Skip to content

Commit aa9dfbd

Browse files
mcfedrmcfedr
committed
Use random_bytes from php7 for a reliable and secure random number generator
- Included backwards compatibility - Dont ruin the good random with md5
1 parent d923b94 commit aa9dfbd

File tree

3 files changed

+5
-4
lines changed

3 files changed

+5
-4
lines changed

composer.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,8 @@
4242
"symfony/http-foundation": "~3.2",
4343
"symfony/http-kernel": "~3.2",
4444
"symfony/security": "~3.2",
45-
"symfony/validator": "~3.2"
45+
"symfony/validator": "~3.2",
46+
"paragonie/random_compat": "^2.0"
4647
},
4748
"require-dev": {
4849
"doctrine/data-fixtures": "~1.0",

src/ResponseType/CodeResponseTypeHandler.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ public function handle(Request $request)
4848
$codeManager = $this->modelManagerFactory->getModelManager('code');
4949
$class = $codeManager->getClassName();
5050
$code = new $class();
51-
$code->setCode(md5(openssl_random_pseudo_bytes(256)))
51+
$code->setCode(bin2hex(random_bytes(127)))
5252
->setClientId($clientId)
5353
->setUsername($username)
5454
->setRedirectUri($redirectUri)

src/TokenType/BearerTokenTypeHandler.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,7 @@ public function createAccessToken(
7575
$accessTokenManager = $this->modelManagerFactory->getModelManager('access_token');
7676
$class = $accessTokenManager->getClassName();
7777
$accessToken = new $class();
78-
$accessToken->setAccessToken(md5(openssl_random_pseudo_bytes(256)))
78+
$accessToken->setAccessToken(bin2hex(random_bytes(127)))
7979
->setTokenType('bearer')
8080
->setClientId($clientId)
8181
->setUsername($username)
@@ -101,7 +101,7 @@ public function createAccessToken(
101101
$refreshTokenManager = $this->modelManagerFactory->getModelManager('refresh_token');
102102
$class = $refreshTokenManager->getClassName();
103103
$refreshToken = new $class();
104-
$refreshToken->setRefreshToken(md5(openssl_random_pseudo_bytes(256)))
104+
$refreshToken->setRefreshToken(bin2hex(random_bytes(127)))
105105
->setClientId($clientId)
106106
->setUsername($username)
107107
->setExpires(new \DateTime('+1 days'))

0 commit comments

Comments
 (0)