Replace OpenSSL with native CSPRNG for token generation #64

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

yann-eugone merged 1 commit into 4.x from bin2hex-token_generator

Dec 3, 2025

composer.json

-Original file line number
+Diff line change
@@ Expand Up / @@ -10,7 +10,6 @@ @@
         ],
         "require": {
             "php": "^8.1",
-            "ext-openssl": "*",
             "symfony/framework-bundle": "^6.4|^7.4|^8.0",
             "doctrine/common": "^3.0",
             "doctrine/orm": "^3.0",
@@ Expand Down @@

config/services.xml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -26,8 +26,8 @@
  
                <argument type="service" id="yokai_security_token.token_entity_repository"/>

            </service>

            <service id="yokai_security_token.open_ssl_token_generator"

                     class="Yokai\SecurityTokenBundle\Generator\OpenSslTokenGenerator"

            <service id="yokai_security_token.bin2hex_token_generator"

                     class="Yokai\SecurityTokenBundle\Generator\Bin2HexTokenGenerator"

                     public="false"/>

            <service id="yokai_security_token.default_information_guesser"

doc/2-configuration.md

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -20,7 +20,7 @@ Each token can have following options :
  
    Default values fallback to :

    - `generator` : [`yokai_security_token.open_ssl_token_generator`](../src/Generator/OpenSslTokenGenerator.php)

    - `generator` : [`yokai_security_token.bin2hex_token_generator`](../src/Generator/Bin2HexTokenGenerator.php)

    - `duration` : `+2 days`

    - `usages` : `1`

    - `keep` : `+1 month`

src/DependencyInjection/Configuration.php

-Original file line number
+Diff line change
@@ Expand Up / @@ -64,7 +64,7 @@ private function getTokensNode(): ArrayNodeDefinition @@
                 ->prototype('array')
                     ->children()
                         ->scalarNode('generator')
-                            ->defaultValue('yokai_security_token.open_ssl_token_generator')
+                            ->defaultValue('yokai_security_token.bin2hex_token_generator')
                         ->end()
                         ->scalarNode('duration')
                             ->defaultValue('+2 days')
@@ Expand Down @@

src/Generator/Bin2HexTokenGenerator.php

-Original file line number
+Diff line change
@@ -0,0 +1,30 @@
+    <?php
+    declare(strict_types=1);
+    namespace Yokai\SecurityTokenBundle\Generator;
+    /**
+     * This token generator is using `bin2hex` along with `random_bytes` to generate random token values.
+     *
+     * @author Yann Eugoné <eugone.yann@gmail.com>
+     */
+    final class Bin2HexTokenGenerator implements TokenGeneratorInterface
+    {
+        public function __construct(
+            /**
+             * @var int<1, max> The token length
+             */
+            private readonly int $length = 64,
+        ) {
+        }
+        public function generate(): string
+        {
+            $byteLength = (int)\ceil($this->length / 2);
+            \assert($byteLength >= 1);
+            $hex = \bin2hex(\random_bytes($byteLength));
+            return \substr($hex, 0, $this->length);
+        }
+    }

src/Generator/OpenSslTokenGenerator.php

This file was deleted.

tests/Generator/Bin2HexTokenGeneratorTest.php

-Original file line number
+Diff line change
@@ -0,0 +1,33 @@
+    <?php
+    declare(strict_types=1);
+    namespace Yokai\SecurityTokenBundle\Tests\Generator;
+    use PHPUnit\Framework\Attributes\DataProvider;
+    use Yokai\SecurityTokenBundle\Generator\Bin2HexTokenGenerator;
+    use PHPUnit\Framework\TestCase;
+    final class Bin2HexTokenGeneratorTest extends TestCase
+    {
+        #[DataProvider('length')]
+        public function test_it_generate_unique_token(int $length): void
+        {
+            $generator = new Bin2HexTokenGenerator($length);
+            $tokens = [];
+            for ($i = 1; $i <= 1000; $i++) {
+                $tokens[] = $value = $generator->generate();
+                self::assertSame($length, \mb_strlen($value));
+            }
+            self::assertSame(\array_unique($tokens), $tokens);
+        }
+        public static function length(): \Generator
+        {
+            yield [64];
+            yield [10];
+            yield [11];
+        }
+    }

tests/Generator/OpenSslTokenGeneratorTest.php

This file was deleted.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Replace OpenSSL with native CSPRNG for token generation #64

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Uh oh!

Uh oh!