use random_bytes if available (bshaffer#834)

oittaa · bshaffer · commit ffb4632b90eb · 2017-09-14T09:55:04.000-07:00
diff --git a/src/OAuth2/ResponseType/AccessToken.php b/src/OAuth2/ResponseType/AccessToken.php
@@ -132,6 +132,12 @@ public function createAccessToken($client_id, $user_id, $scope = null, $includeR
      */
     protected function generateAccessToken()
     {
+        if (function_exists('random_bytes')) {
+            $randomData = random_bytes(20);
+            if ($randomData !== false && strlen($randomData) === 20) {
+                return bin2hex($randomData);
+            }
+        }
         if (function_exists('openssl_random_pseudo_bytes')) {
             $randomData = openssl_random_pseudo_bytes(20);
             if ($randomData !== false && strlen($randomData) === 20) {
@@ -209,4 +215,4 @@ public function revokeToken($token, $tokenTypeHint = null)
 
         return $revoked;
     }
-}
+}
diff --git a/src/OAuth2/ResponseType/AuthorizationCode.php b/src/OAuth2/ResponseType/AuthorizationCode.php
@@ -84,7 +84,9 @@ public function enforceRedirect()
     protected function generateAuthorizationCode()
     {
         $tokenLen = 40;
-        if (function_exists('openssl_random_pseudo_bytes')) {
+        if (function_exists('random_bytes')) {
+            $randomData = random_bytes(100);
+        } elseif (function_exists('openssl_random_pseudo_bytes')) {
             $randomData = openssl_random_pseudo_bytes(100);
         } elseif (function_exists('mcrypt_create_iv')) {
             $randomData = mcrypt_create_iv(100, MCRYPT_DEV_URANDOM);
