Merge pull request #70 from jrushlow/refactor/generator

jrushlow · web-flow · commit 771d67274a5c · 2020-03-19T06:31:35.000-04:00
fixed selector length
diff --git a/src/Generator/ResetPasswordRandomGenerator.php b/src/Generator/ResetPasswordRandomGenerator.php
@@ -20,13 +20,15 @@ class ResetPasswordRandomGenerator
 {
     /**
      * Original credit to Laravel's Str::random() method.
+     *
+     * String length is 20 characters
      */
-    public function getRandomAlphaNumStr(int $length): string
+    public function getRandomAlphaNumStr(): string
     {
         $string = '';
 
-        while (($len = \strlen($string)) < $length) {
-            $size = $length - $len;
+        while (($len = \strlen($string)) < 20) {
+            $size = 20 - $len;
 
             $bytes = \random_bytes($size);
 
diff --git a/src/Generator/ResetPasswordTokenGenerator.php b/src/Generator/ResetPasswordTokenGenerator.php
@@ -20,8 +20,6 @@
  */
 class ResetPasswordTokenGenerator
 {
-    private const RANDOM_STR_LENGTH = 20;
-
     /**
      * @var string Unique, random, cryptographically secure string
      */
@@ -47,10 +45,10 @@ public function __construct(string $signingKey, ResetPasswordRandomGenerator $ge
     public function createToken(\DateTimeInterface $expiresAt, $userId, string $verifier = null): ResetPasswordTokenComponents
     {
         if (null === $verifier) {
-            $verifier = $this->randomGenerator->getRandomAlphaNumStr(self::RANDOM_STR_LENGTH);
+            $verifier = $this->randomGenerator->getRandomAlphaNumStr();
         }
 
-        $selector = $this->randomGenerator->getRandomAlphaNumStr(self::RANDOM_STR_LENGTH);
+        $selector = $this->randomGenerator->getRandomAlphaNumStr();
 
         $encodedData = \json_encode([$verifier, $userId, $expiresAt->getTimestamp()]);
 
diff --git a/src/Model/ResetPasswordRequestTrait.php b/src/Model/ResetPasswordRequestTrait.php
@@ -18,7 +18,7 @@
 trait ResetPasswordRequestTrait
 {
     /**
-     * @ORM\Column(type="string", length=100)
+     * @ORM\Column(type="string", length=20)
      */
     private $selector;
 
diff --git a/src/ResetPasswordHelper.php b/src/ResetPasswordHelper.php
@@ -108,6 +108,10 @@ public function validateTokenAndFetchUser(string $fullToken): object
     {
         $this->resetPasswordCleaner->handleGarbageCollection();
 
+        if (40 !== \strlen($fullToken)) {
+            throw new InvalidResetPasswordTokenException();
+        }
+
         $resetRequest = $this->findResetPasswordRequest($fullToken);
 
         if (null === $resetRequest) {
diff --git a/tests/UnitTests/Generator/ResetPasswordRandomGeneratorTest.php b/tests/UnitTests/Generator/ResetPasswordRandomGeneratorTest.php
@@ -18,20 +18,20 @@
  */
 class ResetPasswordRandomGeneratorTest extends TestCase
 {
-    public function testIsProvidedLength(): void
+    public function testLengthIs20(): void
     {
         $generator = new ResetPasswordRandomGenerator();
-        $result = $generator->getRandomAlphaNumStr(100);
+        $result = $generator->getRandomAlphaNumStr();
 
-        self::assertSame(100, \strlen($result));
+        self::assertSame(20, \strlen($result));
     }
 
     public function testIsRandom(): void
     {
         $generator = new ResetPasswordRandomGenerator();
 
-        $resultA = $generator->getRandomAlphaNumStr(20);
-        $resultB = $generator->getRandomAlphaNumStr(20);
+        $resultA = $generator->getRandomAlphaNumStr();
+        $resultB = $generator->getRandomAlphaNumStr();
 
         self::assertNotSame($resultA, $resultB);
     }
diff --git a/tests/UnitTests/Generator/ResetPasswordTokenGeneratorTest.php b/tests/UnitTests/Generator/ResetPasswordTokenGeneratorTest.php
@@ -43,7 +43,6 @@ public function testSelectorGeneratedByRandomGenerator(): void
         $this->mockRandomGenerator
             ->expects($this->exactly(2))
             ->method('getRandomAlphaNumStr')
-            ->with(20)
         ;
 
