jenkins-bot has submitted this change and it was merged.
Change subject: Update firebase/php-jwt to 3.0.0
......................................................................
Update firebase/php-jwt to 3.0.0
Bug: T119294
Change-Id: I0abdddb3716fb585528fd01d9aaf6050b1b8b659
---
M composer.json
M composer.lock
M composer/autoload_classmap.php
M composer/autoload_psr4.php
M composer/installed.json
M firebase/php-jwt/.gitignore
D firebase/php-jwt/Exceptions/BeforeValidException.php
D firebase/php-jwt/Exceptions/ExpiredException.php
D firebase/php-jwt/Exceptions/SignatureInvalidException.php
M firebase/php-jwt/README.md
M firebase/php-jwt/composer.json
A firebase/php-jwt/composer.lock
M firebase/php-jwt/package.xml
A firebase/php-jwt/src/BeforeValidException.php
A firebase/php-jwt/src/ExpiredException.php
R firebase/php-jwt/src/JWT.php
A firebase/php-jwt/src/SignatureInvalidException.php
M firebase/php-jwt/tests/JWTTest.php
18 files changed, 256 insertions(+), 155 deletions(-)
Approvals:
Nikerabbit: Looks good to me, approved
jenkins-bot: Verified
diff --git a/composer.json b/composer.json
index badf00a..0b88736 100644
--- a/composer.json
+++ b/composer.json
@@ -11,7 +11,7 @@
"require": {
"composer/semver": "1.2.0",
"cssjanus/cssjanus": "1.1.1",
- "firebase/php-jwt": "2.1.0",
+ "firebase/php-jwt": "3.0.0",
"kzykhys/pygments": "1.0",
"liuggio/statsd-php-client": "1.0.16",
"mediawiki/at-ease": "1.1.0",
diff --git a/composer.lock b/composer.lock
index e975304..715e1cc 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,8 +4,8 @@
"Read more about it at
https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file";,
"This file is @generated automatically"
],
- "hash": "2ee039fecd20f1c1039e1e81db0343ef",
- "content-hash": "a8f89a030e0ee24078766f8f467769a4",
+ "hash": "e5cc6ed39a0396942cb1bd9447a12204",
+ "content-hash": "35145185a983e3c784e513b7c3533149",
"packages": [
{
"name": "composer/semver",
@@ -106,27 +106,26 @@
},
{
"name": "firebase/php-jwt",
- "version": "v2.1.0",
+ "version": "v3.0.0",
"source": {
"type": "git",
"url": "https://github.com/firebase/php-jwt.git";,
- "reference": "fb219727e199dd80a72d5274ebb5c8b24d58dd9b"
+ "reference": "fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1"
},
"dist": {
"type": "zip",
- "url":
"https://api.github.com/repos/firebase/php-jwt/zipball/fb219727e199dd80a72d5274ebb5c8b24d58dd9b";,
- "reference": "fb219727e199dd80a72d5274ebb5c8b24d58dd9b",
+ "url":
"https://api.github.com/repos/firebase/php-jwt/zipball/fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1";,
+ "reference": "fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1",
"shasum": ""
},
"require": {
- "php": ">=5.2.0"
+ "php": ">=5.3.0"
},
"type": "library",
"autoload": {
- "classmap": [
- "Authentication/",
- "Exceptions/"
- ]
+ "psr-4": {
+ "Firebase\\JWT\\": "src"
+ }
},
"notification-url": "https://packagist.org/downloads/";,
"license": [
@@ -146,7 +145,7 @@
],
"description": "A simple library to encode and decode JSON Web
Tokens (JWT) in PHP. Should conform to the current spec.",
"homepage": "https://github.com/firebase/php-jwt";,
- "time": "2015-05-20 19:16:04"
+ "time": "2015-07-22 18:31:08"
},
{
"name": "kzykhys/pygments",
diff --git a/composer/autoload_classmap.php b/composer/autoload_classmap.php
index c76a51a..ed971b5 100644
--- a/composer/autoload_classmap.php
+++ b/composer/autoload_classmap.php
@@ -41,7 +41,6 @@
'AvroStringIO' => $vendorDir . '/wikimedia/avro/lib/avro/io.php',
'AvroUnionSchema' => $vendorDir . '/wikimedia/avro/lib/avro/schema.php',
'AvroUtil' => $vendorDir . '/wikimedia/avro/lib/avro/util.php',
- 'BeforeValidException' => $vendorDir .
