Merge pull request #447 from juliangut/move_identifier_generation

V5 - move token identifier generation

src/Grant/AbstractGrant.php

@@ -25,7 +25,6 @@ use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
 use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
 use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
-use League\OAuth2\Server\Utils\SecureKey;
 use OAuth2ServerExamples\Repositories\AuthCodeRepository;
 use Psr\Http\Message\ServerRequestInterface;
 
@@ -339,7 +338,7 @@ abstract class AbstractGrant implements GrantTypeInterface
         array $scopes = []
     ) {
         $accessToken = new AccessTokenEntity();
-        $accessToken->setIdentifier(SecureKey::generate());
+        $accessToken->setIdentifier($this->generateUniqueIdentifier());
         $accessToken->setExpiryDateTime((new \DateTime())->add($tokenTTL));
         $accessToken->setClient($client);
         $accessToken->setUserIdentifier($userIdentifier);
@@ -373,7 +372,7 @@ abstract class AbstractGrant implements GrantTypeInterface
         array $scopes = []
     ) {
         $authCode = new AuthCodeEntity();
-        $authCode->setIdentifier(SecureKey::generate());
+        $authCode->setIdentifier($this->generateUniqueIdentifier());
         $authCode->setExpiryDateTime((new \DateTime())->add($tokenTTL));
         $authCode->setClient($client);
         $authCode->setUserIdentifier($userIdentifier);
@@ -396,7 +395,7 @@ abstract class AbstractGrant implements GrantTypeInterface
     protected function issueRefreshToken(AccessTokenEntity $accessToken)
     {
         $refreshToken = new RefreshTokenEntity();
-        $refreshToken->setIdentifier(SecureKey::generate());
+        $refreshToken->setIdentifier($this->generateUniqueIdentifier());
         $refreshToken->setExpiryDateTime((new \DateTime())->add($this->refreshTokenTTL));
         $refreshToken->setAccessToken($accessToken);
 
@@ -405,6 +404,31 @@ abstract class AbstractGrant implements GrantTypeInterface
         return $refreshToken;
     }
 
+    /**
+     * Generate a new unique identifier
+     *
+     * @param int $length
+     *
+     * @return string
+     *
+     * @throws \League\OAuth2\Server\Exception\OAuthServerException
+     */
+    protected function generateUniqueIdentifier($length = 40)
+    {
+        try {
+            return bin2hex(random_bytes($length));
+            // @codeCoverageIgnoreStart
+        } catch (\TypeError $e) {
+            throw OAuthServerException::serverError('An unexpected error has occurred');
+        } catch (\Error $e) {
+            throw OAuthServerException::serverError('An unexpected error has occurred');
+        } catch (\Exception $e) {
+            // If you get this message, the CSPRNG failed hard.
+            throw OAuthServerException::serverError('Could not generate a random string');
+        }
+        // @codeCoverageIgnoreEnd
+    }
+
     /**
      * @inheritdoc
      */

tests/Grant/AbstractGrantTest.php

@@ -374,4 +374,15 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
 
         $grantMock->validateScopes($serverRequest, new ClientEntity());
     }
+
+    public function testGenerateUniqueIdentifier()
+    {
+        $grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
+
+        $abstractGrantReflection = new \ReflectionClass($grantMock);
+        $method = $abstractGrantReflection->getMethod('generateUniqueIdentifier');
+        $method->setAccessible(true);
+
+        $this->assertTrue(is_string($method->invoke($grantMock)));
+    }
 }

tests/Utils/SecureKeyTest.php

@@ -1,13 +0,0 @@
-<?php
-
-namespace LeagueTests\Utils;
-
-use League\OAuth2\Server\Utils\SecureKey;
-
-class SecureKeyTest extends \PHPUnit_Framework_TestCase
-{
-    public function testGenerate()
-    {
-        $this->assertTrue(is_string(SecureKey::generate()));
-    }
-}