ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-01 16:33:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #828 from Sephster/master

Browse Source 
Fixed ordering so we only hash after base64 encoding
This commit is contained in:
Andrew Millington 2017-12-23 02:14:34 +00:00 committed by GitHub
commit 00138446b6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Grant/AuthCodeGrant.php
View File

@ -144,7 +144,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
case 'S256': case 'S256':
if ( if (
hash_equals( hash_equals(
strtr(rtrim(base64_encode(hash('sha256', $codeVerifier)), '='), '+/', '-_'), hash('sha256', strtr(rtrim(base64_encode($codeVerifier), '='), '+/', '-_')),
$authCodePayload->code_challenge $authCodePayload->code_challenge
) === false ) === false
) { ) {

2
tests/Grant/AuthCodeGrantTest.php
View File

@ -767,7 +767,7 @@ class AuthCodeGrantTest extends TestCase
'user_id' => 123, 'user_id' => 123,
'scopes' => ['foo'], 'scopes' => ['foo'],
'redirect_uri' => 'http://foo/bar', 'redirect_uri' => 'http://foo/bar',
'code_challenge' => strtr(rtrim(base64_encode(hash('sha256', 'foobar')), '='), '+/', '-_'), 'code_challenge' => hash('sha256', strtr(rtrim(base64_encode('foobar'), '='), '+/', '-_')),
'code_challenge_method' => 'S256', 'code_challenge_method' => 'S256',
] ]
) )