Preserve entropy in TokenGenerator

jmclean · jmclean · commit 4a67cae8504c · 2013-01-21T08:36:10.000+11:00
base_convert loses precision on large inputs. Use URL-safe base64_encode instead.
diff --git a/Util/TokenGenerator.php b/Util/TokenGenerator.php
@@ -37,7 +37,7 @@ public function __construct(LoggerInterface $logger = null)
 
     public function generateToken()
     {
-        return base_convert(bin2hex($this->getRandomNumber()), 16, 36);
+        return rtrim(strtr(base64_encode($this->getRandomNumber()), '+/', '-_'), '=');
     }
 
     private function getRandomNumber()

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ public function __construct(LoggerInterface $logger = null)`
`37`	`37`
`38`	`38`	`public function generateToken()`
`39`	`39`	`{`
`40`		`- return base_convert(bin2hex($this->getRandomNumber()), 16, 36);`
	`40`	`+ return rtrim(strtr(base64_encode($this->getRandomNumber()), '+/', '-_'), '=');`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`private function getRandomNumber()`