'/firebase/php-jwt/Exceptions/BeforeValidException.php',
'CLDRPluralRuleParser\\Converter' => $vendorDir .
'/wikimedia/cldr-plural-rule-parser/src/Converter.php',
'CLDRPluralRuleParser\\Converter\\Expression' => $vendorDir .
'/wikimedia/cldr-plural-rule-parser/src/Converter/Expression.php',
'CLDRPluralRuleParser\\Converter\\Fragment' => $vendorDir .
'/wikimedia/cldr-plural-rule-parser/src/Converter/Fragment.php',
@@ -282,9 +281,11 @@
'Elastica\\Type\\AbstractType' => $vendorDir .
'/ruflin/elastica/lib/Elastica/Type/AbstractType.php',
'Elastica\\Type\\Mapping' => $vendorDir .
'/ruflin/elastica/lib/Elastica/Type/Mapping.php',
'Elastica\\Util' => $vendorDir . '/ruflin/elastica/lib/Elastica/Util.php',
- 'ExpiredException' => $vendorDir .
'/firebase/php-jwt/Exceptions/ExpiredException.php',
+ 'Firebase\\JWT\\BeforeValidException' => $vendorDir .
'/firebase/php-jwt/src/BeforeValidException.php',
+ 'Firebase\\JWT\\ExpiredException' => $vendorDir .
'/firebase/php-jwt/src/ExpiredException.php',
+ 'Firebase\\JWT\\JWT' => $vendorDir . '/firebase/php-jwt/src/JWT.php',
+ 'Firebase\\JWT\\SignatureInvalidException' => $vendorDir .
'/firebase/php-jwt/src/SignatureInvalidException.php',
'IPSet\\IPSet' => $vendorDir . '/wikimedia/ip-set/src/IPSet.php',
- 'JWT' => $vendorDir . '/firebase/php-jwt/Authentication/JWT.php',
'Kafka\\Client' => $vendorDir . '/nmred/kafka-php/src/Kafka/Client.php',
'Kafka\\ClusterMetaData' => $vendorDir .
'/nmred/kafka-php/src/Kafka/ClusterMetaData.php',
'Kafka\\Consumer' => $vendorDir .
'/nmred/kafka-php/src/Kafka/Consumer.php',
@@ -519,7 +520,6 @@
'Psr\\Log\\Test\\LoggerInterfaceTest' => $vendorDir .
'/psr/log/Psr/Log/Test/LoggerInterfaceTest.php',
'RunningStat\\PSquare' => $vendorDir .
'/wikimedia/running-stat/src/PSquare.php',
'RunningStat\\RunningStat' => $vendorDir .
'/wikimedia/running-stat/src/RunningStat.php',
- 'SignatureInvalidException' => $vendorDir .
'/firebase/php-jwt/Exceptions/SignatureInvalidException.php',
'Symfony\\Component\\Process\\Exception\\ExceptionInterface' => $vendorDir
. '/symfony/process/Exception/ExceptionInterface.php',
'Symfony\\Component\\Process\\Exception\\InvalidArgumentException' =>
$vendorDir . '/symfony/process/Exception/InvalidArgumentException.php',
'Symfony\\Component\\Process\\Exception\\LogicException' => $vendorDir .
