From 03ccad0ebbf4691ea5a6bbb9f1d446049bfa918d Mon Sep 17 00:00:00 2001 From: Tom Date: Thu, 24 Sep 2015 12:00:37 +0100 Subject: [PATCH 1/2] Remove dependency on hard coded application ID --- src/JwtGuard/AppIdProvider.php | 10 ++++++++++ src/JwtGuard/JwtTokenAuthenticator.php | 13 +++++++++---- src/JwtGuard/StaticAppIdProvider.php | 26 ++++++++++++++++++++++++++ test/JwtTokenAuthenticatorTest.php | 15 +++++++++++---- 4 files changed, 56 insertions(+), 8 deletions(-) create mode 100644 src/JwtGuard/AppIdProvider.php create mode 100644 src/JwtGuard/StaticAppIdProvider.php diff --git a/src/JwtGuard/AppIdProvider.php b/src/JwtGuard/AppIdProvider.php new file mode 100644 index 0000000..86db49d --- /dev/null +++ b/src/JwtGuard/AppIdProvider.php @@ -0,0 +1,10 @@ +jwt = $jwt; $this->algorithm = $algorithm; $this->token = new Token; + $this->appIdProvider = $appIdProvider; } /** @@ -73,9 +78,9 @@ private function hasUserId() * Is this token for labs * @return bool */ - private function isLabsToken() + private function isAllowedAppId() { - return $this->getClaimOrNull( self::APP_ID ) === 'labs'; + return in_array( $this->getClaimOrNull( self::APP_ID ), $this->appIdProvider->getAppIds() ); } /** @@ -96,7 +101,7 @@ public function isAuthorised( Request $request ) return false; } - if( $this->isExpired() || !$this->hasUserId() || !$this->isLabsToken() ) { + if( $this->isExpired() || !$this->hasUserId() || !$this->isAllowedAppId() ) { return false; } diff --git a/src/JwtGuard/StaticAppIdProvider.php b/src/JwtGuard/StaticAppIdProvider.php new file mode 100644 index 0000000..1df0701 --- /dev/null +++ b/src/JwtGuard/StaticAppIdProvider.php @@ -0,0 +1,26 @@ +appIds = $appIds; + } + + public function getAppIds() + { + return $this->appIds; + } +} \ No newline at end of file diff --git a/test/JwtTokenAuthenticatorTest.php b/test/JwtTokenAuthenticatorTest.php index 635a11a..d2a87b9 100644 --- a/test/JwtTokenAuthenticatorTest.php +++ b/test/JwtTokenAuthenticatorTest.php @@ -20,6 +20,7 @@ class JwtTokenAuthenticatorTest extends \PHPUnit_Framework_TestCase { const USER_ID = '1'; const GROUP_ID = '1'; + const APP_ID = 'test'; const WITH = 0; @@ -44,6 +45,11 @@ class JwtTokenAuthenticatorTest extends \PHPUnit_Framework_TestCase */ private $auth; + /** + * @var AppIdProvider + */ + private $appIds; + /** * @return string */ @@ -74,7 +80,7 @@ private function getTokenWithout( array $spec ) $mappings = [ self::VALID_USER_ID => new PublicClaim( 'userId', self::USER_ID ), self::VALID_GROUP_ID => new PublicClaim( 'groupId', self::GROUP_ID ), - self::VALID_APP_ID => new PublicClaim( 'appId', 'labs' ), + self::VALID_APP_ID => new PublicClaim( 'appId', self::APP_ID ), self::VALID_EXPIRY_DATE => new PublicClaim('exp', $this->getNonExpiredDate()) ]; @@ -154,8 +160,9 @@ private function authoriseToken( Token $token ) */ public function setUp() { + $this->appIds = new StaticAppIdProvider( [self::APP_ID] ); $this->algorithm = new Hs512( "shhh... it's a secret" ); - $this->auth = new JwtTokenAuthenticator( new Jwt, $this->algorithm ); + $this->auth = new JwtTokenAuthenticator( new Jwt, $this->algorithm, $this->appIds ); $this->token = new Token(); } @@ -164,7 +171,7 @@ public function setUp() */ public function givenNoneAlgorithm_returnFalse() { - $auth = new JwtTokenAuthenticator( $jwt = new Jwt, new None ); + $auth = new JwtTokenAuthenticator( $jwt = new Jwt, new None, $this->appIds ); $this->assertFalse( $auth->isAuthorised( new MockTokenRequest( $jwt->serialize( new Token, EncryptionFactory::create( new None ) ) ) ) ); } @@ -248,7 +255,7 @@ public function givenTokenWithNoAppId_whenVerifyingToken_returnFalse() */ public function givenTokenWithInvalidSignature_whenValidatingToken_returnFalse() { - $this->auth = new JwtTokenAuthenticator( new Jwt, new Hs512( 'Nope' ) ); + $this->auth = new JwtTokenAuthenticator( new Jwt, new Hs512( 'Nope' ), $this->appIds ); $this->assertFalse( $this->authoriseToken( $this->getValidToken() ) ); } From ae9f4a7f80bbac380955f64a54f1f807c0b2117e Mon Sep 17 00:00:00 2001 From: Tom Date: Thu, 24 Sep 2015 12:01:41 +0100 Subject: [PATCH 2/2] fix odd comment --- src/JwtGuard/JwtTokenAuthenticator.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/JwtGuard/JwtTokenAuthenticator.php b/src/JwtGuard/JwtTokenAuthenticator.php index 1c6c787..8a55b2b 100644 --- a/src/JwtGuard/JwtTokenAuthenticator.php +++ b/src/JwtGuard/JwtTokenAuthenticator.php @@ -35,7 +35,7 @@ class JwtTokenAuthenticator implements RequestAuthoriser, IdentityProvider /** * @param Jwt $jwt * @param AlgorithmInterface $algorithm -= */ + */ public function __construct( Jwt $jwt, AlgorithmInterface $algorithm, AppIdProvider $appIdProvider ) { $this->jwt = $jwt;