diff options
Diffstat (limited to 'Http/RememberMe/PersistentTokenBasedRememberMeServices.php')
| -rw-r--r-- | Http/RememberMe/PersistentTokenBasedRememberMeServices.php | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php index cbbbb23..807a4a7 100644 --- a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php +++ b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php @@ -21,7 +21,6 @@ use Symfony\Component\Security\Core\Authentication\RememberMe\PersistentToken; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Util\SecureRandomInterface; use Psr\Log\LoggerInterface; -use Symfony\Component\Security\Core\Util\StringUtils; /** * Concrete implementation of the RememberMeServicesInterface which needs @@ -33,23 +32,26 @@ use Symfony\Component\Security\Core\Util\StringUtils; class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices { private $tokenProvider; - private $secureRandom; /** * Constructor. * + * Note: The $secureRandom parameter is deprecated since version 2.8 and will be removed in 3.0. + * * @param array $userProviders - * @param string $key + * @param string $secret * @param string $providerKey * @param array $options * @param LoggerInterface $logger * @param SecureRandomInterface $secureRandom */ - public function __construct(array $userProviders, $key, $providerKey, array $options, LoggerInterface $logger = null, SecureRandomInterface $secureRandom) + public function __construct(array $userProviders, $secret, $providerKey, array $options = array(), LoggerInterface $logger = null, SecureRandomInterface $secureRandom = null) { - parent::__construct($userProviders, $key, $providerKey, $options, $logger); + if (null !== $secureRandom) { + @trigger_error('The $secureRandom parameter in '.__METHOD__.' is deprecated since version 2.8 and will be removed in 3.0.', E_USER_DEPRECATED); + } - $this->secureRandom = $secureRandom; + parent::__construct($userProviders, $secret, $providerKey, $options, $logger); } /** @@ -91,7 +93,7 @@ class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices list($series, $tokenValue) = $cookieParts; $persistentToken = $this->tokenProvider->loadTokenBySeries($series); - if (!StringUtils::equals($persistentToken->getTokenValue(), $tokenValue)) { + if (!hash_equals($persistentToken->getTokenValue(), $tokenValue)) { throw new CookieTheftException('This token was already used. The account is possibly compromised.'); } @@ -99,7 +101,7 @@ class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices throw new AuthenticationException('The cookie has expired.'); } - $tokenValue = base64_encode($this->secureRandom->nextBytes(64)); + $tokenValue = base64_encode(random_bytes(64)); $this->tokenProvider->updateToken($series, $tokenValue, new \DateTime()); $request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie( @@ -121,8 +123,8 @@ class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices */ protected function onLoginSuccess(Request $request, Response $response, TokenInterface $token) { - $series = base64_encode($this->secureRandom->nextBytes(64)); - $tokenValue = base64_encode($this->secureRandom->nextBytes(64)); + $series = base64_encode(random_bytes(64)); + $tokenValue = base64_encode(random_bytes(64)); $this->tokenProvider->createNewToken( new PersistentToken( |