|
|
@@ -15,6 +15,7 @@ namespace Cake\Network\Http\Auth;
|
|
|
|
|
|
use Cake\Core\Exception\Exception;
|
|
|
use Cake\Network\Http\Request;
|
|
|
+use Cake\Utility\Security;
|
|
|
|
|
|
/**
|
|
|
* Oauth 1 authentication strategy for Cake\Network\Http\Client
|
|
|
@@ -99,7 +100,7 @@ class Oauth
|
|
|
{
|
|
|
$values = [
|
|
|
'oauth_version' => '1.0',
|
|
|
- 'oauth_nonce' => uniqid(),
|
|
|
+ 'oauth_nonce' => Security::randomBytes(16),
|
|
|
'oauth_timestamp' => time(),
|
|
|
'oauth_signature_method' => 'PLAINTEXT',
|
|
|
'oauth_token' => $credentials['token'],
|
|
|
@@ -126,7 +127,7 @@ class Oauth
|
|
|
*/
|
|
|
protected function _hmacSha1($request, $credentials)
|
|
|
{
|
|
|
- $nonce = isset($credentials['nonce']) ? $credentials['nonce'] : uniqid();
|
|
|
+ $nonce = isset($credentials['nonce']) ? $credentials['nonce'] : Security::randomBytes(16);
|
|
|
$timestamp = isset($credentials['timestamp']) ? $credentials['timestamp'] : time();
|
|
|
$values = [
|
|
|
'oauth_version' => '1.0',
|
|
|
@@ -166,7 +167,7 @@ class Oauth
|
|
|
throw new \RuntimeException('RSA-SHA1 signature method requires the OpenSSL extension.');
|
|
|
}
|
|
|
|
|
|
- $nonce = isset($credentials['nonce']) ? $credentials['nonce'] : uniqid();
|
|
|
+ $nonce = isset($credentials['nonce']) ? $credentials['nonce'] : Security::randomBytes(16);
|
|
|
$timestamp = isset($credentials['timestamp']) ? $credentials['timestamp'] : time();
|
|
|
$values = [
|
|
|
'oauth_version' => '1.0',
|
Frederik Bauer