jenkins-bot has submitted this change and it was merged. Change subject: Update firebase/php-jwt to 3.0.0 ......................................................................
Update firebase/php-jwt to 3.0.0 Bug: T119294 Change-Id: I0abdddb3716fb585528fd01d9aaf6050b1b8b659 --- M composer.json M composer.lock M composer/autoload_classmap.php M composer/autoload_psr4.php M composer/installed.json M firebase/php-jwt/.gitignore D firebase/php-jwt/Exceptions/BeforeValidException.php D firebase/php-jwt/Exceptions/ExpiredException.php D firebase/php-jwt/Exceptions/SignatureInvalidException.php M firebase/php-jwt/README.md M firebase/php-jwt/composer.json A firebase/php-jwt/composer.lock M firebase/php-jwt/package.xml A firebase/php-jwt/src/BeforeValidException.php A firebase/php-jwt/src/ExpiredException.php R firebase/php-jwt/src/JWT.php A firebase/php-jwt/src/SignatureInvalidException.php M firebase/php-jwt/tests/JWTTest.php 18 files changed, 256 insertions(+), 155 deletions(-) Approvals: Nikerabbit: Looks good to me, approved jenkins-bot: Verified diff --git a/composer.json b/composer.json index badf00a..0b88736 100644 --- a/composer.json +++ b/composer.json @@ -11,7 +11,7 @@ "require": { "composer/semver": "1.2.0", "cssjanus/cssjanus": "1.1.1", - "firebase/php-jwt": "2.1.0", + "firebase/php-jwt": "3.0.0", "kzykhys/pygments": "1.0", "liuggio/statsd-php-client": "1.0.16", "mediawiki/at-ease": "1.1.0", diff --git a/composer.lock b/composer.lock index e975304..715e1cc 100644 --- a/composer.lock +++ b/composer.lock @@ -4,8 +4,8 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "hash": "2ee039fecd20f1c1039e1e81db0343ef", - "content-hash": "a8f89a030e0ee24078766f8f467769a4", + "hash": "e5cc6ed39a0396942cb1bd9447a12204", + "content-hash": "35145185a983e3c784e513b7c3533149", "packages": [ { "name": "composer/semver", @@ -106,27 +106,26 @@ }, { "name": "firebase/php-jwt", - "version": "v2.1.0", + "version": "v3.0.0", "source": { "type": "git", "url": "https://github.com/firebase/php-jwt.git", - "reference": "fb219727e199dd80a72d5274ebb5c8b24d58dd9b" + "reference": "fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/firebase/php-jwt/zipball/fb219727e199dd80a72d5274ebb5c8b24d58dd9b", - "reference": "fb219727e199dd80a72d5274ebb5c8b24d58dd9b", + "url": "https://api.github.com/repos/firebase/php-jwt/zipball/fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1", + "reference": "fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1", "shasum": "" }, "require": { - "php": ">=5.2.0" + "php": ">=5.3.0" }, "type": "library", "autoload": { - "classmap": [ - "Authentication/", - "Exceptions/" - ] + "psr-4": { + "Firebase\\JWT\\": "src" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -146,7 +145,7 @@ ], "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", "homepage": "https://github.com/firebase/php-jwt", - "time": "2015-05-20 19:16:04" + "time": "2015-07-22 18:31:08" }, { "name": "kzykhys/pygments", diff --git a/composer/autoload_classmap.php b/composer/autoload_classmap.php index c76a51a..ed971b5 100644 --- a/composer/autoload_classmap.php +++ b/composer/autoload_classmap.php @@ -41,7 +41,6 @@ 'AvroStringIO' => $vendorDir . '/wikimedia/avro/lib/avro/io.php', 'AvroUnionSchema' => $vendorDir . '/wikimedia/avro/lib/avro/schema.php', 'AvroUtil' => $vendorDir . '/wikimedia/avro/lib/avro/util.php', - 'BeforeValidException' => $vendorDir . '/firebase/php-jwt/Exceptions/BeforeValidException.php', 'CLDRPluralRuleParser\\Converter' => $vendorDir . '/wikimedia/cldr-plural-rule-parser/src/Converter.php', 'CLDRPluralRuleParser\\Converter\\Expression' => $vendorDir . '/wikimedia/cldr-plural-rule-parser/src/Converter/Expression.php', 'CLDRPluralRuleParser\\Converter\\Fragment' => $vendorDir . '/wikimedia/cldr-plural-rule-parser/src/Converter/Fragment.php', @@ -282,9 +281,11 @@ 