Development

- Added check in `CsrfToken` class to ensure that IV generation is strong and secure.
- Minor optimisations mostly related to PHPDocs and PHPStorm code-inspection.
This commit is contained in:
Simon Sessingø
2017-05-09 02:49:41 +02:00
parent 50e8926272
commit 8901e7c125
5 changed files with 20 additions and 8 deletions
+9 -1
View File
@@ -10,6 +10,7 @@ class CsrfToken
/**
* Generate random identifier for CSRF token
*
* @throws \RuntimeException
* @return string
*/
public static function generateToken()
@@ -18,7 +19,14 @@ class CsrfToken
return bin2hex(random_bytes(32));
}
return bin2hex(openssl_random_pseudo_bytes(32));
$isSourceStrong = false;
$random = openssl_random_pseudo_bytes(32, $isSourceStrong);
if ($isSourceStrong === false || $random === false) {
throw new \RuntimeException('IV generation failed');
}
return $random;
}
/**