServerException::serverError("An unexpected error has occurred"); - } catch (\Error $e) { - // This is also unexpected because 32 is a reasonable integer. - throw OAuthServerException::serverError("An unexpected error has occurred"); - } catch (\Exception $e) { - // If you get this message, the CSPRNG failed hard. - throw OAuthServerException::serverError("Could not generate a random string. Is our OS secure?"); - } - - return bin2hex($string); - } -}