From 6b1d3178cf521f9a7c52d4bb2bb6fbedf6990cc5 Mon Sep 17 00:00:00 2001
From: Christopher Vagnetoft <cvagnetoft@gmail.com>
Date: Wed, 17 Feb 2021 22:22:15 +0100
Subject: [PATCH] More tests for JwtValidator

---
 tests/Validator/JwtValidatorTest.php | 46 +++++++++++++++++++++++++++-
 1 file changed, 45 insertions(+), 1 deletion(-)

diff --git a/tests/Validator/JwtValidatorTest.php b/tests/Validator/JwtValidatorTest.php
index 50a5601..9def9c7 100644
--- a/tests/Validator/JwtValidatorTest.php
+++ b/tests/Validator/JwtValidatorTest.php
@@ -50,7 +50,48 @@ class JwtValidatorTest extends \PhpUnit\Framework\TestCase
             $this->assertTrue($valid);
         }
     }
-    // public function testPinningAudience()
+
+    /**
+     * @dataProvider tokenGenerator
+     */
+    public function testPinningAudience($issuer,$audience,$key,$token)
+    {
+        $goodAudience = [ "a-dom.tld", "app.a-dom.tld" ];
+        $jwtKey = new JwtPlaintextKey($key);
+        $jwtToken = new JwtToken($jwtKey, $token);
+
+        $validator = new JwtValidator();
+        $validator->requireAudience($goodAudience);
+        if (!in_array($audience, $goodAudience)) {
+            $this->expectException(JwtTokenException::class);
+        }
+        $valid = $validator->validateToken($jwtToken);
+        if (in_array($audience, $goodAudience)) {
+            $this->assertTrue($valid);
+        }
+    }
+
+    /**
+     * @dataProvider tokenGenerator
+     */
+    public function testPinningBoth($issuer,$audience,$key,$token)
+    {
+        $goodIssuer = "a-dom.tld";
+        $goodAudience = [ "a-dom.tld", "app.a-dom.tld" ];
+        $jwtKey = new JwtPlaintextKey($key);
+        $jwtToken = new JwtToken($jwtKey, $token);
+
+        $validator = new JwtValidator();
+        $validator->requireIssuer($goodIssuer);
+        $validator->requireAudience($goodAudience);
+        if (($goodIssuer != $issuer) || (!in_array($audience, $goodAudience))) {
+            $this->expectException(JwtTokenException::class);
+        }
+        $valid = $validator->validateToken($jwtToken);
+        if (($goodIssuer == $issuer) && (in_array($audience, $goodAudience))) {
+            $this->assertTrue($valid);
+        }
+    }
 
     public function tokenGenerator()
     {
@@ -79,6 +120,9 @@ class JwtValidatorTest extends \PhpUnit\Framework\TestCase
             $row("a-dom.tld", "a-dom.tld", []),
             $row("b-dom.tld", "a-dom.tld", []),
             $row("b-dom.tld", "b-dom.tld", []),
+            $row("a-dom.tld", "app.a-dom.tld", []),
+            $row("a-dom.tld", "app.b-dom.tld", []),
+            $row("", "app.b-dom.tld", []),
         ];
 
     }