Added support for validating token issuer and audience
* Use requireIssuer() and requireAudience() on the JwtValidator to make sure that the token is for what you expect it to be for. * A setAll() method has been added to property bag, applying but not overriding values. * Added tests for JwtValidator.
This commit is contained in:
@ -8,7 +8,7 @@ use NoccyLabs\SimpleJwt\Key\JwtPlaintextKey;
|
||||
class JwtValidatorTest extends \PhpUnit\Framework\TestCase
|
||||
{
|
||||
|
||||
public function testValidKeysShouldPassWithDefaultConfiguration()
|
||||
public function testValidTokensShouldPassWithDefaultConfiguration()
|
||||
{
|
||||
$key = new JwtPlaintextKey("key");
|
||||
$token = new JwtToken($key);
|
||||
@ -18,7 +18,7 @@ class JwtValidatorTest extends \PhpUnit\Framework\TestCase
|
||||
$this->assertEquals(true, $valid);
|
||||
}
|
||||
|
||||
public function testExpiredKeysShouldFailWithException()
|
||||
public function testExpiredTokensShouldFailWithException()
|
||||
{
|
||||
$key = new JwtPlaintextKey("key");
|
||||
$token = new JwtToken($key);
|
||||
@ -31,4 +31,56 @@ class JwtValidatorTest extends \PhpUnit\Framework\TestCase
|
||||
$valid = $validator->validateToken($token);
|
||||
}
|
||||
|
||||
}
|
||||
/**
|
||||
* @dataProvider tokenGenerator
|
||||
*/
|
||||
public function testPinningIssuer($issuer,$audience,$key,$token)
|
||||
{
|
||||
$goodIssuer = "a-dom.tld";
|
||||
$jwtKey = new JwtPlaintextKey($key);
|
||||
$jwtToken = new JwtToken($jwtKey, $token);
|
||||
|
||||
$validator = new JwtValidator();
|
||||
$validator->requireIssuer($goodIssuer);
|
||||
if ($goodIssuer != $issuer) {
|
||||
$this->expectException(JwtTokenException::class);
|
||||
}
|
||||
$valid = $validator->validateToken($jwtToken);
|
||||
if ($goodIssuer == $issuer) {
|
||||
$this->assertTrue($valid);
|
||||
}
|
||||
}
|
||||
// public function testPinningAudience()
|
||||
|
||||
public function tokenGenerator()
|
||||
{
|
||||
$keyrand = function () {
|
||||
return substr(sha1(microtime(true).rand(0,65535)), 5, 10);
|
||||
};
|
||||
$token = function ($head,$claims,$key) {
|
||||
$jwtKey = new JwtPlaintextKey($key);
|
||||
$tok = new JwtToken($jwtKey);
|
||||
$tok->header->setAll($head);
|
||||
$tok->claims->setAll($claims);
|
||||
return $tok->getSignedToken();
|
||||
};
|
||||
$row = function ($iss, $aud, array $claims) use ($keyrand, $token) {
|
||||
$key = $keyrand();
|
||||
$jwtKey = new JwtPlaintextKey($key);
|
||||
return [
|
||||
$iss,
|
||||
$aud,
|
||||
$key,
|
||||
$token(['iss'=>$iss, 'aud'=>$aud], $claims, $key),
|
||||
];
|
||||
};
|
||||
|
||||
return [
|
||||
$row("a-dom.tld", "a-dom.tld", []),
|
||||
$row("b-dom.tld", "a-dom.tld", []),
|
||||
$row("b-dom.tld", "b-dom.tld", []),
|
||||
];
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user