From f632fcc997ce885b71f79e34323ca5c30c32c5b3 Mon Sep 17 00:00:00 2001
From: joao <joao.ramos@webplunder.com>
Date: Fri, 28 Aug 2015 10:38:45 +0000
Subject: [PATCH 1/2] ISSUE #356: added the refresh token to the mac token type
 response

---
 src/TokenType/MAC.php | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/src/TokenType/MAC.php b/src/TokenType/MAC.php
index 1eb3b930..6d5e86e1 100644
--- a/src/TokenType/MAC.php
+++ b/src/TokenType/MAC.php
@@ -1,14 +1,14 @@
 <?php
+
 /**
- * OAuth 2.0 MAC Token Type
+ * OAuth 2.0 MAC Token Type.
  *
- * @package     league/oauth2-server
  * @author      Alex Bilbie <hello@alexbilbie.com>
  * @copyright   Copyright (c) Alex Bilbie
  * @license     http://mit-license.org/
+ *
  * @link        https://github.com/thephpleague/oauth2-server
  */
-
 namespace League\OAuth2\Server\TokenType;
 
 use League\OAuth2\Server\Util\SecureKey;
@@ -16,7 +16,7 @@ use Symfony\Component\HttpFoundation\ParameterBag;
 use Symfony\Component\HttpFoundation\Request;
 
 /**
- * MAC Token Type
+ * MAC Token Type.
  */
 class MAC extends AbstractTokenType implements TokenTypeInterface
 {
@@ -29,13 +29,17 @@ class MAC extends AbstractTokenType implements TokenTypeInterface
         $this->server->getMacStorage()->create($macKey, $this->getParam('access_token'));
 
         $response = [
-            'access_token'  =>  $this->getParam('access_token'),
-            'token_type'    =>  'mac',
-            'expires_in'    =>  $this->getParam('expires_in'),
-            'mac_key'       =>  $macKey,
-            'mac_algorithm' =>  'hmac-sha-256',
+            'access_token' => $this->getParam('access_token'),
+            'token_type' => 'mac',
+            'expires_in' => $this->getParam('expires_in'),
+            'mac_key' => $macKey,
+            'mac_algorithm' => 'hmac-sha-256',
         ];
 
+        if (!is_null($this->getParam('refresh_token'))) {
+            $response['refresh_token'] = $this->getParam('refresh_token');
+        }
+
         return $response;
     }
 
@@ -121,9 +125,11 @@ class MAC extends AbstractTokenType implements TokenTypeInterface
     }
 
     /**
-     * Prevent timing attack
-     * @param  string $knownString
-     * @param  string $userString
+     * Prevent timing attack.
+     *
+     * @param string $knownString
+     * @param string $userString
+     *
      * @return bool
      */
     private function hash_equals($knownString, $userString)
@@ -136,7 +142,7 @@ class MAC extends AbstractTokenType implements TokenTypeInterface
         }
         $len = strlen($knownString);
         $result = 0;
-        for ($i = 0; $i < $len; $i++) {
+        for ($i = 0; $i < $len; ++$i) {
             $result |= (ord($knownString[$i]) ^ ord($userString[$i]));
         }
         // They are only identical strings if $result is exactly 0...

From 56c73d2427503d0697867b6af54f5813f4c99063 Mon Sep 17 00:00:00 2001
From: joao <joao.ramos@webplunder.com>
Date: Fri, 28 Aug 2015 10:40:13 +0000
Subject: [PATCH 2/2] ISSUE #356: added the refresh token to the mac token type
 response

---
 src/TokenType/MAC.php | 28 +++++++++++++---------------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/src/TokenType/MAC.php b/src/TokenType/MAC.php
index 6d5e86e1..c1c28ab1 100644
--- a/src/TokenType/MAC.php
+++ b/src/TokenType/MAC.php
@@ -1,14 +1,14 @@
 <?php
-
 /**
- * OAuth 2.0 MAC Token Type.
+ * OAuth 2.0 MAC Token Type
  *
+ * @package     league/oauth2-server
  * @author      Alex Bilbie <hello@alexbilbie.com>
  * @copyright   Copyright (c) Alex Bilbie
  * @license     http://mit-license.org/
- *
  * @link        https://github.com/thephpleague/oauth2-server
  */
+
 namespace League\OAuth2\Server\TokenType;
 
 use League\OAuth2\Server\Util\SecureKey;
@@ -16,7 +16,7 @@ use Symfony\Component\HttpFoundation\ParameterBag;
 use Symfony\Component\HttpFoundation\Request;
 
 /**
- * MAC Token Type.
+ * MAC Token Type
  */
 class MAC extends AbstractTokenType implements TokenTypeInterface
 {
@@ -29,11 +29,11 @@ class MAC extends AbstractTokenType implements TokenTypeInterface
         $this->server->getMacStorage()->create($macKey, $this->getParam('access_token'));
 
         $response = [
-            'access_token' => $this->getParam('access_token'),
-            'token_type' => 'mac',
-            'expires_in' => $this->getParam('expires_in'),
-            'mac_key' => $macKey,
-            'mac_algorithm' => 'hmac-sha-256',
+            'access_token'  =>  $this->getParam('access_token'),
+            'token_type'    =>  'mac',
+            'expires_in'    =>  $this->getParam('expires_in'),
+            'mac_key'       =>  $macKey,
+            'mac_algorithm' =>  'hmac-sha-256',
         ];
 
         if (!is_null($this->getParam('refresh_token'))) {
@@ -125,11 +125,9 @@ class MAC extends AbstractTokenType implements TokenTypeInterface
     }
 
     /**
-     * Prevent timing attack.
-     *
-     * @param string $knownString
-     * @param string $userString
-     *
+     * Prevent timing attack
+     * @param  string $knownString
+     * @param  string $userString
      * @return bool
      */
     private function hash_equals($knownString, $userString)
@@ -142,7 +140,7 @@ class MAC extends AbstractTokenType implements TokenTypeInterface
         }
         $len = strlen($knownString);
         $result = 0;
-        for ($i = 0; $i < $len; ++$i) {
+        for ($i = 0; $i < $len; $i++) {
             $result |= (ord($knownString[$i]) ^ ord($userString[$i]));
         }
         // They are only identical strings if $result is exactly 0...