diff --git a/tests/Validator/JwtValidatorTest.php b/tests/Validator/JwtValidatorTest.php index 50a5601..9def9c7 100644 --- a/tests/Validator/JwtValidatorTest.php +++ b/tests/Validator/JwtValidatorTest.php @@ -50,7 +50,48 @@ class JwtValidatorTest extends \PhpUnit\Framework\TestCase $this->assertTrue($valid); } } - // public function testPinningAudience() + + /** + * @dataProvider tokenGenerator + */ + public function testPinningAudience($issuer,$audience,$key,$token) + { + $goodAudience = [ "a-dom.tld", "app.a-dom.tld" ]; + $jwtKey = new JwtPlaintextKey($key); + $jwtToken = new JwtToken($jwtKey, $token); + + $validator = new JwtValidator(); + $validator->requireAudience($goodAudience); + if (!in_array($audience, $goodAudience)) { + $this->expectException(JwtTokenException::class); + } + $valid = $validator->validateToken($jwtToken); + if (in_array($audience, $goodAudience)) { + $this->assertTrue($valid); + } + } + + /** + * @dataProvider tokenGenerator + */ + public function testPinningBoth($issuer,$audience,$key,$token) + { + $goodIssuer = "a-dom.tld"; + $goodAudience = [ "a-dom.tld", "app.a-dom.tld" ]; + $jwtKey = new JwtPlaintextKey($key); + $jwtToken = new JwtToken($jwtKey, $token); + + $validator = new JwtValidator(); + $validator->requireIssuer($goodIssuer); + $validator->requireAudience($goodAudience); + if (($goodIssuer != $issuer) || (!in_array($audience, $goodAudience))) { + $this->expectException(JwtTokenException::class); + } + $valid = $validator->validateToken($jwtToken); + if (($goodIssuer == $issuer) && (in_array($audience, $goodAudience))) { + $this->assertTrue($valid); + } + } public function tokenGenerator() { @@ -79,6 +120,9 @@ class JwtValidatorTest extends \PhpUnit\Framework\TestCase $row("a-dom.tld", "a-dom.tld", []), $row("b-dom.tld", "a-dom.tld", []), $row("b-dom.tld", "b-dom.tld", []), + $row("a-dom.tld", "app.a-dom.tld", []), + $row("a-dom.tld", "app.b-dom.tld", []), + $row("", "app.b-dom.tld", []), ]; }