Merge pull request #9179 from TheFRedFox/fix/rsa_sha1

Oauth: Fix bug in default creation of nonce values
cakephp · Jul 27, 2016 · 9e9979d · 9e9979d
2 parents 8d33d02 + 823bf26
commit 9e9979d
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/Network/Http/Auth/Oauth.php b/src/Network/Http/Auth/Oauth.php
@@ -127,7 +127,7 @@ protected function _plaintext($request, $credentials)
      */
     protected function _hmacSha1($request, $credentials)
     {
-        $nonce = isset($credentials['nonce']) ? $credentials['nonce'] : Security::randomBytes(16);
+        $nonce = isset($credentials['nonce']) ? $credentials['nonce'] : bin2hex(Security::randomBytes(16));
         $timestamp = isset($credentials['timestamp']) ? $credentials['timestamp'] : time();
         $values = [
             'oauth_version' => '1.0',
@@ -170,7 +170,7 @@ protected function _rsaSha1($request, $credentials)
             throw new \RuntimeException('RSA-SHA1 signature method requires the OpenSSL extension.');
         }
 
-        $nonce = isset($credentials['nonce']) ? $credentials['nonce'] : Security::randomBytes(16);
+        $nonce = isset($credentials['nonce']) ? $credentials['nonce'] : bin2hex(Security::randomBytes(16));
         $timestamp = isset($credentials['timestamp']) ? $credentials['timestamp'] : time();
         $values = [
             'oauth_version' => '1.0',