         $generator = $this->getTokenGenerator();
diff --git a/tests/UnitTests/Model/ResetPasswordRequestTraitTest.php b/tests/UnitTests/Model/ResetPasswordRequestTraitTest.php
@@ -26,7 +26,7 @@ public function testIsCompatibleWithInterface(): void
 
     public function propertyDataProvider(): \Generator
     {
-        yield ['selector', '@ORM\Column(type="string", length=100)'];
+        yield ['selector', '@ORM\Column(type="string", length=20)'];
         yield ['hashedToken', '@ORM\Column(type="string", length=100)'];
         yield ['requestedAt', '@ORM\Column(type="datetime_immutable")'];
         yield ['expiresAt', '@ORM\Column(type="datetime_immutable")'];
diff --git a/tests/UnitTests/ResetPasswordHelperTest.php b/tests/UnitTests/ResetPasswordHelperTest.php
@@ -22,7 +22,7 @@
 
 /**
  * @author  Jesse Rushlow <jr@rushlow.dev>
- * @authot  Ryan Weaver   <ryan@symfonycasts.com>
+ * @author  Ryan Weaver   <ryan@symfonycasts.com>
  */
 class ResetPasswordHelperTest extends TestCase
 {
@@ -65,7 +65,7 @@ protected function setUp(): void
         $this->mockTokenGenerator = $this->createMock(ResetPasswordTokenGenerator::class);
         $this->mockCleaner = $this->createMock(ResetPasswordCleaner::class);
         $this->mockResetRequest = $this->createMock(ResetPasswordRequestInterface::class);
-        $this->randomToken = \bin2hex(\random_bytes(10));
+        $this->randomToken = \bin2hex(\random_bytes(20));
         $this->mockUser = new class() {};
     }
 
@@ -173,7 +173,7 @@ public function testRemoveResetRequestRetrievesTokenFromRepository(): void
         $this->mockRepo
             ->expects($this->once())
             ->method('findResetPasswordRequest')
-            ->with($this->randomToken)
+            ->with(\substr($this->randomToken, 0, 20))
             ->willReturn($this->mockResetRequest)
         ;
 
@@ -198,6 +198,14 @@ public function testRemoveResetRequestCallsRepositoryToRemoveResetRequestObject(
         $helper->removeResetRequest('1234');
     }
 
+    public function testExceptionThrownIfTokenLengthIsNotOfCorrectSize(): void
+    {
+        $this->expectException(InvalidResetPasswordTokenException::class);
+
+        $helper = $this->getPasswordResetHelper();
+        $helper->validateTokenAndFetchUser(\substr($this->randomToken, 0, 39));
+    }
+
     public function testExceptionIsThrownIfTokenNotFoundDuringValidation(): void
     {
         $this->mockRepo
@@ -209,7 +217,7 @@ public function testExceptionIsThrownIfTokenNotFoundDuringValidation(): void
         $this->expectException(InvalidResetPasswordTokenException::class);
 
         $helper = $this->getPasswordResetHelper();
-        $helper->validateTokenAndFetchUser('1234');
+        $helper->validateTokenAndFetchUser($this->randomToken);
     }
 
     public function testValidateTokenThrowsExceptionOnExpiredResetRequest(): void
@@ -223,7 +231,7 @@ public function testValidateTokenThrowsExceptionOnExpiredResetRequest(): void
         $this->mockRepo
             ->expects($this->once())
             ->method('findResetPasswordRequest')
-            ->with($this->randomToken)
+            ->with(\substr($this->randomToken, 0, 20))
             ->willReturn($this->mockResetRequest)
         ;
 
@@ -256,7 +264,7 @@ public function testValidateTokenFetchesUserIfTokenNotExpired(): void
         $this->mockRepo
             ->expects($this->once())
             ->method('findResetPasswordRequest')
-            ->with($this->randomToken)
+            ->with(\substr($this->randomToken, 0, 20))
             ->willReturn($this->mockResetRequest)
         ;
 

