Merge pull request #370 from michaelhogg/fix-bug-hmac-encoding

Fix bug: hash_hmac() should output raw binary data, not hexits
2025-05-31 14:12:07 +05:30 · 2015-09-04 08:36:33 +01:00
parent a9f61fd3ed d21374fb0b
commit c3457107ee
2 changed files with 9 additions and 2 deletions
--- a/src/TokenType/MAC.php
+++ b/src/TokenType/MAC.php
@@ -118,7 +118,14 @@ class MAC extends AbstractTokenType implements TokenTypeInterface
            $calculatedSignatureParts[] = $params->get('ext');
        }

-        $calculatedSignature = base64_encode(hash_hmac('sha256', implode("\n", $calculatedSignatureParts), $macKey));
+        $calculatedSignature = base64_encode(
+            hash_hmac(
+                'sha256',
+                implode("\n", $calculatedSignatureParts),
+                $macKey,
+                true  // raw_output: outputs raw binary data
+            )
+        );

        // Return the access token if the signature matches
        return ($this->hash_equals($calculatedSignature, $signature)) ? $accessToken : null;
--- a/tests/unit/TokenType/MacTest.php
+++ b/tests/unit/TokenType/MacTest.php
@@ -57,7 +57,7 @@ class MacTest extends \PHPUnit_Framework_TestCase
            $request->getPort(),
            'ext'
        ];
-        $calculatedSignature = base64_encode(hash_hmac('sha256', implode("\n", $calculatedSignatureParts), 'abcdef'));
+        $calculatedSignature = base64_encode(hash_hmac('sha256', implode("\n", $calculatedSignatureParts), 'abcdef', true));

        $request->headers->set('Authorization',  sprintf('MAC id="foo", nonce="foo", ts="%s", mac="%s", ext="ext"', $ts, $calculatedSignature));