Deprecate the SecureRandom class

pierredup · pierredup · commit 00e50130d1de · 2015-09-24T09:19:54.000+02:00
diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md
@@ -12,6 +12,7 @@ CHANGELOG
    `Symfony\Component\Security\Http\Authentication\SimpleFormAuthenticatorInterface` instead
  * deprecated `Symfony\Component\Security\Core\Util\ClassUtils`, use
    `Symfony\Component\Security\Acl\Util\ClassUtils` instead
+ * deprecated `Symfony\Component\Security\Core\Util\SecureRandom` class in favour of the `random_bytes` function
 
 2.7.0
 -----
diff --git a/src/Symfony/Component/Security/Core/Util/SecureRandom.php b/src/Symfony/Component/Security/Core/Util/SecureRandom.php
@@ -11,13 +11,17 @@
 
 namespace Symfony\Component\Security\Core\Util;
 
+@trigger_error('The '.__NAMESPACE__.'\SecureRandom class is deprecated since 2.8 and will be removed in 3.0. Use the random_bytes function instead.', E_USER_DEPRECATED);
+
 use Psr\Log\LoggerInterface;
 
 /**
  * A secure random number generator implementation.
  *
  * @author Fabien Potencier <fabien@symfony.com>
  * @author Johannes M. Schmitt <schmittjoh@gmail.com>
+ *
+ * @deprecated since 2.8, to be removed in 3.0. Use the random_bytes function instead
  */
 final class SecureRandom implements SecureRandomInterface
 {
@@ -43,9 +47,9 @@ public function __construct($seedFile = null, LoggerInterface $logger = null)
         $this->logger = $logger;
 
         // determine whether to use OpenSSL
-        if (!function_exists('openssl_random_pseudo_bytes')) {
+        if (!function_exists('random_bytes') || !function_exists('openssl_random_pseudo_bytes')) {
             if (null !== $this->logger) {
-                $this->logger->notice('It is recommended that you enable the "openssl" extension for random number generation.');
+                $this->logger->notice('It is recommended that you install the "paragonie/random_compat" library or enable the "openssl" extension for random number generation.');
             }
             $this->useOpenSsl = false;
         } else {
@@ -58,6 +62,10 @@ public function __construct($seedFile = null, LoggerInterface $logger = null)
      */
     public function nextBytes($nbBytes)
     {
+        if (function_exists('random_bytes')) {
+            return random_bytes($nbBytes);
+        }
+
         // try OpenSSL
         if ($this->useOpenSsl) {
             $bytes = openssl_random_pseudo_bytes($nbBytes, $strong);
diff --git a/src/Symfony/Component/Security/Core/composer.json b/src/Symfony/Component/Security/Core/composer.json
@@ -33,7 +33,8 @@
         "symfony/http-foundation": "",
         "symfony/validator": "For using the user password constraint",
         "symfony/expression-language": "For using the expression voter",
-        "ircmaxell/password-compat": "For using the BCrypt password encoder in PHP <5.5"
+        "ircmaxell/password-compat": "For using the BCrypt password encoder in PHP <5.5",
+        "paragonie/random_compat": "For secure number generation"
     },
     "autoload": {
         "psr-4": { "Symfony\\Component\\Security\\Core\\": "" }
