Replace OpenSSL token generator with bin2hex + random_bytes PHP native functions (#64)

Author: yann-eugone

composer.json

@@ -10,7 +10,6 @@
     ],
     "require": {
         "php": "^8.1",
-        "ext-openssl": "*",
         "symfony/framework-bundle": "^6.4|^7.4|^8.0",
         "doctrine/common": "^3.0",
         "doctrine/orm": "^3.0",

config/services.xml

@@ -26,8 +26,8 @@
             <argument type="service" id="yokai_security_token.token_entity_repository"/>
         </service>
 
-        <service id="yokai_security_token.open_ssl_token_generator"
-                 class="Yokai\SecurityTokenBundle\Generator\OpenSslTokenGenerator"
+        <service id="yokai_security_token.bin2hex_token_generator"
+                 class="Yokai\SecurityTokenBundle\Generator\Bin2HexTokenGenerator"
                  public="false"/>
 
         <service id="yokai_security_token.default_information_guesser"

doc/2-configuration.md

@@ -20,7 +20,7 @@ Each token can have following options :
 
 Default values fallback to :
 
-- `generator` : [`yokai_security_token.open_ssl_token_generator`](../src/Generator/OpenSslTokenGenerator.php)
+- `generator` : [`yokai_security_token.bin2hex_token_generator`](../src/Generator/Bin2HexTokenGenerator.php)
 - `duration` : `+2 days`
 - `usages` : `1`
 - `keep` : `+1 month`

src/DependencyInjection/Configuration.php

@@ -64,7 +64,7 @@ private function getTokensNode(): ArrayNodeDefinition
             ->prototype('array')
                 ->children()
                     ->scalarNode('generator')
-                        ->defaultValue('yokai_security_token.open_ssl_token_generator')
+                        ->defaultValue('yokai_security_token.bin2hex_token_generator')
                     ->end()
                     ->scalarNode('duration')
                         ->defaultValue('+2 days')

src/Generator/Bin2HexTokenGenerator.php

@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Yokai\SecurityTokenBundle\Generator;
+
+/**
+ * This token generator is using `bin2hex` along with `random_bytes` to generate random token values.
+ *
+ * @author Yann Eugoné <[email protected]>
+ */
+final class Bin2HexTokenGenerator implements TokenGeneratorInterface
+{
+    public function __construct(
+        /**
+         * @var int<1, max> The token length
+         */
+        private readonly int $length = 64,
+    ) {
+    }
+
+    public function generate(): string
+    {
+        $byteLength = (int)\ceil($this->length / 2);
+        \assert($byteLength >= 1);
+        $hex = \bin2hex(\random_bytes($byteLength));
+
+        return \substr($hex, 0, $this->length);
+    }
+}

src/Generator/OpenSslTokenGenerator.php

@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Yokai\SecurityTokenBundle\Tests\Generator;
+
+use PHPUnit\Framework\Attributes\DataProvider;
+use Yokai\SecurityTokenBundle\Generator\Bin2HexTokenGenerator;
+use PHPUnit\Framework\TestCase;
+
+final class Bin2HexTokenGeneratorTest extends TestCase
+{
+    #[DataProvider('length')]
+    public function test_it_generate_unique_token(int $length): void
+    {
+        $generator = new Bin2HexTokenGenerator($length);
+
+        $tokens = [];
+        for ($i = 1; $i <= 1000; $i++) {
+            $tokens[] = $value = $generator->generate();
+            self::assertSame($length, \mb_strlen($value));
+        }
+
+        self::assertSame(\array_unique($tokens), $tokens);
+    }
+
+    public static function length(): \Generator
+    {
+        yield [64];
+        yield [10];
+        yield [11];
+    }
+}