summaryrefslogtreecommitdiffstats
path: root/Http
diff options
context:
space:
mode:
Diffstat (limited to 'Http')
-rw-r--r--Http/RememberMe/TokenBasedRememberMeServices.php18
1 files changed, 1 insertions, 17 deletions
diff --git a/Http/RememberMe/TokenBasedRememberMeServices.php b/Http/RememberMe/TokenBasedRememberMeServices.php
index f3a39fe..6fd6bc4 100644
--- a/Http/RememberMe/TokenBasedRememberMeServices.php
+++ b/Http/RememberMe/TokenBasedRememberMeServices.php
@@ -54,7 +54,7 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user)));
}
- if (true !== $this->compareHashes($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) {
+ if (true !== StringUtils::equals($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) {
throw new AuthenticationException('The cookie\'s hash is invalid.');
}
@@ -66,22 +66,6 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
}
/**
- * Compares two hashes using a constant-time algorithm to avoid (remote)
- * timing attacks.
- *
- * This is the same implementation as used in the BasePasswordEncoder.
- *
- * @param string $hash1 The first hash
- * @param string $hash2 The second hash
- *
- * @return Boolean true if the two hashes are the same, false otherwise
- */
- private function compareHashes($hash1, $hash2)
- {
- return StringUtils::equals($hash1, $hash2);
- }
-
- /**
* {@inheritDoc}
*/
protected function onLoginSuccess(Request $request, Response $response, TokenInterface $token)
generated by cgit v1.1 at 2025-05-17 08:03:51 +0000