'Elastica\\Type\\AbstractType' => $vendorDir . '/ruflin/elastica/lib/Elastica/Type/AbstractType.php', 'Elastica\\Type\\Mapping' => $vendorDir . '/ruflin/elastica/lib/Elastica/Type/Mapping.php', 'Elastica\\Util' => $vendorDir . '/ruflin/elastica/lib/Elastica/Util.php', - 'ExpiredException' => $vendorDir . '/firebase/php-jwt/Exceptions/ExpiredException.php', + 'Firebase\\JWT\\BeforeValidException' => $vendorDir . '/firebase/php-jwt/src/BeforeValidException.php', + 'Firebase\\JWT\\ExpiredException' => $vendorDir . '/firebase/php-jwt/src/ExpiredException.php', + 'Firebase\\JWT\\JWT' => $vendorDir . '/firebase/php-jwt/src/JWT.php', + 'Firebase\\JWT\\SignatureInvalidException' => $vendorDir . '/firebase/php-jwt/src/SignatureInvalidException.php', 'IPSet\\IPSet' => $vendorDir . '/wikimedia/ip-set/src/IPSet.php', - 'JWT' => $vendorDir . '/firebase/php-jwt/Authentication/JWT.php', 'Kafka\\Client' => $vendorDir . '/nmred/kafka-php/src/Kafka/Client.php', 'Kafka\\ClusterMetaData' => $vendorDir . '/nmred/kafka-php/src/Kafka/ClusterMetaData.php', 'Kafka\\Consumer' => $vendorDir . '/nmred/kafka-php/src/Kafka/Consumer.php', @@ -519,7 +520,6 @@ 'Psr\\Log\\Test\\LoggerInterfaceTest' => $vendorDir . '/psr/log/Psr/Log/Test/LoggerInterfaceTest.php', 'RunningStat\\PSquare' => $vendorDir . '/wikimedia/running-stat/src/PSquare.php', 'RunningStat\\RunningStat' => $vendorDir . '/wikimedia/running-stat/src/RunningStat.php', - 'SignatureInvalidException' => $vendorDir . '/firebase/php-jwt/Exceptions/SignatureInvalidException.php', 'Symfony\\Component\\Process\\Exception\\ExceptionInterface' => $vendorDir . '/symfony/process/Exception/ExceptionInterface.php', 'Symfony\\Component\\Process\\Exception\\InvalidArgumentException' => $vendorDir . '/symfony/process/Exception/InvalidArgumentException.php', 'Symfony\\Component\\Process\\Exception\\LogicException' => $vendorDir . '/symfony/process/Exception/LogicException.php', diff --git a/composer/autoload_psr4.php b/composer/autoload_psr4.php index 8d0d2ca..6c5643f 100644 --- a/composer/autoload_psr4.php +++ b/composer/autoload_psr4.php @@ -12,6 +12,7 @@ 'Wikimedia\\Assert\\' => array($vendorDir . '/wikimedia/assert/src'), 'Symfony\\Component\\Process\\' => array($vendorDir . '/symfony/process'), 'Monolog\\' => array($vendorDir . '/monolog/monolog/src/Monolog'), + 'Firebase\\JWT\\' => array($vendorDir . '/firebase/php-jwt/src'), 'Elastica\\' => array($vendorDir . '/ruflin/elastica/lib/Elastica'), 'Composer\\Semver\\' => array($vendorDir . '/composer/semver/src'), 'CLDRPluralRuleParser\\' => array($vendorDir . '/wikimedia/cldr-plural-rule-parser/src'), diff --git a/composer/installed.json b/composer/installed.json index 112b511..70fdd7f 100644 --- a/composer/installed.json +++ b/composer/installed.json @@ -411,52 +411,6 @@ "homepage": "https://symfony.com" }, { - "name": "firebase/php-jwt", - "version": "v2.1.0", - "version_normalized": "2.1.0.0", - "source": { - "type": "git", - "url": "https://github.com/firebase/php-jwt.git", - "reference": "fb219727e199dd80a72d5274ebb5c8b24d58dd9b" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/firebase/php-jwt/zipball/fb219727e199dd80a72d5274ebb5c8b24d58dd9b", - "reference": "fb219727e199dd80a72d5274ebb5c8b24d58dd9b", - "shasum": "" - }, - "require": { - "php": ">=5.2.0" - }, - "time": "2015-05-20 19:16:04", - "type": "library", - "installation-source": "dist", - "autoload": { - "classmap": [ - "Authentication/", - "Exceptions/" - ] - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "BSD-3-Clause" - ], - "authors": [ - { - "name": "Neuman Vong", - "email": "neuman+p...@twilio.com", - "role": "Developer" - }, - { - "name": "Anant Narayanan", - "email": "an...