'/symfony/process/Exception/LogicException.php',
diff --git a/composer/autoload_psr4.php b/composer/autoload_psr4.php
index 8d0d2ca..6c5643f 100644
--- a/composer/autoload_psr4.php
+++ b/composer/autoload_psr4.php
@@ -12,6 +12,7 @@
'Wikimedia\\Assert\\' => array($vendorDir . '/wikimedia/assert/src'),
'Symfony\\Component\\Process\\' => array($vendorDir . '/symfony/process'),
'Monolog\\' => array($vendorDir . '/monolog/monolog/src/Monolog'),
+ 'Firebase\\JWT\\' => array($vendorDir . '/firebase/php-jwt/src'),
'Elastica\\' => array($vendorDir . '/ruflin/elastica/lib/Elastica'),
'Composer\\Semver\\' => array($vendorDir . '/composer/semver/src'),
'CLDRPluralRuleParser\\' => array($vendorDir .
'/wikimedia/cldr-plural-rule-parser/src'),
diff --git a/composer/installed.json b/composer/installed.json
index 112b511..70fdd7f 100644
--- a/composer/installed.json
+++ b/composer/installed.json
@@ -411,52 +411,6 @@
"homepage": "https://symfony.com";
},
{
- "name": "firebase/php-jwt",
- "version": "v2.1.0",
- "version_normalized": "2.1.0.0",
- "source": {
- "type": "git",
- "url": "https://github.com/firebase/php-jwt.git";,
- "reference": "fb219727e199dd80a72d5274ebb5c8b24d58dd9b"
- },
- "dist": {
- "type": "zip",
- "url":
"https://api.github.com/repos/firebase/php-jwt/zipball/fb219727e199dd80a72d5274ebb5c8b24d58dd9b";,
- "reference": "fb219727e199dd80a72d5274ebb5c8b24d58dd9b",
- "shasum": ""
- },
- "require": {
- "php": ">=5.2.0"
- },
- "time": "2015-05-20 19:16:04",
- "type": "library",
- "installation-source": "dist",
- "autoload": {
- "classmap": [
- "Authentication/",
- "Exceptions/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/";,
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Neuman Vong",
- "email": "neuman+p...@twilio.com",
- "role": "Developer"
- },
- {
- "name": "Anant Narayanan",
- "email": "an...@php.net",
- "role": "Developer"
- }
- ],
- "description": "A simple library to encode and decode JSON Web Tokens
(JWT) in PHP. Should conform to the current spec.",
- "homepage": "https://github.com/firebase/php-jwt";
- },
- {
"name": "wikimedia/ip-set",
"version": "1.0.1",
"version_normalized": "1.0.1.0",
@@ -1315,5 +1269,50 @@
"validation",
"versioning"
]
+ },
+ {
+ "name": "firebase/php-jwt",
+ "version": "v3.0.0",
+ "version_normalized": "3.0.0.0",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/firebase/php-jwt.git";,
+ "reference": "fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1"
+ },
+ "dist": {
+ "type": "zip",
+ "url":
"https://api.github.com/repos/firebase/php-jwt/zipball/fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1";,
+ "reference": "fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1",
+ "shasum": ""
+ },
+ "require": {
+ "php": ">=5.3.0"
+ },
+ "time": "2015-07-22 18:31:08",
+ "type": "library",
+ "installation-source": "dist",
+ "autoload": {
+ "psr-4": {
+ "Firebase\\JWT\\": "src"
+ }
+ },
+ "notification-url": "https://packagist.org/downloads/";,
+ "license": [
+ "BSD-3-Clause"
+ ],
+ "authors": [
+ {
+ "name": "Neuman Vong",
+ "email": "neuman+p...@twilio.com",
+ "role": "Developer"
+ },
+ {
+ "name": "Anant Narayanan",
+ "email": "an...@php.net",
+ "role": "Developer"
+ }
+ ],
+ "description": "A simple library to encode and decode JSON Web Tokens
(JWT) in PHP. Should conform to the current spec.",
+ "homepage": "https://github.com/firebase/php-jwt";
}
]
diff --git a/firebase/php-jwt/.gitignore b/firebase/php-jwt/.gitignore
index 96e2f2e..7c29c87 100644
