diff options
Diffstat (limited to 'Csrf')
| -rw-r--r-- | Csrf/CsrfTokenManager.php | 3 | ||||
| -rw-r--r-- | Csrf/Tests/TokenGenerator/UriSafeTokenGeneratorTest.php | 8 | ||||
| -rw-r--r-- | Csrf/TokenGenerator/UriSafeTokenGenerator.php | 26 | ||||
| -rw-r--r-- | Csrf/composer.json | 8 |
4 files changed, 17 insertions, 28 deletions
diff --git a/Csrf/CsrfTokenManager.php b/Csrf/CsrfTokenManager.php index e129502..cdda543 100644 --- a/Csrf/CsrfTokenManager.php +++ b/Csrf/CsrfTokenManager.php @@ -11,7 +11,6 @@ namespace Symfony\Component\Security\Csrf; -use Symfony\Component\Security\Core\Util\StringUtils; use Symfony\Component\Security\Csrf\TokenGenerator\UriSafeTokenGenerator; use Symfony\Component\Security\Csrf\TokenGenerator\TokenGeneratorInterface; use Symfony\Component\Security\Csrf\TokenStorage\NativeSessionTokenStorage; @@ -92,6 +91,6 @@ class CsrfTokenManager implements CsrfTokenManagerInterface return false; } - return StringUtils::equals($this->storage->getToken($token->getId()), $token->getValue()); + return hash_equals($this->storage->getToken($token->getId()), $token->getValue()); } } diff --git a/Csrf/Tests/TokenGenerator/UriSafeTokenGeneratorTest.php b/Csrf/Tests/TokenGenerator/UriSafeTokenGeneratorTest.php index 1b325e5..e4ea80c 100644 --- a/Csrf/Tests/TokenGenerator/UriSafeTokenGeneratorTest.php +++ b/Csrf/Tests/TokenGenerator/UriSafeTokenGeneratorTest.php @@ -44,8 +44,7 @@ class UriSafeTokenGeneratorTest extends \PHPUnit_Framework_TestCase protected function setUp() { - $this->random = $this->getMock('Symfony\Component\Security\Core\Util\SecureRandomInterface'); - $this->generator = new UriSafeTokenGenerator($this->random, self::ENTROPY); + $this->generator = new UriSafeTokenGenerator(self::ENTROPY); } protected function tearDown() @@ -56,11 +55,6 @@ class UriSafeTokenGeneratorTest extends \PHPUnit_Framework_TestCase public function testGenerateToken() { - $this->random->expects($this->once()) - ->method('nextBytes') - ->with(self::ENTROPY / 8) - ->will($this->returnValue(self::$bytes)); - $token = $this->generator->generateToken(); $this->assertTrue(ctype_print($token), 'is printable'); diff --git a/Csrf/TokenGenerator/UriSafeTokenGenerator.php b/Csrf/TokenGenerator/UriSafeTokenGenerator.php index 31e82ee..432adf2 100644 --- a/Csrf/TokenGenerator/UriSafeTokenGenerator.php +++ b/Csrf/TokenGenerator/UriSafeTokenGenerator.php @@ -12,7 +12,6 @@ namespace Symfony\Component\Security\Csrf\TokenGenerator; use Symfony\Component\Security\Core\Util\SecureRandomInterface; -use Symfony\Component\Security\Core\Util\SecureRandom; /** * Generates CSRF tokens. @@ -22,13 +21,6 @@ use Symfony\Component\Security\Core\Util\SecureRandom; class UriSafeTokenGenerator implements TokenGeneratorInterface { /** - * The generator for random values. - * - * @var SecureRandomInterface - */ - private $random; - - /** * The amount of entropy collected for each token (in bits). * * @var int @@ -38,15 +30,17 @@ class UriSafeTokenGenerator implements TokenGeneratorInterface /** * Generates URI-safe CSRF tokens. * - * @param SecureRandomInterface|null $random The random value generator used for - * generating entropy - * @param int $entropy The amount of entropy collected for - * each token (in bits) + * @param int $entropy The amount of entropy collected for each token (in bits) */ - public function __construct(SecureRandomInterface $random = null, $entropy = 256) + public function __construct($entropy = 256) { - $this->random = $random ?: new SecureRandom(); - $this->entropy = $entropy; + if ($entropy instanceof SecureRandomInterface || func_num_args() === 2) { + @trigger_error('The '.__METHOD__.' method now requires the entropy to be given as the first argument. The SecureRandomInterface will be removed in 3.0.', E_USER_DEPRECATED); + + $this->entropy = func_num_args() === 2 ? func_get_arg(1) : 256; + } else { + $this->entropy = $entropy; + } } /** @@ -57,7 +51,7 @@ class UriSafeTokenGenerator implements TokenGeneratorInterface // Generate an URI safe base64 encoded string that does not contain "+", // "/" or "=" which need to be URL encoded and make URLs unnecessarily // longer. - $bytes = $this->random->nextBytes($this->entropy / 8); + $bytes = random_bytes($this->entropy / 8); return rtrim(strtr(base64_encode($bytes), '+/', '-_'), '='); } diff --git a/Csrf/composer.json b/Csrf/composer.json index 2930e32..4afc7ca 100644 --- a/Csrf/composer.json +++ b/Csrf/composer.json @@ -17,10 +17,12 @@ ], "require": { "php": ">=5.3.9", - "symfony/security-core": "~2.4" + "symfony/polyfill-php56": "~1.0", + "symfony/polyfill-php70": "~1.0", + "symfony/security-core": "~2.4|~3.0.0" }, "require-dev": { - "symfony/http-foundation": "~2.1" + "symfony/http-foundation": "~2.1|~3.0.0" }, "suggest": { "symfony/http-foundation": "For using the class SessionTokenStorage." @@ -34,7 +36,7 @@ "minimum-stability": "dev", "extra": { "branch-alias": { - "dev-master": "2.7-dev" + "dev-master": "2.8-dev" } } } |