From 901aab9deb27c15fdf92d7982e294dc63c7f8362 Mon Sep 17 00:00:00 2001 From: Joseph Deray Date: Tue, 11 Mar 2014 12:39:09 -0400 Subject: [PATCH 1/5] added the ability to change the algorithm used to generate the token strings --- src/League/OAuth2/Server/Util/SecureKey.php | 34 +++++++++++++++------ tests/util/SecureKeyTest.php | 17 +++++++++++ 2 files changed, 41 insertions(+), 10 deletions(-) diff --git a/src/League/OAuth2/Server/Util/SecureKey.php b/src/League/OAuth2/Server/Util/SecureKey.php index 8ff762c3..cd1fffd5 100644 --- a/src/League/OAuth2/Server/Util/SecureKey.php +++ b/src/League/OAuth2/Server/Util/SecureKey.php @@ -11,11 +11,16 @@ namespace League\OAuth2\Server\Util; +use League\OAuth2\Server\Util\KeyAlgorithm\DefaultAlgorithm; +use League\OAuth2\Server\Util\KeyAlgorithm\KeyAlgorithmInterface; + /** * SecureKey class */ class SecureKey { + protected static $algorithm; + /** * Generate a new unique code * @param integer $len Length of the generated code @@ -23,18 +28,27 @@ class SecureKey */ public static function make($len = 40) { - // We generate twice as many bytes here because we want to ensure we have - // enough after we base64 encode it to get the length we need because we - // take out the "/", "+", and "=" characters. - $bytes = openssl_random_pseudo_bytes($len * 2, $strong); + return self::getAlgorithm()->make($len); + } - // We want to stop execution if the key fails because, well, that is bad. - if ($bytes === false || $strong === false) { - // @codeCoverageIgnoreStart - throw new \Exception('Error Generating Key'); - // @codeCoverageIgnoreEnd + /** + * @param KeyAlgorithmInterface $algorithm + */ + public static function setAlgorithm(KeyAlgorithmInterface $algorithm) + { + self::$algorithm = $algorithm; + } + + /** + * @return KeyAlgorithmInterface + */ + public static function getAlgorithm() + { + if (!self::$algorithm) { + + self::$algorithm = new DefaultAlgorithm(); } - return substr(str_replace(array('/', '+', '='), '', base64_encode($bytes)), 0, $len); + return self::$algorithm; } } \ No newline at end of file diff --git a/tests/util/SecureKeyTest.php b/tests/util/SecureKeyTest.php index 3d60f6db..2ce8659e 100644 --- a/tests/util/SecureKeyTest.php +++ b/tests/util/SecureKeyTest.php @@ -12,4 +12,21 @@ class Secure_Key_test extends PHPUnit_Framework_TestCase $this->assertTrue($v1 !== $v2); $this->assertEquals(50, strlen($v3)); } + + public function test_make_with_different_algorithm() + { + $algorithm = $this->getMock('League\OAuth2\Server\Util\KeyAlgorithm\KeyAlgorithmInterface'); + + $result = 'dasdsdsaads'; + $algorithm + ->expects($this->once()) + ->method('make') + ->with(11) + ->will($this->returnValue($result)) + ; + + League\OAuth2\Server\Util\SecureKey::setAlgorithm($algorithm); + $this->assertSame($algorithm, League\OAuth2\Server\Util\SecureKey::getAlgorithm()); + $this->assertEquals($result, League\OAuth2\Server\Util\SecureKey::make(11)); + } } \ No newline at end of file From b12a1d84df218dafaca7ccedffd9efeb3b0bd73d Mon Sep 17 00:00:00 2001 From: Joseph Deray Date: Tue, 11 Mar 2014 12:41:21 -0400 Subject: [PATCH 2/5] added the ability to change the algorithm used to generate the token strings. added files missing in last commit --- .../Util/KeyAlgorithm/DefaultAlgorithm.php | 35 +++++++++++++++++++ .../KeyAlgorithm/KeyAlgorithmInterface.php | 15 ++++++++ .../key_algorithm/DefaultAlgorithmTest.php | 24 +++++++++++++ 3 files changed, 74 insertions(+) create mode 100644 src/League/OAuth2/Server/Util/KeyAlgorithm/DefaultAlgorithm.php create mode 100644 src/League/OAuth2/Server/Util/KeyAlgorithm/KeyAlgorithmInterface.php create mode 100644 tests/util/key_algorithm/DefaultAlgorithmTest.php diff --git a/src/League/OAuth2/Server/Util/KeyAlgorithm/DefaultAlgorithm.php b/src/League/OAuth2/Server/Util/KeyAlgorithm/DefaultAlgorithm.php new file mode 100644 index 00000000..9fc6c653 --- /dev/null +++ b/src/League/OAuth2/Server/Util/KeyAlgorithm/DefaultAlgorithm.php @@ -0,0 +1,35 @@ +make(); + $v2 = $algorithm->make(); + $v3 = $algorithm->make(50); + + $this->assertEquals(40, strlen($v1)); + $this->assertTrue($v1 !