1 files changed, 32 insertions, 42 deletions

diff --git a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
index 351ad03..f2a0249 100644
--- a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
+++ b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
@@ -28,7 +28,7 @@ use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
  *
  * @author Johannes M. Schmitt <schmittjoh@gmail.com>
  */
-class PersistentTokenBasedRememberMeServices extends RememberMeServices
+class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices
 {
     private $tokenProvider;
 
@@ -80,9 +80,22 @@ class PersistentTokenBasedRememberMeServices extends RememberMeServices
             throw new AuthenticationException('The cookie has expired.');
         }
 
-        $user = $this->getUserProvider($persistentToken->getClass())->loadUserByUsername($persistentToken->getUsername());
+        $series = $persistentToken->getSeries();
+        $tokenValue = $this->generateRandomValue();
+        $this->tokenProvider->updateToken($series, $tokenValue, new \DateTime());
+        $request->attributes->set(self::COOKIE_ATTR_NAME,
+            new Cookie(
+                $this->options['name'],
+                $this->encodeCookie(array($series, $tokenValue)),
+                time() + $this->options['lifetime'],
+                $this->options['path'],
+                $this->options['domain'],
+                $this->options['secure'],
+                $this->options['httponly']
+            )
+        );
 
-        return new RememberMeToken($user, $this->providerKey, $this->key, $persistentToken);
+        return $this->getUserProvider($persistentToken->getClass())->loadUserByUsername($persistentToken->getUsername());
     }
 
     /**
@@ -90,34 +103,23 @@ class PersistentTokenBasedRememberMeServices extends RememberMeServices
      */
     protected function onLoginSuccess(Request $request, Response $response, TokenInterface $token)
     {
-        if ($token instanceof RememberMeToken) {
-            if (null === $persistentToken = $token->getPersistentToken()) {
-                throw new \RuntimeException('RememberMeToken must contain a PersistentTokenInterface implementation when used as login.');
-            }
-
-            $series = $persistentToken->getSeries();
-            $tokenValue = $this->generateRandomValue();
-
-            $this->tokenProvider->updateToken($series, $tokenValue, new \DateTime());
-        } else {
-            $series = $this->generateRandomValue();
-            $tokenValue = $this->generateRandomValue();
-
-            $this->tokenProvider->createNewToken(
-                new PersistentToken(
-                    get_class($user = $token->getUser()),
-                    $user->getUsername(),
-                    $series,
-                    $tokenValue,
-                    new \DateTime()
-                )
-            );
-        }
+        $series = $this->generateRandomValue();
+        $tokenValue = $this->generateRandomValue();
+
+        $this->tokenProvider->createNewToken(
+            new PersistentToken(
+                get_class($user = $token->getUser()),
+                $user->getUsername(),
+                $series,
+                $tokenValue,
+                new \DateTime()
+            )
+        );
 
         $response->headers->setCookie(
             new Cookie(
                 $this->options['name'],
-                $this->generateCookieValue($series, $tokenValue),
+                $this->encodeCookie(array($series, $tokenValue)),
                 time() + $this->options['lifetime'],
                 $this->options['path'],
                 $this->options['domain'],
@@ -128,18 +130,6 @@ class PersistentTokenBasedRememberMeServices extends RememberMeServices
     }
 
     /**
-     * Generates the value for the cookie
-     *
-     * @param string $series
-     * @param string $tokenValue
-     * @return string
-     */
-    protected function generateCookieValue($series, $tokenValue)
-    {
-        return $this->encodeCookie(array($series, $tokenValue));
-    }
-
-    /**
      * Generates a cryptographically strong random value
      *
      * @return string
@@ -147,7 +137,7 @@ class PersistentTokenBasedRememberMeServices extends RememberMeServices
     protected function generateRandomValue()
     {
         if (function_exists('openssl_random_pseudo_bytes')) {
-            $bytes = openssl_random_pseudo_bytes(32, $strong);
+            $bytes = openssl_random_pseudo_bytes(64, $strong);
 
             if (true === $strong && false !== $bytes) {
                 return base64_encode($bytes);
@@ -158,6 +148,6 @@ class PersistentTokenBasedRememberMeServices extends RememberMeServices
             $this->logger->warn('Could not produce a cryptographically strong random value. Please install/update the OpenSSL extension.');
         }
 
-        return base64_encode(hash('sha256', uniqid(mt_rand(), true), true));
+        return base64_encode(hash('sha512', uniqid(mt_rand(), true), true));
     }
-}
+}
\ No newline at end of file