@php.net", - "role": "Developer" - } - ], - "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", - "homepage": "https://github.com/firebase/php-jwt" - }, - { "name": "wikimedia/ip-set", "version": "1.0.1", "version_normalized": "1.0.1.0", @@ -1315,5 +1269,50 @@ "validation", "versioning" ] + }, + { + "name": "firebase/php-jwt", + "version": "v3.0.0", + "version_normalized": "3.0.0.0", + "source": { + "type": "git", + "url": "https://github.com/firebase/php-jwt.git", + "reference": "fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/firebase/php-jwt/zipball/fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1", + "reference": "fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1", + "shasum": "" + }, + "require": { + "php": ">=5.3.0" + }, + "time": "2015-07-22 18:31:08", + "type": "library", + "installation-source": "dist", + "autoload": { + "psr-4": { + "Firebase\\JWT\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Neuman Vong", + "email": "neuman+p...@twilio.com", + "role": "Developer" + }, + { + "name": "Anant Narayanan", + "email": "an...@php.net", + "role": "Developer" + } + ], + "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", + "homepage": "https://github.com/firebase/php-jwt" } ] diff --git a/firebase/php-jwt/.gitignore b/firebase/php-jwt/.gitignore index 96e2f2e..7c29c87 100644 --- a/firebase/php-jwt/.gitignore +++ b/firebase/php-jwt/.gitignore @@ -1,3 +1,4 @@ vendor phpunit.phar phpunit.phar.asc +composer.phar diff --git a/firebase/php-jwt/Exceptions/BeforeValidException.php b/firebase/php-jwt/Exceptions/BeforeValidException.php deleted file mode 100644 index 5a84975..0000000 --- a/firebase/php-jwt/Exceptions/BeforeValidException.php +++ /dev/null @@ -1,6 +0,0 @@ -<?php - -class BeforeValidException extends UnexpectedValueException -{ - -} diff --git a/firebase/php-jwt/Exceptions/ExpiredException.php b/firebase/php-jwt/Exceptions/ExpiredException.php deleted file mode 100644 index bd80468..0000000 --- a/firebase/php-jwt/Exceptions/ExpiredException.php +++ /dev/null @@ -1,6 +0,0 @@ -<?php - -class ExpiredException extends UnexpectedValueException -{ - -} diff --git a/firebase/php-jwt/Exceptions/SignatureInvalidException.php b/firebase/php-jwt/Exceptions/SignatureInvalidException.php deleted file mode 100644 index d122232..0000000 --- a/firebase/php-jwt/Exceptions/SignatureInvalidException.php +++ /dev/null @@ -1,6 +0,0 @@ -<?php - -class SignatureInvalidException extends UnexpectedValueException -{ - -} diff --git a/firebase/php-jwt/README.md b/firebase/php-jwt/README.md index 00bad2e..7f1b026 100644 --- a/firebase/php-jwt/README.md +++ b/firebase/php-jwt/README.md @@ -1,4 +1,7 @@ [![Build Status](https://travis-ci.org/firebase/php-jwt.png?branch=master)](https://travis-ci.org/firebase/php-jwt) +[![Latest Stable Version](https://poser.pugx.org/firebase/php-jwt/v/stable)](https://packagist.org/packages/firebase/php-jwt) +[![Total Downloads](https://poser.pugx.org/firebase/php-jwt/downloads)](https://packagist.org/packages/firebase/php-jwt) +[![License](https://poser.pugx.org/firebase/php-jwt/license)](https://packagist.org/packages/firebase/php-jwt) PHP-JWT ======= @@ -18,6 +21,7 @@ ------- ```php <?php +use \Firebase\JWT\JWT; $key = "example_key"; $token = array( @@ -61,6 +65,23 @@ Changelog --------- +#### 3.0.0 / 2015-07-22 +- Minimum PHP version updated from `5.2.0` to `5.3.0`. +- Add `\Firebase\JWT` namespace. See +[#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to +[@Dashron](https://github.com/Dashron)! +- Require a non-empty key to decode and verify a JWT. See +[#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to +[@sjones608](https://github.com/sjones608)! +- Cleaner documentation blocks in the code. See +[#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to +[@johanderuijter](https://github.com/johanderuijter)! + +#### 2.2.0 / 2015-06-22 +- Add support for adding custom, optional JWT headers to `JWT::encode()`. See +[#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to +[@mcocaro](https://github.com/mcocaro)! + #### 2.1.0 / 2015-05-20 - Add support for adding a leeway to `JWT:decode()` that accounts for clock skew between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)! diff --git a/firebase/php-jwt/composer.json b/firebase/php-jwt/composer.json index 95560af..1a5e93b 100644 --- a/firebase/php-jwt/composer.json +++ b/firebase/php-jwt/composer.json @@ -16,10 +16,12 @@ ], "license": "BSD-3-Clause", "require": { - "php": ">=5.2.0" + "php": ">=5.3.0" }, "autoload": { - "classmap": ["Authentication/", "Exceptions/"] + "psr-4": { + "Firebase\\JWT\\": "src" + } }, "minimum-stability": "dev" } diff --git a/firebase/php-jwt/composer.lock b/firebase/php-jwt/composer.lock new file mode 100644 index 0000000..5518ae4 --- /dev/null +++ b/firebase/php-jwt/composer.lock @@ -0,0 +1,19 @@ +{ + "_readme": [ + "This file locks the dependencies of your project to a known state", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", + "This file is @generated automatically" + ], + "hash": "60a5df5d283a7ae9000173248eba8909", + "packages": [], + "packages-dev": [], + "aliases": [], + "minimum-stability": "dev", + "stability-flags": [], + "prefer-stable": false, + "prefer-lowest": false, + "platform": { + "php": ">=5.2.0" + }, + "platform-dev": [] +} diff --git a/firebase/php-jwt/package.xml b/firebase/php-jwt/package.xml index b40da26..a95b056 100644 --- a/firebase/php-jwt/package.xml +++ b/firebase/php-jwt/package.xml @@ -19,10 +19,10 @@ <email>operati...@firebase.com</email> <active>yes</active> </lead> - <date>2015-05-20</date> + <date>2015-07-22</date> <version> - <release>2.1.0</release> - <api>2.1.0</api> + <release>3.0.0</release> + <api>3.0.0</api> </version> <stability> <release>beta</release> diff --git a/firebase/php-jwt/src/BeforeValidException.php b/firebase/php-jwt/src/BeforeValidException.php new file mode 100644 index 0000000..a6ee2f7 --- /dev/null +++ b/firebase/php-jwt/src/BeforeValidException.php @@ -0,0 +1,7 @@ +<?php +namespace Firebase\JWT; + +class BeforeValidException extends \UnexpectedValueException +{ + +} diff --git a/firebase/php-jwt/src/ExpiredException.php b/firebase/php-jwt/src/ExpiredException.php new file mode 100644 index 0000000..3597370 --- /dev/null +++ b/firebase/php-jwt/src/ExpiredException.php @@ -0,0 +1,7 @@ +<?php +namespace Firebase\JWT; + +class ExpiredException extends \UnexpectedValueException +{ + +} diff --git a/firebase/php-jwt/Authentication/JWT.php b/firebase/php-jwt/src/JWT.php similarity index 68% rename from firebase/php-jwt/Authentication/JWT.php rename to firebase/php-jwt/src/JWT.php index 7d6665b..b3532df 100644 --- a/firebase/php-jwt/Authentication/JWT.php +++ b/firebase/php-jwt/src/JWT.php @@ -1,5 +1,11 @@ <?php +namespace Firebase\JWT; +use \DomainException; +use \InvalidArgumentException; +use \UnexpectedValueException; +use \DateTime; + /** * JSON Web Token implementation, based on this spec: * http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06 @@ -33,11 +39,13 @@ /** * Decodes a JWT string into a PHP object. * - * @param string $jwt The JWT - * @param string|Array|null $key The secret key, or map of keys - * @param Array $allowed_algs List of supported verification algorithms + * @param string $jwt The JWT + * @param string|array|null $key The key, or map of keys. + * If the algorithm used is asymmetric, this is the public key + * @param array $allowed_algs List of supported verification algorithms + * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' * - * @return object The JWT's payload as a PHP object + * @return object The JWT's payload as a PHP object * * @throws DomainException Algorithm was not provided * @throws UnexpectedValueException Provided JWT was invalid @@ -49,8 +57,11 @@ * @uses jsonDecode * @uses urlsafeB64Decode */ - public static function decode($jwt, $key = null, $allowed_algs = array()) + public static function decode($jwt, $key, $allowed_algs = array()) { + if (empty($key)) { + throw new InvalidArgumentException('Key may not be empty'); + } $tks = explode('.', $jwt); if (count($tks) != 3) { throw new UnexpectedValueException('Wrong number of segments'); @@ -63,50 +74,49 @@ throw new UnexpectedValueException('Invalid claims encoding'); } $sig = JWT::urlsafeB64Decode($cryptob64); - if (isset($key)) { - if (empty($header->alg)) { - throw new DomainException('Empty algorithm'); + + if (empty($header->alg)) { + throw new DomainException('Empty algorithm'); + } + if (empty(self::$supported_algs[$header->alg])) { + throw new DomainException('Algorithm not supported'); + } + if (!is_array($allowed_algs) || !in_array($header->alg, $allowed_algs)) { + throw new DomainException('Algorithm not allowed'); + } + if (is_array($key) || $key instanceof \ArrayAccess) { + if (isset($header->kid)) { + $key = $key[$header->kid]; + } else { + throw new DomainException('"kid" empty, unable to lookup correct key'); } - if (empty(self::$supported_algs[$header->alg])) { - throw new DomainException('Algorithm not supported'); - } - if (!is_array($allowed_algs) || !in_array($header->alg, $allowed_algs)) { - throw new DomainException('Algorithm not allowed'); - } - if (is_array($key) || $key instanceof \ArrayAccess) { - if (isset($header->kid)) { - $key = $key[$header->kid]; - } else { - throw new DomainException('"kid" empty, unable to lookup correct key'); - } - } + } - // Check the signature - if (!JWT::verify("$headb64.$bodyb64", $sig, $key, $header->alg)) { - throw new SignatureInvalidException('Signature verification failed'); - } + // Check the signature + if (!JWT::verify("$headb64.$bodyb64", $sig, $key, $header->alg)) { + throw new SignatureInvalidException('Signature verification failed'); + } - // Check if the nbf if it is defined. This is the time that the - // token can actually be used. If it's not yet that time, abort. - if (isset($payload->nbf) && $payload->nbf > (time() + self::$leeway)) { - throw new BeforeValidException( - 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf) - ); - } + // Check if the nbf if it is defined. This is the time that the + // token can actually be used. If it's not yet that time, abort. + if (isset($payload->nbf) && $payload->nbf > (time() + self::$leeway)) { + throw new BeforeValidException( + 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf) + ); + } - // Check that this token has been created before 'now'. This prevents - // using tokens that have been created for later use (and haven't - // correctly used the nbf claim). - if (isset($payload->iat) && $payload->iat > (time() + self::$leeway)) { - throw new BeforeValidException( - 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->iat) - ); - } + // Check that this token has been created before 'now'. This prevents + // using tokens that have been created for later use (and haven't + // correctly used the nbf claim). + if (isset($payload->iat) && $payload->iat > (time() + self::$leeway)) { + throw new BeforeValidException( + 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->iat) + ); + } - // Check if this token has expired. - if (isset($payload->exp) && (time() - self::$leeway) >= $payload->exp) { - throw new ExpiredException('Expired token'); - } + // Check if this token has expired. + if (isset($payload->exp) && (time() - self::$leeway) >= $payload->exp) { + throw new ExpiredException('Expired token'); } return $payload; @@ -115,20 +125,26 @@ /** * Converts and signs a PHP object or array into a JWT string. * - * @param object|array $payload PHP object or array - * @param string $key The secret key - * @param string $alg The signing algorithm. Supported - * algorithms