Skip to content

Commit 2ae86c3

Browse files
committed
Merge branch '1.3.x'
Conflicts: Changelog.md Util/TokenGenerator.php composer.json
2 parents c62c727 + c50192d commit 2ae86c3

File tree

4 files changed

+7
-61
lines changed

4 files changed

+7
-61
lines changed

Changelog.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,10 @@ Changelog
5555
* [BC break] Changed Datetime properties of default User entity that were nullable to default to null when no value supplied.
5656
* [BC break] Updated schema.xml for Propel BaseUser class to allow nullable and typehint accordingly.
5757

58+
### 1.3.8 (xxxx-xx-xx)
59+
60+
* Use `random_bytes` to generate tokens
61+
5862
### 1.3.7 (2016-11-22)
5963

6064
* Fixed some yaml errors in translation files

Resources/config/util.xml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,7 @@
1414
<argument type="service" id="request_stack" />
1515
</service>
1616

17-
<service id="fos_user.util.token_generator.default" class="FOS\UserBundle\Util\TokenGenerator" public="false">
18-
<argument type="service" id="logger" on-invalid="ignore" />
19-
</service>
17+
<service id="fos_user.util.token_generator.default" class="FOS\UserBundle\Util\TokenGenerator" public="false" />
2018

2119
<service id="fos_user.util.password_updater" class="FOS\UserBundle\Util\PasswordUpdater" public="false">
2220
<argument type="service" id="security.encoder_factory" />

Util/TokenGenerator.php

Lines changed: 1 addition & 58 deletions
Original file line numberDiff line numberDiff line change
@@ -11,70 +11,13 @@
1111

1212
namespace FOS\UserBundle\Util;
1313

14-
use Psr\Log\LoggerInterface;
15-
1614
class TokenGenerator implements TokenGeneratorInterface
1715
{
18-
/**
19-
* @var LoggerInterface
20-
*/
21-
private $logger;
22-
23-
/**
24-
* @var bool
25-
*/
26-
private $useOpenSsl;
27-
28-
/**
29-
* TokenGenerator constructor.
30-
*
31-
* @param LoggerInterface|null $logger
32-
*/
33-
public function __construct(LoggerInterface $logger = null)
34-
{
35-
$this->logger = $logger;
36-
37-
// determine whether to use OpenSSL
38-
if (defined('PHP_WINDOWS_VERSION_BUILD') && version_compare(PHP_VERSION, '5.3.4', '<')) {
39-
$this->useOpenSsl = false;
40-
} elseif (!function_exists('openssl_random_pseudo_bytes')) {
41-
if (null !== $this->logger) {
42-
$this->logger->notice('It is recommended that you enable the "openssl" extension for random number generation.');
43-
}
44-
$this->useOpenSsl = false;
45-
} else {
46-
$this->useOpenSsl = true;
47-
}
48-
}
49-
5016
/**
5117
* {@inheritdoc}
5218
*/
5319
public function generateToken()
5420
{
55-
return rtrim(strtr(base64_encode($this->getRandomNumber()), '+/', '-_'), '=');
56-
}
57-
58-
/**
59-
* @return string
60-
*/
61-
private function getRandomNumber()
62-
{
63-
$nbBytes = 32;
64-
65-
// try OpenSSL
66-
if ($this->useOpenSsl) {
67-
$bytes = openssl_random_pseudo_bytes($nbBytes, $strong);
68-
69-
if (false !== $bytes && true === $strong) {
70-
return $bytes;
71-
}
72-
73-
if (null !== $this->logger) {
74-
$this->logger->info('OpenSSL did not produce a secure random number.');
75-
}
76-
}
77-
78-
return hash('sha256', uniqid(mt_rand(), true), true);
21+
return rtrim(strtr(base64_encode(random_bytes(32)), '+/', '-_'), '=');
7922
}
8023
}

composer.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
],
2222
"require": {
2323
"php": "^5.5.9 || ^7.0",
24+
"paragonie/random_compat": "^1 || ^2",
2425
"symfony/form": "^2.7 || ^3.0",
2526
"symfony/framework-bundle": "^2.7 || ^3.0",
2627
"symfony/security-bundle": "^2.7 || ^3.0",

0 commit comments

Comments
 (0)