search

Yubico / php-u2flib-server

(OBSOLETE) U2F library in PHP
https://developers.yubico.com/php-u2flib-server/
BSD 2-Clause "Simplified" License
289 stars 68 forks source link

Code cleanup, PSR-2/4 and security fixes #69

Closed Zae closed 2 years ago

Zae commented 6 years ago

Hiya,

I'm not sure if you accept merge requests, but I noticed the code of this library was getting very stale, so I had some fun with the code, I changed a lot of stuff.

Cleanup

PSR-2

I reformatted all the code to conform to PSR-2, this includes splitting the classes to multiple files.

PSR-4

All files are now loadable using a psr-4 classloader, so I changed the loading mechanism of composer to use psr-4.

Convert and Utility classes

I split the conversion tasks from the U2F class to a separate class to keep the code tidy. Same for the Utility class.

Namespaced tests

I added the tests to their own namespace.

Security

random_bytes instead of openssl_random_pseudo_bytes

I believe it's now preferred to use random_bytes() instead of openssl_random_pseudo_bytes, and I added paragonie/random_compat to add support for PHP 5 back.

paragonie/constant_time_encoding

I added paragonie/constant_time_encoding to combat any timing issues that could be present because of the use of the PHP default base64_* functions.

emlun commented 2 years ago

Thank you for your contributions, but since the U2F API is now obsolete we're archiving this repository and ceasing maintenance.