ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-01 08:23:03 +05:30
Code Issues Packages Projects Releases Wiki Activity

Fixed ordering so we only hash after base64 encoding

Browse Source
This commit is contained in:
Andrew Millington 2017-12-23 02:06:18 +00:00
parent f11e4c81cd
commit 1c36b70dab
No known key found for this signature in database
GPG Key ID: 815DE090877B53F3
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Grant/AuthCodeGrant.php
View File

@ -144,7 +144,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
case 'S256':
if (
hash_equals(
strtr(rtrim(base64_encode(hash('sha256', $codeVerifier)), '='), '+/', '-_'),
hash('sha256', strtr(rtrim(base64_encode($codeVerifier), '='), '+/', '-_')),
$authCodePayload->code_challenge
) === false
) {

2
tests/Grant/AuthCodeGrantTest.php
View File

@ -767,7 +767,7 @@ class AuthCodeGrantTest extends TestCase
'user_id' => 123,
'scopes' => ['foo'],
'redirect_uri' => 'http://foo/bar',
'code_challenge' => strtr(rtrim(base64_encode(hash('sha256', 'foobar')), '='), '+/', '-_'),
'code_challenge' => hash('sha256', strtr(rtrim(base64_encode('foobar'), '='), '+/', '-_')),
'code_challenge_method' => 'S256',
]
)