Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change AbstractProvider getRandomState to only return alphanumeric states #546

Merged
merged 2 commits into from
Jul 28, 2016
Merged

Change AbstractProvider getRandomState to only return alphanumeric states #546

merged 2 commits into from
Jul 28, 2016

Conversation

johnnoel
Copy link
Contributor

@johnnoel johnnoel commented Jul 28, 2016
edited
Loading

Before, this was using the default character set for RandomLib/Generator's generateString which is the base 64 character set that includes "+" and "/". While "/" wasn't causing any problems, using "+" in a URL parameter (e.g. when the OAuth 2 server sends back the state in the query string), the "+" was getting interpreted as a space, which means when a straight string comparison to stored state was being done, it was returning false.

This changes getRandomState to use the Generator::CHAR_ALNUM constant as its character set which solves this problem.

johnnoel added 2 commits July 28, 2016 10:11
@johnnoel
getRandomState only returns alphanumeric states
4e2e4fc 
Before, this was using the default character set for
RandomLib/Generator's generateString which is the base 64 character set
that includes + and /. While / wasn't causing any problems, using + in a
URL parameters (e.g. when the OAuth 2 server sends back the state), the
+ was getting interpretted as a space, which means when a straight
string comparison to stored state was being done, it was returning
false.

This changes getRandomState to use the Generator::CHAR_ALNUM constant as
its character set which solves this problem.
@johnnoel
Update testRandomGeneratorCreatesRandomState test
c916abb 
Changes the Generator mock to expect a character set integer (in this
case 7 which is the Generator::CHAR_ALNUM constant).
@coveralls
Copy link

coveralls commented Jul 28, 2016
edited
Loading

Coverage Status

Coverage remained the same at 100.0% when pulling c916abb on johnnoel:randomstatefix into 46052b5 on thephpleague:master.

@shadowhand shadowhand merged commit 01f955b into thephpleague:master Jul 28, 2016
@shadowhand
Copy link
Member

Makes perfect sense. I'll consider this a hotfix. Released in 1.4.2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@johnnoel @coveralls @shadowhand