diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php index 142e930d..b2d06179 100644 --- a/src/Grant/AbstractGrant.php +++ b/src/Grant/AbstractGrant.php @@ -25,7 +25,6 @@ use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface; use League\OAuth2\Server\Repositories\ClientRepositoryInterface; use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface; use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; -use League\OAuth2\Server\Utils\SecureKey; use OAuth2ServerExamples\Repositories\AuthCodeRepository; use Psr\Http\Message\ServerRequestInterface; @@ -339,7 +338,7 @@ abstract class AbstractGrant implements GrantTypeInterface array $scopes = [] ) { $accessToken = new AccessTokenEntity(); - $accessToken->setIdentifier(SecureKey::generate()); + $accessToken->setIdentifier($this->generateUniqueIdentifier()); $accessToken->setExpiryDateTime((new \DateTime())->add($tokenTTL)); $accessToken->setClient($client); $accessToken->setUserIdentifier($userIdentifier); @@ -373,7 +372,7 @@ abstract class AbstractGrant implements GrantTypeInterface array $scopes = [] ) { $authCode = new AuthCodeEntity(); - $authCode->setIdentifier(SecureKey::generate()); + $authCode->setIdentifier($this->generateUniqueIdentifier()); $authCode->setExpiryDateTime((new \DateTime())->add($tokenTTL)); $authCode->setClient($client); $authCode->setUserIdentifier($userIdentifier); @@ -396,7 +395,7 @@ abstract class AbstractGrant implements GrantTypeInterface protected function issueRefreshToken(AccessTokenEntity $accessToken) { $refreshToken = new RefreshTokenEntity(); - $refreshToken->setIdentifier(SecureKey::generate()); + $refreshToken->setIdentifier($this->generateUniqueIdentifier()); $refreshToken->setExpiryDateTime((new \DateTime())->add($this->refreshTokenTTL)); $refreshToken->setAccessToken($accessToken); @@ -405,6 +404,31 @@ abstract class AbstractGrant implements GrantTypeInterface return $refreshToken; } + /** + * Generate a new unique identifier + * + * @param int $length + * + * @return string + * + * @throws \League\OAuth2\Server\Exception\OAuthServerException + */ + protected function generateUniqueIdentifier($length = 40) + { + try { + return bin2hex(random_bytes($length)); + // @codeCoverageIgnoreStart + } catch (\TypeError $e) { + throw OAuthServerException::serverError('An unexpected error has occurred'); + } catch (\Error $e) { + throw OAuthServerException::serverError('An unexpected error has occurred'); + } catch (\Exception $e) { + // If you get this message, the CSPRNG failed hard. + throw OAuthServerException::serverError('Could not generate a random string'); + } + // @codeCoverageIgnoreEnd + } + /** * @inheritdoc */ diff --git a/tests/Grant/AbstractGrantTest.php b/tests/Grant/AbstractGrantTest.php index cb19bf52..d64f6edb 100644 --- a/tests/Grant/AbstractGrantTest.php +++ b/tests/Grant/AbstractGrantTest.php @@ -374,4 +374,15 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase $grantMock->validateScopes($serverRequest, new ClientEntity()); } + + public function testGenerateUniqueIdentifier() + { + $grantMock = $this->getMockForAbstractClass(AbstractGrant::class); + + $abstractGrantReflection = new \ReflectionClass($grantMock); + $method = $abstractGrantReflection->getMethod('generateUniqueIdentifier'); + $method->setAccessible(true); + + $this->assertTrue(is_string($method->invoke($grantMock))); + } } diff --git a/tests/Utils/SecureKeyTest.php b/tests/Utils/SecureKeyTest.php deleted file mode 100644 index aebdb755..00000000 --- a/tests/Utils/SecureKeyTest.php +++ /dev/null @@ -1,13 +0,0 @@ -assertTrue(is_string(SecureKey::generate())); - } -}