Skip to content
Permalink
Browse files

Make use of Security::salt() instead of Configure::read('Security.sal…

…t');
  • Loading branch information...
librasoft
librasoft committed Sep 9, 2014
1 parent c50a9d8 commit dfe77997960f69a82161bce7e97c7984a86da57f
@@ -130,7 +130,7 @@ public function __construct(ComponentRegistry $collection, array $config = array
parent::__construct($collection, $config);
if (!$this->_config['key']) {
$this->config('key', Configure::read('Security.salt'));
$this->config('key', Security::salt());
}
$controller = $collection->getController();
@@ -345,7 +345,7 @@ protected function _validatePost(Controller $controller) {
$controller->request->here(),
serialize($fieldList),
$unlocked,
Configure::read('Security.salt')
Security::salt()
);
$check = Security::hash(implode('', $hashParts), 'sha1');
return ($token === $check);
@@ -17,6 +17,7 @@
use Cake\Core\Configure;
use Cake\Log\Log;
use Cake\Utility\Hash;
use Cake\Utility\Security;
use Cake\Utility\String;
use Exception;
use InvalidArgumentException;
@@ -838,7 +839,7 @@ public static function getType($var) {
* @return void
*/
public static function checkSecurityKeys() {
if (Configure::read('Security.salt') === '__SALT__') {
if (Security::salt() === '__SALT__') {
trigger_error(sprintf('Please change the value of %s in %s to a salt value specific to your application.', '\'Security.salt\'', 'ROOT/config/app.php'), E_USER_NOTICE);
}
}
@@ -497,7 +497,7 @@ public function secure(array $fields = array(), array $secureAttributes = array(
$this->_lastAction,
serialize($fields),
$unlocked,
Configure::read('Security.salt')
Security::salt()
);
$fields = Security::hash(implode('', $hashParts), 'sha1');
@@ -232,7 +232,7 @@ public function testPluginModel() {
$PluginModel = TableRegistry::get('TestPlugin.AuthUsers');
$user['id'] = 1;
$user['username'] = 'gwoo';
$user['password'] = password_hash(Configure::read('Security.salt') . 'cake', PASSWORD_BCRYPT);
$user['password'] = password_hash(Security::salt() . 'cake', PASSWORD_BCRYPT);
$PluginModel->save(new Entity($user));
$this->auth->config('userModel', 'TestPlugin.AuthUsers');
@@ -17,6 +17,7 @@
use Cake\Auth\WeakPasswordHasher;
use Cake\Core\Configure;
use Cake\TestSuite\TestCase;
use Cake\Utility\Security;
/**
* Test case for WeakPasswordHasher
@@ -32,7 +33,7 @@ class WeakPasswordHasherTest extends TestCase {
public function setUp() {
parent::setUp();
Configure::write('Security.salt', 'YJfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi');
Security::salt('YJfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi');
}
/**
@@ -61,7 +61,7 @@ class AuthComponentTest extends TestCase {
public function setUp() {
parent::setUp();
Configure::write('Security.salt', 'YJfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi');
Security::salt('YJfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi');
Configure::write('App.namespace', 'TestApp');
Router::scope('/', function($routes) {
@@ -146,7 +146,7 @@ public function setUp() {
$this->Controller->Security->config('blackHoleCallback', 'fail');
$this->Security = $this->Controller->Security;
$this->Security->session = $session;
Configure::write('Security.salt', 'foo!');
Security::salt('foo!');
}
/**
@@ -659,7 +659,7 @@ public function testValidatePostDisabledFieldsInData() {
$this->Controller->Security->startup($event);
$unlocked = 'Model.username';
$fields = array('Model.hidden', 'Model.password');
$fields = urlencode(Security::hash('/articles/index' . serialize($fields) . $unlocked . Configure::read('Security.salt')));
$fields = urlencode(Security::hash('/articles/index' . serialize($fields) . $unlocked . Security::salt()));
$this->Controller->request->data = array(
'Model' => array(
@@ -683,7 +683,7 @@ public function testValidatePostFailNoDisabled() {
$event = new Event('Controller.startup', $this->Controller);
$this->Controller->Security->startup($event);
$fields = array('Model.hidden', 'Model.password', 'Model.username');
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
$fields = urlencode(Security::hash(serialize($fields) . Security::salt()));
$this->Controller->request->data = array(
'Model' => array(
@@ -708,7 +708,7 @@ public function testValidatePostFailDisabledFieldTampering() {
$this->Controller->Security->startup($event);
$unlocked = 'Model.username';
$fields = array('Model.hidden', 'Model.password');
$fields = urlencode(Security::hash(serialize($fields) . $unlocked . Configure::read('Security.salt')));
$fields = urlencode(Security::hash(serialize($fields) . $unlocked . Security::salt()));
// Tamper the values.
$unlocked = 'Model.username|Model.password';
@@ -829,7 +829,7 @@ public function testValidateNestedNumericSets() {
$this->Controller->Security->startup($event);
$unlocked = '';
$hashFields = array('TaxonomyData');
$fields = urlencode(Security::hash('/articles/index' . serialize($hashFields) . $unlocked . Configure::read('Security.salt')));
$fields = urlencode(Security::hash('/articles/index' . serialize($hashFields) . $unlocked . Security::salt()));
$this->Controller->request->data = array(
'TaxonomyData' => array(
@@ -174,7 +174,7 @@ public function setUp() {
]
];
Configure::write('Security.salt', 'foo!');
Security::salt('foo!');
Router::connect('/:controller', array('action' => 'index'));
Router::connect('/:controller/:action/*');
}
@@ -837,7 +837,7 @@ public function testFormSecurityFields() {
$this->Form->request->params['_Token'] = 'testKey';
$result = $this->Form->secure($fields);
$hash = Security::hash(serialize($fields) . Configure::read('Security.salt'));
$hash = Security::hash(serialize($fields) . Security::salt());
$hash .= ':' . 'Model.valid';
$hash = urlencode($hash);
@@ -5539,7 +5539,7 @@ public function testPostLinkSecurityHash() {
'/posts/delete/1' .
serialize(array()) .
'' .
Configure::read('Security.salt')
Security::salt()
);
$hash .= '%3A';
$this->Form->request->params['_Token']['key'] = 'test';

0 comments on commit dfe7799

Please sign in to comment.
You can’t perform that action at this time.