From 901aab9deb27c15fdf92d7982e294dc63c7f8362 Mon Sep 17 00:00:00 2001 From: Joseph Deray Date: Tue, 11 Mar 2014 12:39:09 -0400 Subject: [PATCH 1/3] added the ability to change the algorithm used to generate the token strings --- src/League/OAuth2/Server/Util/SecureKey.php | 34 +++++++++++++++------ tests/util/SecureKeyTest.php | 17 +++++++++++ 2 files changed, 41 insertions(+), 10 deletions(-) diff --git a/src/League/OAuth2/Server/Util/SecureKey.php b/src/League/OAuth2/Server/Util/SecureKey.php index 8ff762c3..cd1fffd5 100644 --- a/src/League/OAuth2/Server/Util/SecureKey.php +++ b/src/League/OAuth2/Server/Util/SecureKey.php @@ -11,11 +11,16 @@ namespace League\OAuth2\Server\Util; +use League\OAuth2\Server\Util\KeyAlgorithm\DefaultAlgorithm; +use League\OAuth2\Server\Util\KeyAlgorithm\KeyAlgorithmInterface; + /** * SecureKey class */ class SecureKey { + protected static $algorithm; + /** * Generate a new unique code * @param integer $len Length of the generated code @@ -23,18 +28,27 @@ class SecureKey */ public static function make($len = 40) { - // We generate twice as many bytes here because we want to ensure we have - // enough after we base64 encode it to get the length we need because we - // take out the "/", "+", and "=" characters. - $bytes = openssl_random_pseudo_bytes($len * 2, $strong); + return self::getAlgorithm()->make($len); + } - // We want to stop execution if the key fails because, well, that is bad. - if ($bytes === false || $strong === false) { - // @codeCoverageIgnoreStart - throw new \Exception('Error Generating Key'); - // @codeCoverageIgnoreEnd + /** + * @param KeyAlgorithmInterface $algorithm + */ + public static function setAlgorithm(KeyAlgorithmInterface $algorithm) + { + self::$algorithm = $algorithm; + } + + /** + * @return KeyAlgorithmInterface + */ + public static function getAlgorithm() + { + if (!self::$algorithm) { + + self::$algorithm = new DefaultAlgorithm(); } - return substr(str_replace(array('/', '+', '='), '', base64_encode($bytes)), 0, $len); + return self::$algorithm; } } \ No newline at end of file diff --git a/tests/util/SecureKeyTest.php b/tests/util/SecureKeyTest.php index 3d60f6db..2ce8659e 100644 --- a/tests/util/SecureKeyTest.php +++ b/tests/util/SecureKeyTest.php @@ -12,4 +12,21 @@ class Secure_Key_test extends PHPUnit_Framework_TestCase $this->assertTrue($v1 !== $v2); $this->assertEquals(50, strlen($v3)); } + + public function test_make_with_different_algorithm() + { + $algorithm = $this->getMock('League\OAuth2\Server\Util\KeyAlgorithm\KeyAlgorithmInterface'); + + $result = 'dasdsdsaads'; + $algorithm + ->expects($this->once()) + ->method('make') + ->with(11) + ->will($this->returnValue($result)) + ; + + League\OAuth2\Server\Util\SecureKey::setAlgorithm($algorithm); + $this->assertSame($algorithm, League\OAuth2\Server\Util\SecureKey::getAlgorithm()); + $this->assertEquals($result, League\OAuth2\Server\Util\SecureKey::make(11)); + } } \ No newline at end of file From b12a1d84df218dafaca7ccedffd9efeb3b0bd73d Mon Sep 17 00:00:00 2001 From: Joseph Deray Date: Tue, 11 Mar 2014 12:41:21 -0400 Subject: [PATCH 2/3] added the ability to change the algorithm used to generate the token strings. added files missing in last commit --- .../Util/KeyAlgorithm/DefaultAlgorithm.php | 35 +++++++++++++++++++ .../KeyAlgorithm/KeyAlgorithmInterface.php | 15 ++++++++ .../key_algorithm/DefaultAlgorithmTest.php | 24 +++++++++++++ 3 files changed, 74 insertions(+) create mode 100644 src/League/OAuth2/Server/Util/KeyAlgorithm/DefaultAlgorithm.php create mode 100644 src/League/OAuth2/Server/Util/KeyAlgorithm/KeyAlgorithmInterface.php create mode 100644 tests/util/key_algorithm/DefaultAlgorithmTest.php diff --git a/src/League/OAuth2/Server/Util/KeyAlgorithm/DefaultAlgorithm.php b/src/League/OAuth2/Server/Util/KeyAlgorithm/DefaultAlgorithm.php new file mode 100644 index 00000000..9fc6c653 --- /dev/null +++ b/src/League/OAuth2/Server/Util/KeyAlgorithm/DefaultAlgorithm.php @@ -0,0 +1,35 @@ +make(); + $v2 = $algorithm->make(); + $v3 = $algorithm->make(50); + + $this->assertEquals(40, strlen($v1)); + $this->assertTrue($v1 !== $v2); + $this->assertEquals(50, strlen($v3)); + } +} \ No newline at end of file From cc1e78e1ff9b92f2399360c1bf4e3d6809503f37 Mon Sep 17 00:00:00 2001 From: Joseph Deray Date: Tue, 11 Mar 2014 12:42:26 -0400 Subject: [PATCH 3/3] removed unused use statement --- tests/util/key_algorithm/DefaultAlgorithmTest.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/util/key_algorithm/DefaultAlgorithmTest.php b/tests/util/key_algorithm/DefaultAlgorithmTest.php index 12edc152..2e78ea1b 100644 --- a/tests/util/key_algorithm/DefaultAlgorithmTest.php +++ b/tests/util/key_algorithm/DefaultAlgorithmTest.php @@ -6,8 +6,6 @@ * Time: 12:31 PM */ -use League\OAuth2\Server\Util\KeyAlgorithm\DefaultAlgorithm; - class Default_Algorithm_test extends PHPUnit_Framework_TestCase { public function test_make()