== $v2); + $this->assertEquals(50, strlen($v3)); + } +} \ No newline at end of file From cc1e78e1ff9b92f2399360c1bf4e3d6809503f37 Mon Sep 17 00:00:00 2001 From: Joseph Deray Date: Tue, 11 Mar 2014 12:42:26 -0400 Subject: [PATCH 3/5] removed unused use statement --- tests/util/key_algorithm/DefaultAlgorithmTest.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/util/key_algorithm/DefaultAlgorithmTest.php b/tests/util/key_algorithm/DefaultAlgorithmTest.php index 12edc152..2e78ea1b 100644 --- a/tests/util/key_algorithm/DefaultAlgorithmTest.php +++ b/tests/util/key_algorithm/DefaultAlgorithmTest.php @@ -6,8 +6,6 @@ * Time: 12:31 PM */ -use League\OAuth2\Server\Util\KeyAlgorithm\DefaultAlgorithm; - class Default_Algorithm_test extends PHPUnit_Framework_TestCase { public function test_make() From d7ddfe64526923095c4ecfd9ea71a7b4eadaebc1 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 6 Apr 2014 22:01:56 +0100 Subject: [PATCH 4/5] Updated docblock --- .../Server/Util/KeyAlgorithm/DefaultAlgorithm.php | 11 +++++++---- .../Util/KeyAlgorithm/KeyAlgorithmInterface.php | 13 ++++++++----- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/src/League/OAuth2/Server/Util/KeyAlgorithm/DefaultAlgorithm.php b/src/League/OAuth2/Server/Util/KeyAlgorithm/DefaultAlgorithm.php index 9fc6c653..de9aaff1 100644 --- a/src/League/OAuth2/Server/Util/KeyAlgorithm/DefaultAlgorithm.php +++ b/src/League/OAuth2/Server/Util/KeyAlgorithm/DefaultAlgorithm.php @@ -1,9 +1,12 @@ + * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @license http://mit-license.org/ + * @link http://github.com/php-loep/oauth2-server */ namespace League\OAuth2\Server\Util\KeyAlgorithm; diff --git a/src/League/OAuth2/Server/Util/KeyAlgorithm/KeyAlgorithmInterface.php b/src/League/OAuth2/Server/Util/KeyAlgorithm/KeyAlgorithmInterface.php index 09be531f..583daf71 100644 --- a/src/League/OAuth2/Server/Util/KeyAlgorithm/KeyAlgorithmInterface.php +++ b/src/League/OAuth2/Server/Util/KeyAlgorithm/KeyAlgorithmInterface.php @@ -1,9 +1,12 @@ + * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @license http://mit-license.org/ + * @link http://github.com/php-loep/oauth2-server */ namespace League\OAuth2\Server\Util\KeyAlgorithm; @@ -12,4 +15,4 @@ namespace League\OAuth2\Server\Util\KeyAlgorithm; interface KeyAlgorithmInterface { public function make($len = 40); -} \ No newline at end of file +} \ No newline at end of file From fcc1388aeb3fdf0556751b518c0cc77d453aa054 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 6 Apr 2014 22:04:12 +0100 Subject: [PATCH 5/5] Updated change log and version number --- CHANGELOG.md | 4 ++++ composer.json | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 468f1426..af06df1d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 3.2 (released 2014-04-16) + +* Added the ability to change the algorithm that is used to generate the token strings (Issue #151) + ## 3.1.2 (released 2014-02-26) * Support Authorization being an environment variable. [See more](http://fortrabbit.com/docs/essentials/quirks-and-constraints#authorization-header) diff --git a/composer.json b/composer.json index f16fd43a..ae7a8170 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { "name": "league/oauth2-server", "description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.", - "version": "3.1.2", + "version": "3.2", "license": "MIT", "require": { "php": ">=5.4.0"