--- a/firebase/php-jwt/.gitignore
+++ b/firebase/php-jwt/.gitignore
@@ -1,3 +1,4 @@
vendor
phpunit.phar
phpunit.phar.asc
+composer.phar
diff --git a/firebase/php-jwt/Exceptions/BeforeValidException.php
b/firebase/php-jwt/Exceptions/BeforeValidException.php
deleted file mode 100644
index 5a84975..0000000
--- a/firebase/php-jwt/Exceptions/BeforeValidException.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-
-class BeforeValidException extends UnexpectedValueException
-{
-
-}
diff --git a/firebase/php-jwt/Exceptions/ExpiredException.php
b/firebase/php-jwt/Exceptions/ExpiredException.php
deleted file mode 100644
index bd80468..0000000
--- a/firebase/php-jwt/Exceptions/ExpiredException.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-
-class ExpiredException extends UnexpectedValueException
-{
-
-}
diff --git a/firebase/php-jwt/Exceptions/SignatureInvalidException.php
b/firebase/php-jwt/Exceptions/SignatureInvalidException.php
deleted file mode 100644
index d122232..0000000
--- a/firebase/php-jwt/Exceptions/SignatureInvalidException.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-
-class SignatureInvalidException extends UnexpectedValueException
-{
-
-}
diff --git a/firebase/php-jwt/README.md b/firebase/php-jwt/README.md
index 00bad2e..7f1b026 100644
--- a/firebase/php-jwt/README.md
+++ b/firebase/php-jwt/README.md
@@ -1,4 +1,7 @@
[](https://travis-ci.org/firebase/php-jwt)
+[](https://packagist.org/packages/firebase/php-jwt)
+[](https://packagist.org/packages/firebase/php-jwt)
+[](https://packagist.org/packages/firebase/php-jwt)
PHP-JWT
=======
@@ -18,6 +21,7 @@
-------
```php
<?php
+use \Firebase\JWT\JWT;
$key = "example_key";
$token = array(
@@ -61,6 +65,23 @@
Changelog
---------
+#### 3.0.0 / 2015-07-22
+- Minimum PHP version updated from `5.2.0` to `5.3.0`.
+- Add `\Firebase\JWT` namespace. See
+[#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to
+[@Dashron](https://github.com/Dashron)!
+- Require a non-empty key to decode and verify a JWT. See
+[#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to
+[@sjones608](https://github.com/sjones608)!
+- Cleaner documentation blocks in the code. See
+[#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to
+[@johanderuijter](https://github.com/johanderuijter)!
+
+#### 2.2.0 / 2015-06-22
+- Add support for adding custom, optional JWT headers to `JWT::encode()`. See
+[#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to
+[@mcocaro](https://github.com/mcocaro)!
+
#### 2.1.0 / 2015-05-20
- Add support for adding a leeway to `JWT:decode()` that accounts for clock
skew
between signing and verifying entities. Thanks to
[@lcabral](https://github.com/lcabral)!
diff --git a/firebase/php-jwt/composer.json b/firebase/php-jwt/composer.json
index 95560af..1a5e93b 100644
--- a/firebase/php-jwt/composer.json
+++ b/firebase/php-jwt/composer.json
@@ -16,10 +16,12 @@
],
"license": "BSD-3-Clause",
"require": {
- "php": ">=5.2.0"
+ "php": ">=5.3.0"
},
"autoload": {
- "classmap": ["Authentication/", "Exceptions/"]
+ "psr-4": {
+ "Firebase\\JWT\\": "src"
+ }
},
"minimum-stability": "dev"
}
diff --git a/firebase/php-jwt/composer.lock b/firebase/php-jwt/composer.lock
new file mode 100644
index 0000000..5518ae4
--- /dev/null
+++ b/firebase/php-jwt/composer.lock
@@ -0,0 +1,19 @@
+{
+ "_readme": [
+ "This file locks the dependencies of your project to a known state",
+ "Read more about it at
https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file";,
