diff --git a/Tests/Functional/AuthenticationTest.php b/Tests/Functional/AuthenticationTest.php index a301c16..9ee7c5e 100644 --- a/Tests/Functional/AuthenticationTest.php +++ b/Tests/Functional/AuthenticationTest.php @@ -57,6 +57,18 @@ public function testProtectedRouteInDevEnvironment(): void $this->assertResponseIsSuccessful(); } + /** + * test authentication with invalid jwt token + */ + public function testProtectedRouteWithInvalidJWTToken(): void + { + $client = self::createClient(['environment' => 'prod']); + + $client->request('GET', '/protected/route?jwt=invalid'); + $this->assertResponseStatusCodeSame(403); + $this->assertEquals('Authentication Failed: Failed to parse token', $client->getResponse()->getContent()); + } + /** * @return string */ diff --git a/Tests/Security/JWTUserProviderTest.php b/Tests/Security/JWTUserProviderTest.php index 8f05868..fd366db 100644 --- a/Tests/Security/JWTUserProviderTest.php +++ b/Tests/Security/JWTUserProviderTest.php @@ -9,6 +9,7 @@ use Doctrine\ORM\EntityRepository; use PHPUnit\Framework\MockObject\MockObject; use PHPUnit\Framework\TestCase; +use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\UnsupportedUserException; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\Security\Core\User\UserInterface; @@ -106,6 +107,16 @@ public function jwtTokenProvider(): \Generator ]; } + /** + * test decoded token fails + */ + public function testItFailsToDecodeToken(): void + { + $this->expectException(AuthenticationException::class); + $this->expectExceptionMessage('Failed to parse token'); + $this->userProvider->getDecodedToken('invalid_token'); + } + /** * test loadUserByUsername method */ diff --git a/src/Security/JWTUserProvider.php b/src/Security/JWTUserProvider.php index 89e4b92..d90062c 100644 --- a/src/Security/JWTUserProvider.php +++ b/src/Security/JWTUserProvider.php @@ -56,7 +56,7 @@ public function getDecodedToken(string $jwt) return $decodedToken; } catch (\Throwable $e) { - throw new AuthenticationException($e->getMessage()); + throw new AuthenticationException("Failed to parse token"); } }