Merge branch '6.2' into 6.3

nicolas-grekas · nicolas-grekas · commit 63d7b098c448 · 2023-07-05T10:41:27.000+02:00
* 6.2:
  cs fix
  [Messenger] Fix passing options set via tags to handler descriptors
  random_bytes length should be an int greater than 0
  enforce UTC timezone in test
  [DependencyInjection] Fix autocasting null env values to empty string
  Fix executable bit
  Fix executable bit
  Readme: Replace Stack Overflow with GitHub Discussions
  [DoctrineBridge] Remove outdated comment
  [DependencyInjection] Fix annotation
  [SecurityBundle] Do not translate `Bearer` header’s `error_description`
  [String] Fix Inflector for 'status'
  [DependencyInjection] Fix resource tracking for lazy services
  [EventDispatcher] [EventDispatcher] Throw exception when listener method cannot be resolved
diff --git a/Tests/TokenGenerator/UriSafeTokenGeneratorTest.php b/Tests/TokenGenerator/UriSafeTokenGeneratorTest.php
@@ -57,4 +57,28 @@ public function testGenerateToken()
         $this->assertStringNotMatchesFormat('%S/%S', $token, 'is URI safe');
         $this->assertStringNotMatchesFormat('%S=%S', $token, 'is URI safe');
     }
+
+    /**
+     * @dataProvider validDataProvider
+     */
+    public function testValidLength(int $entropy, int $length)
+    {
+        $generator = new UriSafeTokenGenerator($entropy);
+        $token = $generator->generateToken();
+        $this->assertSame($length, \strlen($token));
+    }
+
+    public static function validDataProvider(): \Iterator
+    {
+        yield [24, 4];
+        yield 'Float length' => [20, 3];
+    }
+
+    public function testInvalidLength()
+    {
+        $this->expectException(\InvalidArgumentException::class);
+        $this->expectExceptionMessage('Entropy should be greater than 7.');
+
+        new UriSafeTokenGenerator(7);
+    }
 }
diff --git a/TokenGenerator/UriSafeTokenGenerator.php b/TokenGenerator/UriSafeTokenGenerator.php
@@ -27,6 +27,10 @@ class UriSafeTokenGenerator implements TokenGeneratorInterface
      */
     public function __construct(int $entropy = 256)
     {
+        if ($entropy <= 7) {
+            throw new \InvalidArgumentException('Entropy should be greater than 7.');
+        }
+
         $this->entropy = $entropy;
     }
 
@@ -35,7 +39,7 @@ public function generateToken(): string
         // Generate an URI safe base64 encoded string that does not contain "+",
         // "/" or "=" which need to be URL encoded and make URLs unnecessarily
         // longer.
-        $bytes = random_bytes($this->entropy / 8);
+        $bytes = random_bytes(intdiv($this->entropy, 8));
 
         return rtrim(strtr(base64_encode($bytes), '+/', '-_'), '=');
     }

Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,10 @@ class UriSafeTokenGenerator implements TokenGeneratorInterface`
`27`	`27`	`*/`
`28`	`28`	`public function __construct(int $entropy = 256)`
`29`	`29`	`{`
	`30`	`+ if ($entropy <= 7) {`
	`31`	`+ throw new \InvalidArgumentException('Entropy should be greater than 7.');`
	`32`	`+ }`
	`33`	`+`
`30`	`34`	`$this->entropy = $entropy;`
`31`	`35`	`}`
`32`	`36`
`@@ -35,7 +39,7 @@ public function generateToken(): string`
`35`	`39`	`// Generate an URI safe base64 encoded string that does not contain "+",`
`36`	`40`	`// "/" or "=" which need to be URL encoded and make URLs unnecessarily`
`37`	`41`	`// longer.`
`38`		`- $bytes = random_bytes($this->entropy / 8);`
	`42`	`+ $bytes = random_bytes(intdiv($this->entropy, 8));`
`39`	`43`
`40`	`44`	`return rtrim(strtr(base64_encode($bytes), '+/', '-_'), '=');`
`41`	`45`	`}`