ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-12-26 06:59:49 +05:30
Code Issues Packages Projects Releases Wiki Activity

move token identifier generation

Browse Source
This commit is contained in:
Julián Gutiérrez 2016-02-13 14:07:09 +01:00
parent 655f6b9771
commit 099c9ce41b
2 changed files with 25 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/Grant/AbstractGrant.php
View File

@ -23,7 +23,6 @@ use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
use League\OAuth2\Server\Utils\SecureKey;
use Psr\Http\Message\ServerRequestInterface;
/**
@ -310,7 +309,7 @@ abstract class AbstractGrant implements GrantTypeInterface
array $scopes = []
) {
$accessToken = new AccessTokenEntity();
$accessToken->setIdentifier(SecureKey::generate());
$accessToken->setIdentifier($this->generateUniqueIdentifier());
$accessToken->setExpiryDateTime((new \DateTime())->add($tokenTTL));
$accessToken->setClient($client);
$accessToken->setUserIdentifier($userIdentifier);
@ -342,7 +341,7 @@ abstract class AbstractGrant implements GrantTypeInterface
array $scopes = []
) {
$authCode = new AuthCodeEntity();
$authCode->setIdentifier(SecureKey::generate());
$authCode->setIdentifier($this->generateUniqueIdentifier());
$authCode->setExpiryDateTime((new \DateTime())->add($tokenTTL));
$authCode->setClient($client);
$authCode->setUserIdentifier($userIdentifier);
@ -363,13 +362,35 @@ abstract class AbstractGrant implements GrantTypeInterface
protected function issueRefreshToken(AccessTokenEntity $accessToken)
{
$refreshToken = new RefreshTokenEntity();
$refreshToken->setIdentifier(SecureKey::generate());
$refreshToken->setIdentifier($this->generateUniqueIdentifier());
$refreshToken->setExpiryDateTime((new \DateTime())->add($this->refreshTokenTTL));
$refreshToken->setAccessToken($accessToken);
return $refreshToken;
}
/**
* Generate a new unique identifier
*
* @param int $length
*
* @return string
*
* @throws \League\OAuth2\Server\Exception\OAuthServerException
*/
protected function generateUniqueIdentifier($length = 40)
{
try {
return bin2hex(random_bytes($length));
} catch (\TypeError $e) {
throw OAuthServerException::serverError('An unexpected error has occurred');
} catch (\Error $e) {
throw OAuthServerException::serverError('An unexpected error has occurred');
} catch (\Exception $e) {
throw OAuthServerException::serverError('Could not generate a random string');
}
}
/**
* @inheritdoc
*/

47
src/Utils/SecureKey.php
View File

@ -1,47 +0,0 @@
<?php
/**
* OAuth 2.0 Secure key generator
*
* @package php-loep/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages
* @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server
*/
namespace League\OAuth2\Server\Utils;
use League\OAuth2\Server\Exception\OAuthServerException;
/**
* SecureKey class
*/
class SecureKey
{
/**
* Generate a new unique code
*
* @param integer $len Length of the generated code
*
* @return string
* @throws \League\OAuth2\Server\Exception\OAuthServerException
*/
public static function generate($len = 40)
{
try {
$string = random_bytes($len);
} catch (\TypeError $e) {
// Well, it's an integer, so this IS unexpected.
throw OAuthServerException::serverError("An unexpected error has occurred");
} catch (\Error $e) {
// This is also unexpected because 32 is a reasonable integer.
throw OAuthServerException::serverError("An unexpected error has occurred");
} catch (\Exception $e) {
// If you get this message, the CSPRNG failed hard.
throw OAuthServerException::serverError("Could not generate a random string. Is our OS secure?");
}
return bin2hex($string);
}
}