From: Gunnar Wrobel <p@rdus.de>
Date: Tue, 30 Nov 2010 05:05:00 +0000 (+0100)
Subject: Add the secret parameter to the token system.
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=0adff3f9ba4c6c4f48d68931d34b8d4120a577fc;p=horde.git

Add the secret parameter to the token system.
---

diff --git a/framework/Core/lib/Horde/Core/Factory/Token.php b/framework/Core/lib/Horde/Core/Factory/Token.php
index 8b1357750..149b41747 100644
--- a/framework/Core/lib/Horde/Core/Factory/Token.php
+++ b/framework/Core/lib/Horde/Core/Factory/Token.php
@@ -20,6 +20,7 @@ class Horde_Core_Factory_Token
             $driver = 'Null';
         }
 
+        $params['secret'] = $injector->getInstance('Horde_Secret')->setKey('token');
         $params['logger'] = $injector->getInstance('Horde_Log_Logger');
 
         $class = 'Horde_Token_' . ucfirst($driver);
diff --git a/framework/Token/lib/Horde/Token/Base.php b/framework/Token/lib/Horde/Token/Base.php
index 0b1a4102d..e711cebda 100644
--- a/framework/Token/lib/Horde/Token/Base.php
+++ b/framework/Token/lib/Horde/Token/Base.php
@@ -32,13 +32,20 @@ abstract class Horde_Token_Base
     /**
      * Constructor.
      *
-     * @param array $params  Optional parameters:
+     * @param array $params  Required parameters:
+     * <pre>
+     * 'secret' - (string) The secret string used for signing tokens.
+     * </pre>
+     * Optional parameters:
      * <pre>
      * 'logger' - (Horde_Log_Logger) A logger object.
      * </pre>
      */
     public function __construct($params)
     {
+        if (!isset($params['secret'])) {
+            throw new Horde_Token_Exception('Missing secret parameter.');
+        }
         if (isset($params['logger'])) {
             $this->_logger = $params['logger'];
             unset($params['logger']);
diff --git a/framework/Token/test/Horde/Token/Unit/FileTest.php b/framework/Token/test/Horde/Token/Unit/FileTest.php
index 9199d116f..e89888ebb 100644
--- a/framework/Token/test/Horde/Token/Unit/FileTest.php
+++ b/framework/Token/test/Horde/Token/Unit/FileTest.php
@@ -41,10 +41,18 @@ class Horde_Token_Unit_Storage_FileTest extends PHPUnit_Framework_TestCase
 
     public function testNonces()
     {
-        $t = new Horde_Token_File();
+        $t = new Horde_Token_File(array('secret' => 'abc'));
         $this->assertEquals(6, strlen($t->getNonce()));
     }
 
+    /**
+     * @expectedException Horde_Token_Exception
+     */
+    public function testInvalidConstruction()
+    {
+        $t = new Horde_Token_File();
+    }
+
     private function _getTemporaryDirectory()
     {
         $this->_temp_dir = sys_get_temp_dir() . DIRECTORY_SEPARATOR