Merge pull request #546 from johnnoel/randomstatefix

shadowhand · web-flow · commit 01f955b85040 · 2016-07-28T08:20:43.000-05:00
Change AbstractProvider getRandomState to only return alphanumeric states
diff --git a/src/Provider/AbstractProvider.php b/src/Provider/AbstractProvider.php
@@ -27,6 +27,7 @@
 use Psr\Http\Message\RequestInterface;
 use Psr\Http\Message\ResponseInterface;
 use RandomLib\Factory as RandomFactory;
+use RandomLib\Generator as RandomGenerator;
 use UnexpectedValueException;
 
 /**
@@ -302,7 +303,7 @@ protected function getRandomState($length = 32)
             ->getRandomFactory()
             ->getMediumStrengthGenerator();
 
-        return $generator->generateString($length);
+        return $generator->generateString($length, RandomGenerator::CHAR_ALNUM);
     }
 
     /**
@@ -358,7 +359,7 @@ protected function getAuthorizationParameters(array $options)
         $options['client_id'] = $this->clientId;
         $options['redirect_uri'] = $this->redirectUri;
         $options['state'] = $this->state;
-        
+
         return $options;
     }
 
diff --git a/test/src/Provider/AbstractProviderTest.php b/test/src/Provider/AbstractProviderTest.php
@@ -64,7 +64,7 @@ public function testAuthorizationUrlStateParam()
             'state' => 'XXX'
         ]));
     }
-    
+
     /**
      * Tests https://github.com/thephpleague/oauth2-client/pull/485
      */
@@ -75,7 +75,7 @@ public function testCustomAuthorizationUrlOptions()
         ]);
         $query = parse_url($url, PHP_URL_QUERY);
         $this->assertNotEmpty($query);
-        
+
         parse_str($query, $params);
         $this->assertArrayHasKey('foo', $params);
         $this->assertSame('BAR', $params['foo']);
@@ -307,7 +307,7 @@ public function testRandomGeneratorCreatesRandomState()
         $xstate = str_repeat('x', 32);
 
         $generator = m::mock(RandomGenerator::class);
-        $generator->shouldReceive('generateString')->with(32)->times(1)->andReturn($xstate);
+        $generator->shouldReceive('generateString')->with(32, 7)->times(1)->andReturn($xstate);
 
         $factory = m::mock(RandomFactory::class);
         $factory->shouldReceive('getMediumStrengthGenerator')->times(1)->andReturn($generator);
