-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #7900 from NeverResponse/random-token-generator
[Security] Improved randomness of tokens generation
- Loading branch information
Showing
17 changed files
with
330 additions
and
152 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
77 changes: 0 additions & 77 deletions
77
src/Sylius/Component/Core/TokenAssigner/UniqueTokenGenerator.php
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
83 changes: 83 additions & 0 deletions
83
src/Sylius/Component/Resource/Generator/RandomnessGenerator.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Sylius package. | ||
* | ||
* (c) Paweł Jędrzejewski | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Sylius\Component\Resource\Generator; | ||
|
||
/** | ||
* @author Jan Góralski <jan.goralski@lakion.com> | ||
*/ | ||
final class RandomnessGenerator implements RandomnessGeneratorInterface | ||
{ | ||
/** | ||
* @var string | ||
*/ | ||
private $uriSafeAlphabet; | ||
|
||
/** | ||
* @var string | ||
*/ | ||
private $digits; | ||
|
||
public function __construct() | ||
{ | ||
$this->digits = implode(range(0, 9)); | ||
|
||
$this->uriSafeAlphabet = | ||
implode(range(0, 9)) | ||
.implode(range('a', 'z')) | ||
.implode(range('A', 'Z')) | ||
.implode(['-', '_', '~', '.']) | ||
; | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function generateUriSafeString($length) | ||
{ | ||
return $this->generateStringOfLength($length, $this->uriSafeAlphabet); | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function generateNumeric($length) | ||
{ | ||
return $this->generateStringOfLength($length, $this->digits); | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function generateInt($min, $max) | ||
{ | ||
return random_int($min, $max); | ||
} | ||
|
||
/** | ||
* @param int $length | ||
* @param string $alphabet | ||
* | ||
* @return string | ||
*/ | ||
private function generateStringOfLength($length, $alphabet) | ||
{ | ||
$alphabetMaxIndex = strlen($alphabet) - 1; | ||
$randomString = ''; | ||
|
||
for ($i = 0; $i < $length; ++$i) { | ||
$index = random_int(0, $alphabetMaxIndex); | ||
$randomString .= $alphabet[$index]; | ||
} | ||
|
||
return $randomString; | ||
} | ||
} |
40 changes: 40 additions & 0 deletions
40
src/Sylius/Component/Resource/Generator/RandomnessGeneratorInterface.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Sylius package. | ||
* | ||
* (c) Paweł Jędrzejewski | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Sylius\Component\Resource\Generator; | ||
|
||
/** | ||
* @author Jan Góralski <jan.goralski@lakion.com> | ||
*/ | ||
interface RandomnessGeneratorInterface | ||
{ | ||
/** | ||
* @param int $length | ||
* | ||
* @return string | ||
*/ | ||
public function generateUriSafeString($length); | ||
|
||
/** | ||
* @param int $length | ||
* | ||
* @return string | ||
*/ | ||
public function generateNumeric($length); | ||
|
||
/** | ||
* @param int $min | ||
* @param int $max | ||
* | ||
* @return int | ||
*/ | ||
public function generateInt($min, $max); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.