+ "This file is @generated automatically"
+ ],
+ "hash": "60a5df5d283a7ae9000173248eba8909",
+ "packages": [],
+ "packages-dev": [],
+ "aliases": [],
+ "minimum-stability": "dev",
+ "stability-flags": [],
+ "prefer-stable": false,
+ "prefer-lowest": false,
+ "platform": {
+ "php": ">=5.2.0"
+ },
+ "platform-dev": []
+}
diff --git a/firebase/php-jwt/package.xml b/firebase/php-jwt/package.xml
index b40da26..a95b056 100644
--- a/firebase/php-jwt/package.xml
+++ b/firebase/php-jwt/package.xml
@@ -19,10 +19,10 @@
<email>operati...@firebase.com</email>
<active>yes</active>
</lead>
- <date>2015-05-20</date>
+ <date>2015-07-22</date>
<version>
- <release>2.1.0</release>
- <api>2.1.0</api>
+ <release>3.0.0</release>
+ <api>3.0.0</api>
</version>
<stability>
<release>beta</release>
diff --git a/firebase/php-jwt/src/BeforeValidException.php
b/firebase/php-jwt/src/BeforeValidException.php
new file mode 100644
index 0000000..a6ee2f7
--- /dev/null
+++ b/firebase/php-jwt/src/BeforeValidException.php
@@ -0,0 +1,7 @@
+<?php
+namespace Firebase\JWT;
+
+class BeforeValidException extends \UnexpectedValueException
+{
+
+}
diff --git a/firebase/php-jwt/src/ExpiredException.php
b/firebase/php-jwt/src/ExpiredException.php
new file mode 100644
index 0000000..3597370
--- /dev/null
+++ b/firebase/php-jwt/src/ExpiredException.php
@@ -0,0 +1,7 @@
+<?php
+namespace Firebase\JWT;
+
+class ExpiredException extends \UnexpectedValueException
+{
+
+}
diff --git a/firebase/php-jwt/Authentication/JWT.php
b/firebase/php-jwt/src/JWT.php
similarity index 68%
rename from firebase/php-jwt/Authentication/JWT.php
rename to firebase/php-jwt/src/JWT.php
index 7d6665b..b3532df 100644
--- a/firebase/php-jwt/Authentication/JWT.php
+++ b/firebase/php-jwt/src/JWT.php
@@ -1,5 +1,11 @@
<?php
+namespace Firebase\JWT;
+use \DomainException;
+use \InvalidArgumentException;
+use \UnexpectedValueException;
+use \DateTime;
+
/**
* JSON Web Token implementation, based on this spec:
* http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06
@@ -33,11 +39,13 @@
/**
* Decodes a JWT string into a PHP object.
*
- * @param string $jwt The JWT
- * @param string|Array|null $key The secret key, or map of keys
- * @param Array $allowed_algs List of supported verification
algorithms
+ * @param string $jwt The JWT
+ * @param string|array|null $key The key, or map of keys.
+ * If the algorithm used is
asymmetric, this is the public key
+ * @param array $allowed_algs List of supported verification
algorithms
+ * Supported algorithms are
'HS256', 'HS384', 'HS512' and 'RS256'
*
- * @return object The JWT's payload as a PHP object
+ * @return object The JWT's payload as a PHP object
*
* @throws DomainException Algorithm was not provided
* @throws UnexpectedValueException Provided JWT was invalid
@@ -49,8 +57,11 @@
* @uses jsonDecode
* @uses urlsafeB64Decode
*/
- public static function decode($jwt, $key = null, $allowed_algs = array())
+ public static function decode($jwt, $key, $allowed_algs = array())
{
+ if (empty($key)) {
+ throw new InvalidArgumentException('Key may not be empty');
+ }
$tks = explode('.', $jwt);
if (count($tks) != 3) {
throw new UnexpectedValueException('Wrong number of segments');
@@ -63,50 +74,49 @@
throw new UnexpectedValueException('Invalid claims encoding');
}
$sig = JWT::urlsafeB64Decode($cryptob64);
- if (isset($key)) {
- if (empty($header->alg)) {
- throw new DomainException('Empty algorithm');
+
+ if (empty($header->alg)) {
+ throw new DomainException('Empty algorithm');
