Substitute random string generator by Randomlib

2025-10-17 23:13:15 +00:00 · 2014-02-28 02:41:14 +01:00
parent 85ddffd3b6
commit 92a4c35340
59 changed files with 308 additions and 222 deletions
--- a/lib/classes/API/OAuth2/Account.php
+++ b/lib/classes/API/OAuth2/Account.php
@@ -170,9 +170,9 @@ class API_OAuth2_Account
    {
        if (! $this->token) {
            try {
-                $this->token = new API_OAuth2_Token($this->app['phraseanet.appbox'], $this);
+                $this->token = new API_OAuth2_Token($this->app['phraseanet.appbox'], $this, $this->app['random.medium']);
            } catch (NotFoundHttpException $e) {
-                $this->token = API_OAuth2_Token::create($this->app['phraseanet.appbox'], $this);
+                $this->token = API_OAuth2_Token::create($this->app['phraseanet.appbox'], $this, $this->app['random.medium']);
            }
        }

--- a/lib/classes/API/OAuth2/Adapter.php
+++ b/lib/classes/API/OAuth2/Adapter.php
@@ -247,7 +247,7 @@ class API_OAuth2_Adapter extends OAuth2
    protected function setAccessToken($oauth_token, $account_id, $expires, $scope = NULL)
    {
        $account = new API_OAuth2_Account($this->app, $account_id);
-        $token = API_OAuth2_Token::create($this->app['phraseanet.appbox'], $account, $scope);
+        $token = API_OAuth2_Token::create($this->app['phraseanet.appbox'], $account, $this->app['random.medium'], $scope);
        $token->set_value($oauth_token)->set_expires($expires);

        return $this;
--- a/lib/classes/API/OAuth2/Application.php
+++ b/lib/classes/API/OAuth2/Application.php
@@ -605,9 +605,9 @@ class API_OAuth2_Application
                :client_secret, :activated, :grant_password
            )';

-        $nonce = random::generatePassword(6);
-        $client_secret = API_OAuth2_Token::generate_token();
-        $client_token = API_OAuth2_Token::generate_token();
+        $nonce = $app['random.medium']->generateString(64);
+        $client_secret = $app['random.medium']->generateString(32, \random::LETTERS_AND_NUMBERS);
+        $client_token = $app['random.medium']->generateString(32, \random::LETTERS_AND_NUMBERS);

        $params = [
            ':usr_id'         => $user ? $user->getId() : null,
--- a/lib/classes/API/OAuth2/Token.php
+++ b/lib/classes/API/OAuth2/Token.php
@@ -10,6 +10,7 @@
 */

 use Alchemy\Phrasea\Application;
+use RandomLib\Generator;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

 class API_OAuth2_Token
@@ -50,16 +51,19 @@ class API_OAuth2_Token
     */
    protected $scope;

+    private $generator;
+
    /**
     *
     * @param  appbox             $appbox
     * @param  API_OAuth2_Account $account
     * @return API_OAuth2_Token
     */
-    public function __construct(appbox $appbox, API_OAuth2_Account $account)
+    public function __construct(appbox $appbox, API_OAuth2_Account $account, Generator $generator)
    {
        $this->appbox = $appbox;
        $this->account = $account;
+        $this->generator = $generator;

        $sql = 'SELECT oauth_token, session_id, UNIX_TIMESTAMP(expires) as expires, scope
            FROM api_oauth_tokens
@@ -226,7 +230,7 @@ class API_OAuth2_Token
        $sql = 'UPDATE api_oauth_tokens SET oauth_token = :new_token
            WHERE oauth_token = :old_token';

-        $new_token = self::generate_token();
+        $new_token = $this->generator->generateString(32, \random::LETTERS_AND_NUMBERS);

        $params = [
            ':new_token' => $new_token
@@ -280,7 +284,7 @@ class API_OAuth2_Token
            throw new NotFoundHttpException('Account not found');
        }

-        return new self($app['phraseanet.appbox'], new API_OAuth2_Account($app, $row['api_account_id']));
+        return new self($app['phraseanet.appbox'], new API_OAuth2_Account($app, $row['api_account_id']), $app['random.medium']);
    }

    /**
@@ -290,7 +294,7 @@ class API_OAuth2_Token
     * @param  string             $scope
     * @return API_OAuth2_Token
     */
-    public static function create(appbox $appbox, API_OAuth2_Account $account, $scope = null)
+    public static function create(appbox $appbox, API_OAuth2_Account $account, Generator $generator, $scope = null)
    {
        $sql = 'INSERT INTO api_oauth_tokens
            (oauth_token, session_id, api_account_id, expires, scope)
@@ -299,7 +303,7 @@ class API_OAuth2_Token
        $expires = new \DateTime('+1 hour');

        $params = [
-            ':token'      => self::generate_token()
+            ':token'      => $generator->generateString(32, \random::LETTERS_AND_NUMBERS)
            , ':account_id' => $account->get_id()
            , ':expire'     => $expires->format(DATE_ISO8601)
            , ':scope'      => $scope
@@ -309,15 +313,6 @@ class API_OAuth2_Token
        $stmt->execute($params);
        $stmt->closeCursor();

-        return new API_OAuth2_Token($appbox, $account);
-    }
-
-    /**
-     *
-     * @return string
-     */
-    public static function generate_token()
-    {
-        return md5(base64_encode(pack('N6', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), uniqid())));
+        return new API_OAuth2_Token($appbox, $account, $generator);
    }
 }