Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Phalcon\Security improvements #11647

Merged
merged 1 commit into from
Apr 13, 2016
Merged

Phalcon\Security improvements #11647

merged 1 commit into from
Apr 13, 2016

Conversation

makerlabs
Copy link
Contributor

  • Phalcon\Security is using now Phalcon\Security\Random
  • Enforced that Phalcon\Security::getToken() and Phalcon\Security::getTokenKey() return a random value per request not per call
  • Phalcon\Security::getToken() and Phalcon\Security::getTokenKey() are using now Phalcon\Security::_numberBytes instead of passed as a argument or hardcoded value
  • Phalcon\Security::hash() corrected not working CRYPT_STD_DES, CRYPT_EXT_DES, MD5, CRYPT_SHA256
  • Phalcon\Security::hash() CRYPT_SHA512 fixed wrong salt length
  • Added missing unit-tests for Phalcon\Security

@sergeyklay sergeyklay added this to the 2.1.0 milestone Apr 9, 2016
@sergeyklay sergeyklay added the enhancement Enhancement to the framework label Apr 9, 2016
@sergeyklay
Copy link
Contributor

@makerlabs Could you please rebase?

@makerlabs makerlabs force-pushed the security-improvements branch from c67238c to a6bd4f0 Compare April 11, 2016 11:03
@makerlabs
Copy link
Contributor Author

@sergeyklay Ive done the rebase the only conflict was the changelog file but on PHP 5.4 travis is reporting a failed test in FileTest.php:

There was 1 failure:
---------
1) Test logger adapter file rollback FileTest.php
Failed asserting that two strings are equal.--- Expected
+++ Actual
@@ @@
-'[Mon, 11 Apr 16 11:11:39 +0000][DEBUG] Hello
+'[Mon, 11 Apr 16 11:11:38 +0000][DEBUG] Hello
 '
#1  Codeception\Module\Filesystem->seeFileContentsEqual
#2  /home/travis/build/phalcon/cphalcon/tests/_support/_generated/UnitTesterActions.php:858
#3  /home/travis/build/phalcon/cphalcon/tests/unit/Logger/Adapter/FileTest.php:886
#4  Phalcon\Test\Unit\Logger\Adapter\FileTest->Phalcon\Test\Unit\Logger\Adapter\{closure}
#5  /home/travis/build/phalcon/cphalcon/tests/unit/Logger/Adapter/FileTest.php:889
#6  Phalcon\Test\Unit\Logger\Adapter\FileTest->testLoggerAdapterFileRollback

@Jurigag
Copy link
Contributor

Jurigag commented Apr 11, 2016

Try to close and reopen it.

@makerlabs makerlabs closed this Apr 11, 2016
@makerlabs makerlabs reopened this Apr 11, 2016
@makerlabs
Copy link
Contributor Author

@Jurigag thx it works now

@makerlabs
- Phalcon\Security is using now Phalcon\Security\Random
1a2a9e5 
- Enforced that Phalcon\Security::getToken() and Phalcon\Security::getTokenKey() return a random value per request not per call
- Phalcon\Security::getToken() and Phalcon\Security::getTokenKey() are using now Phalcon\Security::_numberBytes instead of passed as a argument or hardcoded value
- Phalcon\Security::hash() corrected not working CRYPT_STD_DES, CRYPT_EXT_DES, MD5, CRYPT_SHA256
- Phalcon\Security::hash() CRYPT_SHA512 fixed wrong salt length
- Added missing unit-tests for Phalcon\Security
@makerlabs makerlabs force-pushed the security-improvements branch from a6bd4f0 to 1a2a9e5 Compare April 13, 2016 14:54
@makerlabs
Copy link
Contributor Author

@sergeyklay rebased

@sergeyklay sergeyklay merged commit c0cdc8a into phalcon:2.1.x Apr 13, 2016
@sergeyklay
Copy link
Contributor

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement Enhancement to the framework
Projects
None yet
Milestone
3.0.0
Development

Successfully merging this pull request may close these issues.
3 participants
@makerlabs @sergeyklay @Jurigag