+ }
+ if (empty(self::$supported_algs[$header->alg])) {
+ throw new DomainException('Algorithm not supported');
+ }
+ if (!is_array($allowed_algs) || !in_array($header->alg,
$allowed_algs)) {
+ throw new DomainException('Algorithm not allowed');
+ }
+ if (is_array($key) || $key instanceof \ArrayAccess) {
+ if (isset($header->kid)) {
+ $key = $key[$header->kid];
+ } else {
+ throw new DomainException('"kid" empty, unable to lookup
correct key');
}
- if (empty(self::$supported_algs[$header->alg])) {
- throw new DomainException('Algorithm not supported');
- }
- if (!is_array($allowed_algs) || !in_array($header->alg,
$allowed_algs)) {
- throw new DomainException('Algorithm not allowed');
- }
- if (is_array($key) || $key instanceof \ArrayAccess) {
- if (isset($header->kid)) {
- $key = $key[$header->kid];
- } else {
- throw new DomainException('"kid" empty, unable to lookup
correct key');
- }
- }
+ }
- // Check the signature
- if (!JWT::verify("$headb64.$bodyb64", $sig, $key, $header->alg)) {
- throw new SignatureInvalidException('Signature verification
failed');
- }
+ // Check the signature
+ if (!JWT::verify("$headb64.$bodyb64", $sig, $key, $header->alg)) {
+ throw new SignatureInvalidException('Signature verification
failed');
+ }
- // Check if the nbf if it is defined. This is the time that the
- // token can actually be used. If it's not yet that time, abort.
- if (isset($payload->nbf) && $payload->nbf > (time() +
self::$leeway)) {
- throw new BeforeValidException(
- 'Cannot handle token prior to ' . date(DateTime::ISO8601,
$payload->nbf)
- );
- }
+ // Check if the nbf if it is defined. This is the time that the
+ // token can actually be used. If it's not yet that time, abort.
+ if (isset($payload->nbf) && $payload->nbf > (time() + self::$leeway)) {
+ throw new BeforeValidException(
+ 'Cannot handle token prior to ' . date(DateTime::ISO8601,
$payload->nbf)
+ );
+ }
- // Check that this token has been created before 'now'. This
prevents
- // using tokens that have been created for later use (and haven't
- // correctly used the nbf claim).
- if (isset($payload->iat) && $payload->iat > (time() +
self::$leeway)) {
- throw new BeforeValidException(
- 'Cannot handle token prior to ' . date(DateTime::ISO8601,
$payload->iat)
- );
- }
+ // Check that this token has been created before 'now'. This prevents
+ // using tokens that have been created for later use (and haven't
+ // correctly used the nbf claim).
+ if (isset($payload->iat) && $payload->iat > (time() + self::$leeway)) {
+ throw new BeforeValidException(
+ 'Cannot handle token prior to ' . date(DateTime::ISO8601,
$payload->iat)
+ );
+ }
- // Check if this token has expired.
- if (isset($payload->exp) && (time() - self::$leeway) >=
$payload->exp) {
- throw new ExpiredException('Expired token');
- }
+ // Check if this token has expired.
+ if (isset($payload->exp) && (time() - self::$leeway) >= $payload->exp)
{
+ throw new ExpiredException('Expired token');
}
return $payload;
@@ -115,20 +125,26 @@
/**
* Converts and signs a PHP object or array into a JWT string.
*
- * @param object|array $payload PHP object or array
- * @param string $key The secret key
- * @param string $alg The signing algorithm. Supported
- * algorithms are 'HS256', 'HS384' and 'HS512'
+ * @param object|array $payload PHP object or array
+ * @param string $key The secret key.
+ * If the algorithm used is asymmetric,
this is the private key
+ * @param string $alg The signing algorithm.
