mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-28 07:50:23 +05:30
Replaced SecureKey::generate with random_bytes method
This commit is contained in:
parent
5fcb47d66a
commit
6beb8d42ff
@ -8,7 +8,8 @@
|
||||
"league/event": "~2.1",
|
||||
"zendframework/zend-diactoros": "~1.1",
|
||||
"namshi/jose": "^6.0",
|
||||
"lcobucci/jwt": "^3.1"
|
||||
"lcobucci/jwt": "^3.1",
|
||||
"paragonie/random_compat": "^1.1"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "4.8.*",
|
||||
|
@ -1,36 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* OAuth 2.0 Secure key interface
|
||||
*
|
||||
* @package league/oauth2-server
|
||||
* @author Alex Bilbie <hello@alexbilbie.com>
|
||||
* @copyright Copyright (c) Alex Bilbie
|
||||
* @license http://mit-license.org/
|
||||
* @link https://github.com/thephpleague/oauth2-server
|
||||
*/
|
||||
|
||||
namespace League\OAuth2\Server\Utils\KeyAlgorithm;
|
||||
|
||||
class DefaultAlgorithm implements KeyAlgorithmInterface
|
||||
{
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function generate($len = 40)
|
||||
{
|
||||
$stripped = '';
|
||||
do {
|
||||
$bytes = openssl_random_pseudo_bytes($len, $strong);
|
||||
|
||||
// We want to stop execution if the key fails because, well, that is bad.
|
||||
if ($bytes === false || $strong === false) {
|
||||
// @codeCoverageIgnoreStart
|
||||
throw new \Exception('Error Generating Key');
|
||||
// @codeCoverageIgnoreEnd
|
||||
}
|
||||
$stripped .= str_replace(['/', '+', '='], '', base64_encode($bytes));
|
||||
} while (strlen($stripped) < $len);
|
||||
|
||||
return substr($stripped, 0, $len);
|
||||
}
|
||||
}
|
@ -1,24 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* OAuth 2.0 Secure key interface
|
||||
*
|
||||
* @package league/oauth2-server
|
||||
* @author Alex Bilbie <hello@alexbilbie.com>
|
||||
* @copyright Copyright (c) Alex Bilbie
|
||||
* @license http://mit-license.org/
|
||||
* @link https://github.com/thephpleague/oauth2-server
|
||||
*/
|
||||
|
||||
namespace League\OAuth2\Server\Utils\KeyAlgorithm;
|
||||
|
||||
interface KeyAlgorithmInterface
|
||||
{
|
||||
/**
|
||||
* Generate a new unique code
|
||||
*
|
||||
* @param integer $len Length of the generated code
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function generate($len);
|
||||
}
|
@ -11,48 +11,37 @@
|
||||
|
||||
namespace League\OAuth2\Server\Utils;
|
||||
|
||||
use League\OAuth2\Server\Utils\KeyAlgorithm\DefaultAlgorithm;
|
||||
use League\OAuth2\Server\Utils\KeyAlgorithm\KeyAlgorithmInterface;
|
||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||
|
||||
|
||||
/**
|
||||
* SecureKey class
|
||||
*/
|
||||
class SecureKey
|
||||
{
|
||||
/**
|
||||
* @var KeyAlgorithmInterface
|
||||
*/
|
||||
protected static $algorithm;
|
||||
|
||||
/**
|
||||
* Generate a new unique code
|
||||
*
|
||||
* @param integer $len Length of the generated code
|
||||
*
|
||||
* @return string
|
||||
* @throws \League\OAuth2\Server\Exception\OAuthServerException
|
||||
*/
|
||||
public static function generate($len = 40)
|
||||
{
|
||||
return self::getAlgorithm()->generate($len);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param KeyAlgorithmInterface $algorithm
|
||||
*/
|
||||
public static function setAlgorithm(KeyAlgorithmInterface $algorithm)
|
||||
{
|
||||
self::$algorithm = $algorithm;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return KeyAlgorithmInterface
|
||||
*/
|
||||
public static function getAlgorithm()
|
||||
{
|
||||
if (is_null(self::$algorithm)) {
|
||||
self::$algorithm = new DefaultAlgorithm();
|
||||
try {
|
||||
$string = random_bytes($len);
|
||||
} catch (\TypeError $e) {
|
||||
// Well, it's an integer, so this IS unexpected.
|
||||
throw OAuthServerException::serverError("An unexpected error has occurred");
|
||||
} catch (\Error $e) {
|
||||
// This is also unexpected because 32 is a reasonable integer.
|
||||
throw OAuthServerException::serverError("An unexpected error has occurred");
|
||||
} catch (\Exception $e) {
|
||||
// If you get this message, the CSPRNG failed hard.
|
||||
throw OAuthServerException::serverError("Could not generate a random string. Is our OS secure?");
|
||||
}
|
||||
|
||||
return self::$algorithm;
|
||||
return bin2hex($string);
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user