Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-13 05:44:24 +00:00
Code Issues Actions Projects Releases Wiki Activity

simplify link generation of recover token

Browse Source
This commit is contained in:
Julien Fastré 2018-08-31 16:20:31 +02:00
parent 4be4ab3402
commit f6b6ec57bb
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Security/PasswordRecover/TokenManager.php
View File

@ -44,6 +44,8 @@ class TokenManager
const TIMESTAMP = 'ts'; const TIMESTAMP = 'ts';
const USERNAME_CANONICAL = 'u'; const USERNAME_CANONICAL = 'u';
const TOKEN_LENGTH = 24;
public function __construct($secret, LoggerInterface $logger) public function __construct($secret, LoggerInterface $logger)
{ {
$this->secret = $secret; $this->secret = $secret;
@ -52,7 +54,7 @@ class TokenManager
public function generate(User $user, \DateTimeInterface $expiration) public function generate(User $user, \DateTimeInterface $expiration)
{ {
$token = \random_bytes(32); $token = \random_bytes(self::TOKEN_LENGTH);
$username = $user->getUsernameCanonical(); $username = $user->getUsernameCanonical();
if (empty($username)) { if (empty($username)) {
@ -60,7 +62,7 @@ class TokenManager
} }
$timestamp = $expiration->getTimestamp(); $timestamp = $expiration->getTimestamp();
$hash = \hash('sha512', $token.$username.$timestamp.$this->secret); $hash = \hash('sha1', $token.$username.$timestamp.$this->secret);
return [ return [
self::HASH => $hash, self::HASH => $hash,
@ -72,7 +74,12 @@ class TokenManager
public function verify($hash, $token, User $user, $timestamp) public function verify($hash, $token, User $user, $timestamp)
{ {
$token = \hex2bin($token); $token = \hex2bin(\trim($token));
if (\strlen($token) !== self::TOKEN_LENGTH) {
return false;
}
$username = $user->getUsernameCanonical(); $username = $user->getUsernameCanonical();
$date = \DateTimeImmutable::createFromFormat('U', $timestamp); $date = \DateTimeImmutable::createFromFormat('U', $timestamp);
@ -84,7 +91,7 @@ class TokenManager
return false; return false;
} }
$expected = \hash('sha512', $token.$username.$timestamp.$this->secret); $expected = \hash('sha1', $token.$username.$timestamp.$this->secret);
if ($expected !== $hash) { if ($expected !== $hash) {
return false; return false;