+ * Supported algorithms are 'HS256',
'HS384', 'HS512' and 'RS256'
+ * @param array $head An array with header elements to attach
*
- * @return string A signed JWT
+ * @return string A signed JWT
+ *
* @uses jsonEncode
* @uses urlsafeB64Encode
*/
- public static function encode($payload, $key, $alg = 'HS256', $keyId =
null)
+ public static function encode($payload, $key, $alg = 'HS256', $keyId =
null, $head = null)
{
$header = array('typ' => 'JWT', 'alg' => $alg);
if ($keyId !== null) {
$header['kid'] = $keyId;
+ }
+ if ( isset($head) && is_array($head) ) {
+ $header = array_merge($head, $header);
}
$segments = array();
$segments[] = JWT::urlsafeB64Encode(JWT::jsonEncode($header));
@@ -144,12 +160,13 @@
/**
* Sign a string with a given key and algorithm.
*
- * @param string $msg The message to sign
- * @param string|resource $key The secret key
- * @param string $alg The signing algorithm. Supported algorithms
- * are 'HS256', 'HS384', 'HS512' and 'RS256'
+ * @param string $msg The message to sign
+ * @param string|resource $key The secret key
+ * @param string $alg The signing algorithm.
+ * Supported algorithms are 'HS256',
'HS384', 'HS512' and 'RS256'
*
- * @return string An encrypted message
+ * @return string An encrypted message
+ *
* @throws DomainException Unsupported algorithm was specified
*/
public static function sign($msg, $key, $alg = 'HS256')
@@ -173,13 +190,16 @@
}
/**
- * Verify a signature with the mesage, key and method. Not all methods
+ * Verify a signature with the message, key and method. Not all methods
* are symmetric, so we must have a separate verify and sign method.
- * @param string $msg the original message
- * @param string $signature
- * @param string|resource $key for HS*, a string key works. for RS*, must
be a resource of an openssl public key
- * @param string $alg
+ *
+ * @param string $msg The original message (header and
body)
+ * @param string $signature The original signature
+ * @param string|resource $key For HS*, a string key works. for
RS*, must be a resource of an openssl public key
+ * @param string $alg The algorithm
+ *
* @return bool
+ *
* @throws DomainException Invalid Algorithm or OpenSSL failure
*/
private static function verify($msg, $signature, $key, $alg)
@@ -220,7 +240,8 @@
*
* @param string $input JSON string
*
- * @return object Object representation of JSON string
+ * @return object Object representation of JSON string
+ *
* @throws DomainException Provided string was invalid JSON
*/
public static function jsonDecode($input)
@@ -254,7 +275,8 @@
*
* @param object|array $input A PHP object or array
*
- * @return string JSON representation of the PHP object or array
+ * @return string JSON representation of the PHP object or array
+ *
* @throws DomainException Provided object could not be encoded to valid
JSON
*/
public static function jsonEncode($input)
@@ -322,6 +344,7 @@
* Get the number of bytes in cryptographic strings.
*
* @param string
+ *
* @return int
*/
private static function safeStrlen($str)
diff --git a/firebase/php-jwt/src/SignatureInvalidException.php
b/firebase/php-jwt/src/SignatureInvalidException.php
new file mode 100644
index 0000000..27332b2
--- /dev/null
+++ b/firebase/php-jwt/src/SignatureInvalidException.php
@@ -0,0 +1,7 @@
+<?php
+namespace Firebase\JWT;
+
+class SignatureInvalidException extends \UnexpectedValueException
+{
+
+}
diff --git a/firebase/php-jwt/tests/JWTTest.php
b/firebase/php-jwt/tests/JWTTest.php
index 0605e4c..89de8d2 100644
--- a/firebase/php-jwt/tests/JWTTest.php
+++ b/firebase/php-jwt/tests/JWTTest.php
@@ -1,4 +1,5 @@
<?php
+use \Firebase\JWT\JWT;
class JWTTest extends PHPUnit_Framework_TestCase
{
@@ -37,7 +38,7 @@
public function testExpiredToken()
{