are 'HS256', 'HS384' and 'HS512' + * @param object|array $payload PHP object or array + * @param string $key The secret key. + * If the algorithm used is asymmetric, this is the private key + * @param string $alg The signing algorithm. + * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' + * @param array $head An array with header elements to attach * - * @return string A signed JWT + * @return string A signed JWT + * * @uses jsonEncode * @uses urlsafeB64Encode */ - public static function encode($payload, $key, $alg = 'HS256', $keyId = null) + public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $head = null) { $header = array('typ' => 'JWT', 'alg' => $alg); if ($keyId !== null) { $header['kid'] = $keyId; + } + if ( isset($head) && is_array($head) ) { + $header = array_merge($head, $header); } $segments = array(); $segments[] = JWT::urlsafeB64Encode(JWT::jsonEncode($header)); @@ -144,12 +160,13 @@ /** * Sign a string with a given key and algorithm. * - * @param string $msg The message to sign - * @param string|resource $key The secret key - * @param string $alg The signing algorithm. Supported algorithms - * are 'HS256', 'HS384', 'HS512' and 'RS256' + * @param string $msg The message to sign + * @param string|resource $key The secret key + * @param string $alg The signing algorithm. + * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' * - * @return string An encrypted message + * @return string An encrypted message + * * @throws DomainException Unsupported algorithm was specified */ public static function sign($msg, $key, $alg = 'HS256') @@ -173,13 +190,16 @@ } /** - * Verify a signature with the mesage, key and method. Not all methods + * Verify a signature with the message, key and method. Not all methods * are symmetric, so we must have a separate verify and sign method. - * @param string $msg the original message - * @param string $signature - * @param string|resource $key for HS*, a string key works. for RS*, must be a resource of an openssl public key - * @param string $alg + * + * @param string $msg The original message (header and body) + * @param string $signature The original signature + * @param string|resource $key For HS*, a string key works. for RS*, must be a resource of an openssl public key + * @param string $alg The algorithm + * * @return bool + * * @throws DomainException Invalid Algorithm or OpenSSL failure */ private static function verify($msg, $signature, $key, $alg) @@ -220,7 +240,8 @@ * * @param string $input JSON string * - * @return object Object representation of JSON string + * @return object Object representation of JSON string + * * @throws DomainException Provided string was invalid JSON */ public static function jsonDecode($input) @@ -254,7 +275,8 @@ * * @param object|array $input A PHP object or array * - * @return string JSON representation of the PHP object or array + * @return string JSON representation of the PHP object or array + * * @throws DomainException Provided object could not be encoded to valid JSON */ public static function jsonEncode($input) @@ -322,6 +344,7 @@ * Get the number of bytes in cryptographic strings. * * @param string + * * @return int */ private static function safeStrlen($str) diff --git a/firebase/php-jwt/src/SignatureInvalidException.php b/firebase/php-jwt/src/SignatureInvalidException.php new file mode 100644 index 0000000..27332b2 --- /dev/null +++ b/firebase/php-jwt/src/SignatureInvalidException.php @@ -0,0 +1,7 @@ +<?php +namespace Firebase\JWT; + +class SignatureInvalidException extends \UnexpectedValueException +{ + +} diff --git a/firebase/php-jwt/tests/JWTTest.php b/firebase/php-jwt/tests/JWTTest.php index 0605e4c..89de8d2 100644 --- a/firebase/php-jwt/tests/JWTTest.php +++ b/firebase/php-jwt/tests/JWTTest.php @@ -1,4 +1,5 @@ <?php +use \Firebase\JWT\JWT; class JWTTest