Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[Security] simplified code

  • Loading branch information...
commit 872647a8b2ffa18fd10a9908bc2cf03b6406f68a 1 parent 6d926c8
@fabpot fabpot authored
View
18 src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
@@ -54,7 +54,7 @@ protected function processAutoLoginCookie(array $cookieParts, Request $request)
throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user)));
}
- if (true !== $this->compareHashes($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) {
+ if (true !== StringUtils::equals($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) {
throw new AuthenticationException('The cookie\'s hash is invalid.');
}
@@ -66,22 +66,6 @@ protected function processAutoLoginCookie(array $cookieParts, Request $request)
}
/**
- * Compares two hashes using a constant-time algorithm to avoid (remote)
- * timing attacks.
- *
- * This is the same implementation as used in the BasePasswordEncoder.
- *
- * @param string $hash1 The first hash
- * @param string $hash2 The second hash
- *
- * @return Boolean true if the two hashes are the same, false otherwise
- */
- private function compareHashes($hash1, $hash2)
- {
- return StringUtils::equals($hash1, $hash2);
- }
-
- /**
* {@inheritDoc}
*/
protected function onLoginSuccess(Request $request, Response $response, TokenInterface $token)
Please sign in to comment.
Something went wrong with that request. Please try again.