- $this->setExpectedException('ExpiredException');
+ $this->setExpectedException('Firebase\JWT\ExpiredException');
$payload = array(
"message" => "abc",
"exp" => time() - 20); // time in the past
@@ -47,7 +48,7 @@
public function testBeforeValidTokenWithNbf()
{
- $this->setExpectedException('BeforeValidException');
+ $this->setExpectedException('Firebase\JWT\BeforeValidException');
$payload = array(
"message" => "abc",
"nbf" => time() + 20); // time in the future
@@ -57,7 +58,7 @@
public function testBeforeValidTokenWithIat()
{
- $this->setExpectedException('BeforeValidException');
+ $this->setExpectedException('Firebase\JWT\BeforeValidException');
$payload = array(
"message" => "abc",
"iat" => time() + 20); // time in the future
@@ -93,7 +94,7 @@
$payload = array(
"message" => "abc",
"exp" => time() - 70); // time far in the past
- $this->setExpectedException('ExpiredException');
+ $this->setExpectedException('Firebase\JWT\ExpiredException');
$encoded = JWT::encode($payload, 'my_key');
$decoded = JWT::decode($encoded, 'my_key', array('HS256'));
$this->assertEquals($decoded->message, 'abc');
@@ -141,7 +142,7 @@
"message" => "abc",
"nbf" => time() + 65); // not before too far in future
$encoded = JWT::encode($payload, 'my_key');
- $this->setExpectedException('BeforeValidException');
+ $this->setExpectedException('Firebase\JWT\BeforeValidException');
$decoded = JWT::decode($encoded, 'my_key', array('HS256'));
JWT::$leeway = 0;
}
@@ -165,7 +166,7 @@
"message" => "abc",
"iat" => time() + 65); // issued too far in future
$encoded = JWT::encode($payload, 'my_key');
- $this->setExpectedException('BeforeValidException');
+ $this->setExpectedException('Firebase\JWT\BeforeValidException');
$decoded = JWT::decode($encoded, 'my_key', array('HS256'));
JWT::$leeway = 0;
}
@@ -176,8 +177,28 @@
"message" => "abc",
"exp" => time() + 20); // time in the future
$encoded = JWT::encode($payload, 'my_key');
- $this->setExpectedException('SignatureInvalidException');
+ $this->setExpectedException('Firebase\JWT\SignatureInvalidException');
$decoded = JWT::decode($encoded, 'my_key2', array('HS256'));
+ }
+
+ public function testNullKeyFails()
+ {
+ $payload = array(
+ "message" => "abc",
+ "exp" => time() + JWT::$leeway + 20); // time in the future
+ $encoded = JWT::encode($payload, 'my_key');
+ $this->setExpectedException('InvalidArgumentException');
+ $decoded = JWT::decode($encoded, null, array('HS256'));
+ }
+
+ public function testEmptyKeyFails()
+ {
+ $payload = array(
+ "message" => "abc",
+ "exp" => time() + JWT::$leeway + 20); // time in the future
+ $encoded = JWT::encode($payload, 'my_key');
+ $this->setExpectedException('InvalidArgumentException');
+ $decoded = JWT::decode($encoded, '', array('HS256'));
}
public function testRSEncodeDecode()
@@ -228,4 +249,16 @@
$this->setExpectedException('DomainException');
JWT::decode($msg, 'my_key');
}
+
+ public function testAdditionalHeaders()
+ {
+ $msg = JWT::encode('abc', 'my_key', 'HS256', null, array('cty' =>
'test-eit;v=1'));
+ $this->assertEquals(JWT::decode($msg, 'my_key', array('HS256')),
'abc');
+ }
+
+ public function testInvalidSegmentCount()
+ {
+ $this->setExpectedException('UnexpectedValueException');
+ JWT::decode('brokenheader.brokenbody', 'my_key', array('HS256'));
+ }
}
--
To view, visit https://gerrit.wikimedia.org/r/254641
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I0abdddb3716fb585528fd01d9aaf6050b1b8b659
Gerrit-PatchSet: 4
Gerrit-Project: mediawiki/vendor
Gerrit-Branch: master
Gerrit-Owner: Reedy <re...@wikimedia.org>
Gerrit-Reviewer: Legoktm <legoktm.wikipe...@gmail.com>
Gerrit-Reviewer: Nikerabbit <niklas.laxst...@gmail.com>
Gerrit-Reviewer: Reedy <re...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
