Laminas\Math abandoned, stop using it

pi-engine · Dec 16, 2024 · a4a565b · a4a565b
1 parent 371e7e0
commit a4a565b
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 7 deletions.
diff --git a/composer.json b/composer.json
@@ -54,7 +54,6 @@
     "laminas/laminas-mvc-plugins": "*",
     "laminas/laminas-mvc-middleware": "*",
     "laminas/laminas-authentication": "*",
-    "laminas/laminas-math": "*",
     "laminas/laminas-http": "*",
     "laminas/laminas-eventmanager": "*",
     "laminas/laminas-cache": "*",

diff --git a/src/Service/AccountService.php b/src/Service/AccountService.php
@@ -5,14 +5,14 @@
 namespace Pi\User\Service;
 
 use Fig\Http\Message\StatusCodeInterface;
-use Laminas\Math\Rand;
 use Pi\Core\Security\Account\AccountLocked;
 use Pi\Core\Security\Account\AccountLoginAttempts;
 use Pi\Core\Service\CacheService;
 use Pi\Core\Service\TranslatorService;
 use Pi\Core\Service\UtilityService;
 use Pi\Notification\Service\NotificationService;
 use Pi\User\Repository\AccountRepositoryInterface;
+use Random\RandomException;
 use RobThree\Auth\Algorithm;
 use RobThree\Auth\Providers\Qr\EndroidQrCodeProvider;
 use RobThree\Auth\TwoFactorAuth;
@@ -511,11 +511,12 @@ public function postLoginError($params): array
      * @param       $params
      *
      * @return array
+     * @throws RandomException
      */
     public function perMobileLogin($params): array
     {
         // Set new password as OTP
-        $otpCode   = Rand::getInteger(100000, 999999);
+        $otpCode   = random_int(100000, 999999);
         $otpExpire = (time() + 120);
         $isNew     = 0;
 
@@ -592,11 +593,12 @@ public function perMobileLogin($params): array
      * @param       $params
      *
      * @return array
+     * @throws RandomException
      */
     public function preMailLogin($params): array
     {
         // Set new password as OTP
-        $otpCode   = Rand::getInteger(100000, 999999);
+        $otpCode   = random_int(100000, 999999);
         $otpExpire = (time() + 180);
         $isNew     = 0;
 

diff --git a/src/Service/TokenService.php b/src/Service/TokenService.php
@@ -7,8 +7,8 @@
 use Exception;
 use Firebase\JWT\JWT;
 use Firebase\JWT\Key;
-use Laminas\Math\Rand;
 use Pi\Core\Service\CacheService;
+use Random\RandomException;
 
 class TokenService implements ServiceInterface
 {
@@ -148,14 +148,16 @@ public function decryptToken($token): array
         }
     }
 
+    /**
+     * @throws RandomException
+     */
     private function setUniqId($params): string
     {
         $typePrefix   = $params['type'] === 'refresh' ? 'r' : 'a';
-        $randomString = Rand::getString(16, 'abcdefghijklmnopqrstuvwxyz0123456789');
 
         return hash(
             'sha256',
-            sprintf('%s-%s-%s', $typePrefix, $params['account']['id'], $randomString)
+            sprintf('%s-%s-%s', $typePrefix, $params['account']['id'], bin2hex(random_bytes(8)))
         );
     }