Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 44a1d43

Browse files
pierreduppierredup
committed
Deprecate the SecureRandom class
1 parent 00dffe7 commit 44a1d43

File tree

15 files changed

+31
-35
lines changed

15 files changed

+31
-35
lines changed

composer.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,8 @@
2020
"doctrine/common": "~2.4",
2121
"twig/twig": "~1.20|~2.0",
2222
"psr/log": "~1.0",
23-
"symfony/security-acl": "~2.7"
23+
"symfony/security-acl": "~2.7",
24+
"paragonie/random_compat": "~1.0"
2425
},
2526
"replace": {
2627
"symfony/asset": "self.version",

src/Symfony/Bundle/FrameworkBundle/Resources/config/security_csrf.xml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,6 @@
1212

1313
<services>
1414
<service id="security.csrf.token_generator" class="%security.csrf.token_generator.class%" public="false">
15-
<argument type="service" id="security.secure_random" />
1615
</service>
1716

1817
<service id="security.csrf.token_storage" class="%security.csrf.token_storage.class%" public="false">

src/Symfony/Bundle/SecurityBundle/Command/UserPasswordEncoderCommand.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -164,6 +164,6 @@ private function createPasswordQuestion()
164164

165165
private function generateSalt()
166166
{
167-
return base64_encode($this->getContainer()->get('security.secure_random')->nextBytes(30));
167+
return base64_encode(random_bytes(30));
168168
}
169169
}

src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.xml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,6 @@
4646
class="%security.authentication.rememberme.services.persistent.class%"
4747
parent="security.authentication.rememberme.services.abstract"
4848
abstract="true">
49-
<argument type="service" id="security.secure_random" />
5049
</service>
5150

5251
<service id="security.authentication.rememberme.services.simplehash"

src/Symfony/Component/Security/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ CHANGELOG
1212
`Symfony\Component\Security\Http\Authentication\SimpleFormAuthenticatorInterface` instead
1313
* deprecated `Symfony\Component\Security\Core\Util\ClassUtils`, use
1414
`Symfony\Component\Security\Acl\Util\ClassUtils` instead
15+
* deprecated `Symfony\Component\Security\Core\Util\SecureRandom` class in favour of the `random_bytes` function
1516
* deprecated `supportsAttribute()` and `supportsClass()` methods of
1617
`Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface` and
1718
`Symfony\Component\Security\Core\Authorization\Voter\VoterInterface`.

src/Symfony/Component/Security/Core/Tests/Util/SecureRandomTest.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,9 @@
1313

1414
use Symfony\Component\Security\Core\Util\SecureRandom;
1515

16+
/**
17+
* @group legacy
18+
*/
1619
class SecureRandomTest extends \PHPUnit_Framework_TestCase
1720
{
1821
/**

src/Symfony/Component/Security/Core/Util/SecureRandom.php

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,13 +11,17 @@
1111

1212
namespace Symfony\Component\Security\Core\Util;
1313

14+
@trigger_error('The '.__NAMESPACE__.'\SecureRandom class is deprecated since version 2.8 and will be removed in 3.0. Use the random_bytes function instead.', E_USER_DEPRECATED);
15+
1416
use Psr\Log\LoggerInterface;
1517

1618
/**
1719
* A secure random number generator implementation.
1820
*
1921
* @author Fabien Potencier <[email protected]>
2022
* @author Johannes M. Schmitt <[email protected]>
23+
*
24+
* @deprecated since version 2.8, to be removed in 3.0. Use the random_bytes function instead
2125
*/
2226
final class SecureRandom implements SecureRandomInterface
2327
{
@@ -43,7 +47,7 @@ public function __construct($seedFile = null, LoggerInterface $logger = null)
4347
$this->logger = $logger;
4448

