Add #[\SensitiveParameter] to token and verifier

sstok · sstok · commit c700405c2a77 · 2024-01-06T12:21:09.000+01:00
diff --git a/src/Argon2SplitTokenFactory.php b/src/Argon2SplitTokenFactory.php
@@ -40,7 +40,7 @@ public function generate(\DateTimeImmutable | \DateInterval $expiresAt = null):
         return $splitToken->expireAt($this->getExpirationTimestamp($expiresAt));
     }
 
-    public function fromString(string | HiddenString | \Stringable $token): SplitToken
+    public function fromString(#[\SensitiveParameter] string | HiddenString | \Stringable $token): SplitToken
     {
         return Argon2SplitToken::fromString($token);
     }
diff --git a/src/SplitToken.php b/src/SplitToken.php
@@ -98,7 +98,7 @@ abstract class SplitToken
     private ?string $verifierHash = null;
     private ?\DateTimeImmutable $expiresAt = null;
 
-    final private function __construct(HiddenString $token, string $selector, string $verifier)
+    final private function __construct(HiddenString $token, string $selector, #[\SensitiveParameter] string $verifier)
     {
         $this->token = $token;
         $this->selector = $selector;
@@ -150,7 +150,7 @@ public function expireAt(\DateTimeImmutable $expiresAt = null): static
      *
      * Note: The provided $token is zeroed from memory when it's length is valid.
      */
-    final public static function fromString(string | HiddenString | \Stringable $token): static
+    final public static function fromString(#[\SensitiveParameter] string | HiddenString | \Stringable $token): static
     {
         if ($token instanceof HiddenString) {
             $token = $token->getString();
@@ -259,5 +259,5 @@ protected function configureHasher(array $config): void
     abstract protected function verifyHash(string $hash, string $verifier): bool;
 
     /** Produces a hashed version of the verifier. */
-    abstract protected function hashVerifier(string $verifier): string;
+    abstract protected function hashVerifier(#[\SensitiveParameter] string $verifier): string;
 }
diff --git a/src/SplitTokenFactory.php b/src/SplitTokenFactory.php
@@ -46,5 +46,5 @@ public function generate(\DateTimeImmutable | \DateInterval $expiresAt = null):
      * return SplitToken::fromString($token);
      * ```
      */
-    public function fromString(string | HiddenString | \Stringable $token): SplitToken;
+    public function fromString(#[\SensitiveParameter] string | HiddenString | \Stringable $token): SplitToken;
 }
diff --git a/tests/FakeSplitTokenFactoryTest.php b/tests/FakeSplitTokenFactoryTest.php
@@ -118,7 +118,10 @@ public function it_creates_from_stringable_object(): void
         $splitToken = $factory->generate();
 
         $stringObj = new class($splitToken->token()->getString()) implements \Stringable {
-            public function __construct(private string $value) {}
+            public function __construct(
+                #[\SensitiveParameter]
+                private string $value
+            ) {}
 
             public function __toString(): string
             {

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ public function generate(\DateTimeImmutable \| \DateInterval $expiresAt = null):`
`40`	`40`	`return $splitToken->expireAt($this->getExpirationTimestamp($expiresAt));`
`41`	`41`	`}`
`42`	`42`
`43`		`- public function fromString(string \| HiddenString \| \Stringable $token): SplitToken`
	`43`	`+ public function fromString(#[\SensitiveParameter] string \| HiddenString \| \Stringable $token): SplitToken`
`44`	`44`	`{`
`45`	`45`	`return Argon2SplitToken::fromString($token);`
`46`	`46`	`}`
Original file line number	Diff line number	Diff line change
`@@ -98,7 +98,7 @@ abstract class SplitToken`
`98`	`98`	`private ?string $verifierHash = null;`
`99`	`99`	`private ?\DateTimeImmutable $expiresAt = null;`
`100`	`100`
`101`		`- final private function __construct(HiddenString $token, string $selector, string $verifier)`
	`101`	`+ final private function __construct(HiddenString $token, string $selector, #[\SensitiveParameter] string $verifier)`
`102`	`102`	`{`
`103`	`103`	`$this->token = $token;`
`104`	`104`	`$this->selector = $selector;`
`@@ -150,7 +150,7 @@ public function expireAt(\DateTimeImmutable $expiresAt = null): static`
`150`	`150`	`*`
`151`	`151`	`* Note: The provided $token is zeroed from memory when it's length is valid.`
`152`	`152`	`*/`
`153`		`- final public static function fromString(string \| HiddenString \| \Stringable $token): static`
	`153`	`+ final public static function fromString(#[\SensitiveParameter] string \| HiddenString \| \Stringable $token): static`
`154`	`154`	`{`
`155`	`155`	`if ($token instanceof HiddenString) {`
`156`	`156`	`$token = $token->getString();`
`@@ -259,5 +259,5 @@ protected function configureHasher(array $config): void`
`259`	`259`	`abstract protected function verifyHash(string $hash, string $verifier): bool;`
`260`	`260`
`261`	`261`	`/** Produces a hashed version of the verifier. */`
`262`		`- abstract protected function hashVerifier(string $verifier): string;`
	`262`	`+ abstract protected function hashVerifier(#[\SensitiveParameter] string $verifier): string;`
`263`	`263`	`}`
Original file line number	Diff line number	Diff line change
`@@ -46,5 +46,5 @@ public function generate(\DateTimeImmutable \| \DateInterval $expiresAt = null):`
`46`	`46`	`* return SplitToken::fromString($token);`
`47`	`47`	* ```
`48`	`48`	`*/`
`49`		`- public function fromString(string \| HiddenString \| \Stringable $token): SplitToken;`
	`49`	`+ public function fromString(#[\SensitiveParameter] string \| HiddenString \| \Stringable $token): SplitToken;`
`50`	`50`	`}`