Skip to content

Commit

Permalink
Merge pull request #53 from Matth--/fix/parse-token-exposed-exception
Browse files Browse the repository at this point in the history
Do not expose the exception message
  • Loading branch information
Bukashk0zzz authored Jul 29, 2021
2 parents bfb5405 + a4c08f1 commit 6451135
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 1 deletion.
12 changes: 12 additions & 0 deletions Tests/Functional/AuthenticationTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,18 @@ public function testProtectedRouteInDevEnvironment(): void
$this->assertResponseIsSuccessful();
}

/**
* test authentication with invalid jwt token
*/
public function testProtectedRouteWithInvalidJWTToken(): void
{
$client = self::createClient(['environment' => 'prod']);

$client->request('GET', '/protected/route?jwt=invalid');
$this->assertResponseStatusCodeSame(403);
$this->assertEquals('Authentication Failed: Failed to parse token', $client->getResponse()->getContent());
}

/**
* @return string
*/
Expand Down
11 changes: 11 additions & 0 deletions Tests/Security/JWTUserProviderTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
use Doctrine\ORM\EntityRepository;
use PHPUnit\Framework\MockObject\MockObject;
use PHPUnit\Framework\TestCase;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\User\UserInterface;
Expand Down Expand Up @@ -106,6 +107,16 @@ public function jwtTokenProvider(): \Generator
];
}

/**
* test decoded token fails
*/
public function testItFailsToDecodeToken(): void
{
$this->expectException(AuthenticationException::class);
$this->expectExceptionMessage('Failed to parse token');
$this->userProvider->getDecodedToken('invalid_token');
}

/**
* test loadUserByUsername method
*/
Expand Down
2 changes: 1 addition & 1 deletion src/Security/JWTUserProvider.php
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ public function getDecodedToken(string $jwt)

return $decodedToken;
} catch (\Throwable $e) {
throw new AuthenticationException($e->getMessage());
throw new AuthenticationException("Failed to parse token");
}
}

Expand Down

0 comments on commit 6451135

Please sign in to comment.