4549
// determine whether to use OpenSSL
46-
if (!function_exists('random_bytes') && !function_exists('openssl_random_pseudo_bytes')) {
50+
if (!function_exists('random_bytes') || !function_exists('openssl_random_pseudo_bytes')) {
4751
if (null !== $this->logger) {
4852
$this->logger->notice('It is recommended that you install the "paragonie/random_compat" library or enable the "openssl" extension for random number generation.');
4953
}

src/Symfony/Component/Security/Core/composer.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,8 @@
3535
"symfony/validator": "For using the user password constraint",
3636
"symfony/expression-language": "For using the expression voter",
3737
"symfony/ldap": "For using LDAP integration",
38-
"ircmaxell/password-compat": "For using the BCrypt password encoder in PHP <5.5"
38+
"ircmaxell/password-compat": "For using the BCrypt password encoder in PHP <5.5",
39+
"paragonie/random_compat": "For secure random number generation in PHP 5.x"
3940
},
4041
"autoload": {
4142
"psr-4": { "Symfony\\Component\\Security\\Core\\": "" }

src/Symfony/Component/Security/Csrf/Tests/TokenGenerator/UriSafeTokenGeneratorTest.php

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -44,8 +44,7 @@ public static function setUpBeforeClass()
4444

4545
protected function setUp()
4646
{
47-
$this->random = $this->getMock('Symfony\Component\Security\Core\Util\SecureRandomInterface');
48-
$this->generator = new UriSafeTokenGenerator($this->random, self::ENTROPY);
47+
$this->generator = new UriSafeTokenGenerator(null, self::ENTROPY);
4948
}
5049

5150
protected function tearDown()
@@ -56,11 +55,6 @@ protected function tearDown()
5655

5756
public function testGenerateToken()
5857
{
59-
$this->random->expects($this->once())
60-
->method('nextBytes')
61-
->with(self::ENTROPY / 8)
62-
->will($this->returnValue(self::$bytes));
63-
6458
$token = $this->generator->generateToken();
6559

6660
$this->assertTrue(ctype_print($token), 'is printable');

src/Symfony/Component/Security/Csrf/TokenGenerator/UriSafeTokenGenerator.php

Lines changed: 3 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,6 @@
1212
namespace Symfony\Component\Security\Csrf\TokenGenerator;
1313

1414
use Symfony\Component\Security\Core\Util\SecureRandomInterface;
15-
use Symfony\Component\Security\Core\Util\SecureRandom;
1615

1716
/**
1817
* Generates CSRF tokens.
@@ -23,13 +22,6 @@
2322
*/
2423
class UriSafeTokenGenerator implements TokenGeneratorInterface
2524
{
26-
/**
27-
* The generator for random values.
28-
*
29-
* @var SecureRandomInterface
30-
*/
31-
private $random;
32-
3325
/**
3426
* The amount of entropy collected for each token (in bits).
3527
*
@@ -40,14 +32,15 @@ class UriSafeTokenGenerator implements TokenGeneratorInterface
4032
/**
4133
* Generates URI-safe CSRF tokens.
4234
*
35+
* Note: The $random parameter is deprecated since version 2.8 and will be removed in 3.0.
36+
*
4337
* @param SecureRandomInterface|null $random The random value generator used for
4438
* generating entropy
4539
* @param int $entropy The amount of entropy collected for
4640
* each token (in bits)
4741
*/
4842
public function __construct(SecureRandomInterface $random = null, $entropy = 256)
4943
{
50-
$this->random = $random ?: new SecureRandom();
5144
$this->entropy = $entropy;
5245
}
5346

@@ -59,7 +52,7 @@ public function generateToken()
5952
// Generate an URI safe base64 encoded string that does not contain "+",
6053
// "/" or "=" which need to be URL encoded and make URLs unnecessarily
6154
// longer.
62-
$bytes = $this->random->nextBytes($this->entropy / 8);
55+
$bytes = random_bytes($this->entropy / 8);
6356

6457
return rtrim(strtr(base64_encode($bytes), '+/', '-_'), '=');
6558
}

0 commit comments

Comments
 (0)