extends PHPUnit_Framework_TestCase { @@ -37,7 +38,7 @@ public function testExpiredToken() { - $this->setExpectedException('ExpiredException'); + $this->setExpectedException('Firebase\JWT\ExpiredException'); $payload = array( "message" => "abc", "exp" => time() - 20); // time in the past @@ -47,7 +48,7 @@ public function testBeforeValidTokenWithNbf() { - $this->setExpectedException('BeforeValidException'); + $this->setExpectedException('Firebase\JWT\BeforeValidException'); $payload = array( "message" => "abc", "nbf" => time() + 20); // time in the future @@ -57,7 +58,7 @@ public function testBeforeValidTokenWithIat() { - $this->setExpectedException('BeforeValidException'); + $this->setExpectedException('Firebase\JWT\BeforeValidException'); $payload = array( "message" => "abc", "iat" => time() + 20); // time in the future @@ -93,7 +94,7 @@ $payload = array( "message" => "abc", "exp" => time() - 70); // time far in the past - $this->setExpectedException('ExpiredException'); + $this->setExpectedException('Firebase\JWT\ExpiredException'); $encoded = JWT::encode($payload, 'my_key'); $decoded = JWT::decode($encoded, 'my_key', array('HS256')); $this->assertEquals($decoded->message, 'abc'); @@ -141,7 +142,7 @@ "message" => "abc", "nbf" => time() + 65); // not before too far in future $encoded = JWT::encode($payload, 'my_key'); - $this->setExpectedException('BeforeValidException'); + $this->setExpectedException('Firebase\JWT\BeforeValidException'); $decoded = JWT::decode($encoded, 'my_key', array('HS256')); JWT::$leeway = 0; } @@ -165,7 +166,7 @@ "message" => "abc", "iat" => time() + 65); // issued too far in future $encoded = JWT::encode($payload, 'my_key'); - $this->setExpectedException('BeforeValidException'); + $this->setExpectedException('Firebase\JWT\BeforeValidException'); $decoded = JWT::decode($encoded, 'my_key', array('HS256')); JWT::$leeway = 0; } @@ -176,8 +177,28 @@ "message" => "abc", "exp" => time() + 20); // time in the future $encoded = JWT::encode($payload, 'my_key'); - $this->setExpectedException('SignatureInvalidException'); + $this->setExpectedException('Firebase\JWT\SignatureInvalidException'); $decoded = JWT::decode($encoded, 'my_key2', array('HS256')); + } + + public function testNullKeyFails() + { + $payload = array( + "message" => "abc", + "exp" => time() + JWT::$leeway + 20); // time in the future + $encoded = JWT::encode($payload, 'my_key'); + $this->setExpectedException('InvalidArgumentException'); + $decoded = JWT::decode($encoded, null, array('HS256')); + } + + public function testEmptyKeyFails() + { + $payload = array( + "message" => "abc", + "exp" => time() + JWT::$leeway + 20); // time in the future + $encoded = JWT::encode($payload, 'my_key'); + $this->setExpectedException('InvalidArgumentException'); + $decoded = JWT::decode($encoded, '', array('HS256')); } public function testRSEncodeDecode() @@ -228,4 +249,16 @@ $this->setExpectedException('DomainException'); JWT::decode($msg, 'my_key'); } + + public function testAdditionalHeaders() + { + $msg = JWT::encode('abc', 'my_key', 'HS256', null, array('cty' => 'test-eit;v=1')); + $this->assertEquals(JWT::decode($msg, 'my_key', array('HS256')), 'abc'); + } + + public function testInvalidSegmentCount() + { + $this->setExpectedException('UnexpectedValueException'); + JWT::decode('brokenheader.brokenbody', 'my_key', array('HS256')); + } } -- To view, visit https://gerrit.wikimedia.org/r/254641 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I0abdddb3716fb585528fd01d9aaf6050b1b8b659 Gerrit-PatchSet: 4 Gerrit-Project: mediawiki/vendor Gerrit-Branch: master Gerrit-Owner: Reedy <re...@wikimedia.org> Gerrit-Reviewer: Legoktm <legoktm.wikipe...@gmail.com> Gerrit-Reviewer: Nikerabbit <niklas.laxst...@gmail.com> Gerrit-Reviewer: Reedy <re...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits