ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-02 00:43:11 +05:30
Code Issues Packages Projects Releases Wiki Activity

Don’t pad and shuffle the payload if an encryption key has been set

Browse Source
This commit is contained in:
Alex Bilbie 2017-07-01 16:37:53 +01:00
parent e123fe82d0
commit 0706d66c76
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/Grant/AuthCodeGrant.php
View File

@ -320,15 +320,20 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
'expire_time' => (new \DateTime())->add($this->authCodeTTL)->format('U'), 'expire_time' => (new \DateTime())->add($this->authCodeTTL)->format('U'),
'code_challenge' => $authorizationRequest->getCodeChallenge(), 'code_challenge' => $authorizationRequest->getCodeChallenge(),
'code_challenge_method ' => $authorizationRequest->getCodeChallengeMethod(), 'code_challenge_method ' => $authorizationRequest->getCodeChallengeMethod(),
'_padding' => base64_encode(random_bytes(mt_rand(8, 256)))
]; ];
// Shuffle the payload so that the structure is no longer know and obvious if ($this->encryptionKey === null) {
$keys = array_keys($payload); // Add padding to vary the length of the payload
shuffle($keys); $payload['_padding'] = base64_encode(random_bytes(mt_rand(8, 256)));
$shuffledPayload = []; // Shuffle the payload so that the structure is no longer know and obvious
foreach ($keys as $key) { $keys = array_keys($payload);
$shuffledPayload[$key] = $payload[$key]; shuffle($keys);
$shuffledPayload = [];
foreach ($keys as $key) {
$shuffledPayload[$key] = $payload[$key];
}
} else {
$shuffledPayload = $payload;
} }
$response = new RedirectResponse(); $response = new RedirectResponse();