[Security] simplified code

fabpot · fabpot · commit 872647a8b2ff · 2014-02-22T08:00:45.000+01:00
diff --git a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
@@ -54,7 +54,7 @@ protected function processAutoLoginCookie(array $cookieParts, Request $request)
             throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user)));
         }
 
-        if (true !== $this->compareHashes($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) {
+        if (true !== StringUtils::equals($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) {
             throw new AuthenticationException('The cookie\'s hash is invalid.');
         }
 
@@ -65,22 +65,6 @@ protected function processAutoLoginCookie(array $cookieParts, Request $request)
         return $user;
     }
 
-    /**
-     * Compares two hashes using a constant-time algorithm to avoid (remote)
-     * timing attacks.
-     *
-     * This is the same implementation as used in the BasePasswordEncoder.
-     *
-     * @param string $hash1 The first hash
-     * @param string $hash2 The second hash
-     *
-     * @return Boolean true if the two hashes are the same, false otherwise
-     */
-    private function compareHashes($hash1, $hash2)
-    {
-        return StringUtils::equals($hash1, $hash2);
-    }
-
     /**
      * {@inheritDoc}
      */
