summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRomain d'Alverny <rdalverny@gmail.com>2022-01-11 12:26:15 +0100
committerRomain d'Alverny <rdalverny@gmail.com>2022-01-11 12:26:15 +0100
commit5f2b708377aec4bc5f1d731dfbb50557552d0482 (patch)
tree7faecd8bb938368bdb5ce825f716b8935ea10898
parent2b3469a29cb78f07500ea929dfae97570235cd9c (diff)
downloadplanet-5f2b708377aec4bc5f1d731dfbb50557552d0482.tar
planet-5f2b708377aec4bc5f1d731dfbb50557552d0482.tar.gz
planet-5f2b708377aec4bc5f1d731dfbb50557552d0482.tar.bz2
planet-5f2b708377aec4bc5f1d731dfbb50557552d0482.tar.xz
planet-5f2b708377aec4bc5f1d731dfbb50557552d0482.zip
Remove unneeded polyfills
-rw-r--r--app/classes/Planet.php24
-rw-r--r--app/helpers.php41
-rw-r--r--tests/HelpersTest.php9
3 files changed, 3 insertions, 71 deletions
diff --git a/app/classes/Planet.php b/app/classes/Planet.php
index 5c6d7cf..d6007e5 100644
--- a/app/classes/Planet.php
+++ b/app/classes/Planet.php
@@ -75,29 +75,9 @@ class Planet
* @param string $supplied
* @return bool
*/
- public static function authenticateUser($known = '', $supplied = '')
+ public static function authenticateUser(string $known = '', string $supplied = '')
{
- // The hash_equals function was introduced in PHP 5.6.0. If it's not
- // existing in the current context (PHP version too old), and to ensure
- // compatibility with those old interpreters, we'll have to provide
- // an PHP implementation of this function.
- if (function_exists('hash_equals')) {
- return hash_equals($known, $supplied);
- }
-
- // Some implementation references can be found on the function comment.
- $knownLen = mb_strlen($known);
- if ($knownLen !== mb_strlen($supplied)) {
- return false;
- }
-
- // Ensure that all the characters are the same, and continue until the
- // end of the string even if an difference was found.
- for ($i = 0, $comparison = 0; $i < $knownLen; $i++) {
- $comparison |= ord($known[$i]) ^ ord($supplied[$i]);
- }
-
- return ($comparison === 0);
+ return hash_equals($known, $supplied);
}
/**
diff --git a/app/helpers.php b/app/helpers.php
index e943252..5f251e4 100644
--- a/app/helpers.php
+++ b/app/helpers.php
@@ -9,16 +9,6 @@
*/
function register_polyfills()
{
- if (!function_exists('hash_equals')) {
- function hash_equals($known_string, $user_string) {
- call_user_func_array('_hash_equals', func_get_args());
- }
- }
-
- if (!function_exists('random_bytes')) {
- // If this function does not exist, it will be exposed
- // automatically by paragonie/random_compat.
- }
}
register_polyfills();
@@ -97,34 +87,3 @@ function removeCustomFiles()
}
}
-/**
- * Compare two strings in a constant-time manner.
- *
- * It returns `true` if both strings are exactly the same
- * (same size and same value).
- *
- * @param string $known_string
- * @param string $user_string
- * @return bool
- */
-function _hash_equals($known_string = '', $user_string = '')
-{
- // In our case, it's not problematic if `$known_string`'s
- // size leaks, we will only compare password hashes and
- // CSRF tokens—their size is already somehow public.
- if (!is_string($known_string) || !is_string($user_string)
- || strlen($known_string) !== strlen($user_string)) {
- return false;
- }
-
- $ret = 0;
-
- // Do not stop the comparison when a difference is found,
- // always completely compare them.
- for ($i = 0; $i < strlen($known_string); $i++) {
- $ret |= (ord($known_string[$i]) ^ ord($user_string[$i]));
- }
-
- return !$ret;
-}
-
diff --git a/tests/HelpersTest.php b/tests/HelpersTest.php
index 141e604..d0dcdda 100644
--- a/tests/HelpersTest.php
+++ b/tests/HelpersTest.php
@@ -4,12 +4,5 @@ use PHPUnit\Framework\TestCase;
class HelpersTest extends TestCase
{
- function test_constant_time_compare()
- {
- $this->assertTrue(_hash_equals('abc', 'abc'));
- $this->assertFalse(_hash_equals('abc', 'ab'));
- $this->assertFalse(_hash_equals('ab', 'abc'));
- $this->assertFalse(_hash_equals('abcd', 'adbc'));
- $this->assertFalse(_hash_equals(0, 0));
- }
+
}