Original file line number	Diff line number	Diff line change
`@@ -20,8 +20,6 @@`
`20`	`20`	`*/`
`21`	`21`	`class ResetPasswordTokenGenerator`
`22`	`22`	`{`
`23`		`- private const RANDOM_STR_LENGTH = 20;`
`24`		`-`
`25`	`23`	`/**`
`26`	`24`	`* @var string Unique, random, cryptographically secure string`
`27`	`25`	`*/`
`@@ -47,10 +45,10 @@ public function __construct(string $signingKey, ResetPasswordRandomGenerator $ge`
`47`	`45`	`public function createToken(\DateTimeInterface $expiresAt, $userId, string $verifier = null): ResetPasswordTokenComponents`
`48`	`46`	`{`
`49`	`47`	`if (null === $verifier) {`
`50`		`- $verifier = $this->randomGenerator->getRandomAlphaNumStr(self::RANDOM_STR_LENGTH);`
	`48`	`+ $verifier = $this->randomGenerator->getRandomAlphaNumStr();`
`51`	`49`	`}`
`52`	`50`
`53`		`- $selector = $this->randomGenerator->getRandomAlphaNumStr(self::RANDOM_STR_LENGTH);`
	`51`	`+ $selector = $this->randomGenerator->getRandomAlphaNumStr();`
`54`	`52`
`55`	`53`	`$encodedData = \json_encode([$verifier, $userId, $expiresAt->getTimestamp()]);`
`56`	`54`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@`
`18`	`18`	`trait ResetPasswordRequestTrait`
`19`	`19`	`{`
`20`	`20`	`/**`
`21`		`- * @ORM\Column(type="string", length=100)`
	`21`	`+ * @ORM\Column(type="string", length=20)`
`22`	`22`	`*/`
`23`	`23`	`private $selector;`
`24`	`24`
Original file line number	Diff line number	Diff line change
`@@ -108,6 +108,10 @@ public function validateTokenAndFetchUser(string $fullToken): object`
`108`	`108`	`{`
`109`	`109`	`$this->resetPasswordCleaner->handleGarbageCollection();`
`110`	`110`
	`111`	`+ if (40 !== \strlen($fullToken)) {`
	`112`	`+ throw new InvalidResetPasswordTokenException();`
	`113`	`+ }`
	`114`	`+`
`111`	`115`	`$resetRequest = $this->findResetPasswordRequest($fullToken);`
`112`	`116`
`113`	`117`	`if (null === $resetRequest) {`
Original file line number	Diff line number	Diff line change
`@@ -18,20 +18,20 @@`
`18`	`18`	`*/`
`19`	`19`	`class ResetPasswordRandomGeneratorTest extends TestCase`
`20`	`20`	`{`
`21`		`- public function testIsProvidedLength(): void`
	`21`	`+ public function testLengthIs20(): void`
`22`	`22`	`{`
`23`	`23`	`$generator = new ResetPasswordRandomGenerator();`
`24`		`- $result = $generator->getRandomAlphaNumStr(100);`
	`24`	`+ $result = $generator->getRandomAlphaNumStr();`
`25`	`25`
`26`		`- self::assertSame(100, \strlen($result));`
	`26`	`+ self::assertSame(20, \strlen($result));`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`public function testIsRandom(): void`
`30`	`30`	`{`
`31`	`31`	`$generator = new ResetPasswordRandomGenerator();`
`32`	`32`
`33`		`- $resultA = $generator->getRandomAlphaNumStr(20);`
`34`		`- $resultB = $generator->getRandomAlphaNumStr(20);`
	`33`	`+ $resultA = $generator->getRandomAlphaNumStr();`
	`34`	`+ $resultB = $generator->getRandomAlphaNumStr();`
`35`	`35`
`36`	`36`	`self::assertNotSame($resultA, $resultB);`
`37`	`37`	`}`
Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,6 @@ public function testSelectorGeneratedByRandomGenerator(): void`
`43`	`43`	`$this->mockRandomGenerator`
`44`	`44`	`->expects($this->exactly(2))`
`45`	`45`	`->method('getRandomAlphaNumStr')`
`46`		`- ->with(20)`
`47`	`46`	`;`
`48`	`47`
`49`	`48`	`$generator = $this->getTokenGenerator();`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ public function testIsCompatibleWithInterface(): void`
`26`	`26`
`27`	`27`	`public function propertyDataProvider(): \Generator`
`28`	`28`	`{`
`29`		`- yield ['selector', '@ORM\Column(type="string", length=100)'];`
	`29`	`+ yield ['selector', '@ORM\Column(type="string", length=20)'];`
`30`	`30`	`yield ['hashedToken', '@ORM\Column(type="string", length=100)'];`
`31`	`31`	`yield ['requestedAt', '@ORM\Column(type="datetime_immutable")'];`
`32`	`32`	`yield ['expiresAt', '@ORM\Column(type="datetime_immutable")'];`