php-simple-jwt/src/Validator/JWTValidator.php

<?php

namespace NoccyLabs\SimpleJWT\Validator;

use NoccyLabs\SimpleJWT\JWTToken;
use NoccyLabs\SimpleJWT\Key\KeyInterface;

class JWTValidator
{
    private $requireHeaders = [];

    private $requireClaims = [];

    private $requireIssuer = [];

    private $requireAudience = [];

    public function __construct()
    {
        $this->requireHeaders = [
            'alg',
            'typ',
        ];
    }

    public function addRequiredClaim(string $name)
    {
        if (!in_array($name, $this->requireClaims)) {
            return;
        }
        $this->requireClaims[] = $name;
    }

    public function requireIssuer($issuer)
    {
        $this->requireIssuer = (array)$issuer;
    }

    public function requireAudience($audience)
    {
        $this->requireAudience = (array)$audience;
    }

    public function validateToken(JWTToken $token)
    {
        if (!$token->isValid()) {
            throw new JWTTokenException("The token is not valid");
        }

        if (!$token->header->hasAll($this->requireHeaders)) {
            throw new JWTHeaderException("The token is missing one or more required headers");
        }

        if (!$token->claims->hasAll($this->requireClaims)) {
            throw new JWTHeaderException("The token is missing one or more required claims");
        }

        if ($this->requireIssuer) {
            $hasIssuer = $token->header->has("iss");
            if ((!$hasIssuer)
            || (!in_array($token->header->get("iss"), $this->requireIssuer)))
                throw new JWTTokenException("Invalid issuer");
        }

        if ($this->requireAudience) {
            $hasAudience = $token->header->has("aud");
            if ((!$hasAudience)
            || (!in_array($token->header->get("aud"), $this->requireAudience)))
                throw new JWTTokenException("Invalid audience");
        }

        return true;
    }

    public function validate(KeyInterface $key, string $raw)
    {
        $token = new JWTToken($key, $raw);
        if ($this->validateToken($token)) {
            return $token;
        }
    }
}
Initial commit 2021-02-11 12:22:51 +00:00			`<?php`

Fixed capitalization, tests 2023-04-09 00:40:21 +00:00			`namespace NoccyLabs\SimpleJWT\Validator;`
Initial commit 2021-02-11 12:22:51 +00:00
Fixed capitalization, tests 2023-04-09 00:40:21 +00:00			`use NoccyLabs\SimpleJWT\JWTToken;`
			`use NoccyLabs\SimpleJWT\Key\KeyInterface;`
Initial commit 2021-02-11 12:22:51 +00:00
Fixed capitalization, tests 2023-04-09 00:40:21 +00:00			`class JWTValidator`
Initial commit 2021-02-11 12:22:51 +00:00			`{`
			`private $requireHeaders = [];`

			`private $requireClaims = [];`

Added support for validating token issuer and audience * Use requireIssuer() and requireAudience() on the JwtValidator to make sure that the token is for what you expect it to be for. * A setAll() method has been added to property bag, applying but not overriding values. * Added tests for JwtValidator. 2021-02-16 17:25:29 +00:00			`private $requireIssuer = [];`

			`private $requireAudience = [];`

Initial commit 2021-02-11 12:22:51 +00:00			`public function __construct()`
			`{`
			`$this->requireHeaders = [`
			`'alg',`
			`'typ',`
			`];`
			`}`

			`public function addRequiredClaim(string $name)`
			`{`
Fixed claim check in JwtValidator * Removed the addRequiredClaimWithValue() method, as checking the value should be up to the implementation. 2021-02-11 12:32:10 +00:00			`if (!in_array($name, $this->requireClaims)) {`
			`return;`
			`}`
			`$this->requireClaims[] = $name;`
Initial commit 2021-02-11 12:22:51 +00:00			`}`

Added support for validating token issuer and audience * Use requireIssuer() and requireAudience() on the JwtValidator to make sure that the token is for what you expect it to be for. * A setAll() method has been added to property bag, applying but not overriding values. * Added tests for JwtValidator. 2021-02-16 17:25:29 +00:00			`public function requireIssuer($issuer)`
			`{`
			`$this->requireIssuer = (array)$issuer;`
			`}`

			`public function requireAudience($audience)`
			`{`
			`$this->requireAudience = (array)$audience;`
			`}`

Fixed capitalization, tests 2023-04-09 00:40:21 +00:00			`public function validateToken(JWTToken $token)`
Initial commit 2021-02-11 12:22:51 +00:00			`{`
			`if (!$token->isValid()) {`
Fixed capitalization, tests 2023-04-09 00:40:21 +00:00			`throw new JWTTokenException("The token is not valid");`
Initial commit 2021-02-11 12:22:51 +00:00			`}`

			`if (!$token->header->hasAll($this->requireHeaders)) {`
Fixed capitalization, tests 2023-04-09 00:40:21 +00:00			`throw new JWTHeaderException("The token is missing one or more required headers");`
Initial commit 2021-02-11 12:22:51 +00:00			`}`

			`if (!$token->claims->hasAll($this->requireClaims)) {`
Fixed capitalization, tests 2023-04-09 00:40:21 +00:00			`throw new JWTHeaderException("The token is missing one or more required claims");`
Initial commit 2021-02-11 12:22:51 +00:00			`}`

Added support for validating token issuer and audience * Use requireIssuer() and requireAudience() on the JwtValidator to make sure that the token is for what you expect it to be for. * A setAll() method has been added to property bag, applying but not overriding values. * Added tests for JwtValidator. 2021-02-16 17:25:29 +00:00			`if ($this->requireIssuer) {`
			`$hasIssuer = $token->header->has("iss");`
			`if ((!$hasIssuer)`
			`\|\| (!in_array($token->header->get("iss"), $this->requireIssuer)))`
Fixed capitalization, tests 2023-04-09 00:40:21 +00:00			`throw new JWTTokenException("Invalid issuer");`
Added support for validating token issuer and audience * Use requireIssuer() and requireAudience() on the JwtValidator to make sure that the token is for what you expect it to be for. * A setAll() method has been added to property bag, applying but not overriding values. * Added tests for JwtValidator. 2021-02-16 17:25:29 +00:00			`}`

			`if ($this->requireAudience) {`
			`$hasAudience = $token->header->has("aud");`
			`if ((!$hasAudience)`
			`\|\| (!in_array($token->header->get("aud"), $this->requireAudience)))`
Fixed capitalization, tests 2023-04-09 00:40:21 +00:00			`throw new JWTTokenException("Invalid audience");`
Added support for validating token issuer and audience * Use requireIssuer() and requireAudience() on the JwtValidator to make sure that the token is for what you expect it to be for. * A setAll() method has been added to property bag, applying but not overriding values. * Added tests for JwtValidator. 2021-02-16 17:25:29 +00:00			`}`

Initial commit 2021-02-11 12:22:51 +00:00			`return true;`
			`}`

			`public function validate(KeyInterface $key, string $raw)`
			`{`
Fixed capitalization, tests 2023-04-09 00:40:21 +00:00			`$token = new JWTToken($key, $raw);`
Initial commit 2021-02-11 12:22:51 +00:00			`if ($this->validateToken($token)) {`
			`return $token;`
			`}`
			`}`
			`}`