164 lines
5.6 KiB
PHP
164 lines
5.6 KiB
PHP
<?php
|
|
|
|
namespace NoccyLabs\SimpleJWT\Validator;
|
|
|
|
use NoccyLabs\SimpleJWT\JWTToken;
|
|
use NoccyLabs\SimpleJWT\Key\JWTPlaintextKey;
|
|
|
|
class JWTValidatorTest extends \PHPUnit\Framework\TestCase
|
|
{
|
|
|
|
/**
|
|
* @covers \NoccyLabs\SimpleJWT\Key\JWTPlaintextKey
|
|
* @covers \NoccyLabs\SimpleJWT\JWTToken
|
|
* @covers \NoccyLabs\SimpleJWT\Validator\JWTValidator
|
|
* @covers NoccyLabs\SimpleJWT\Collection\PropertyBag
|
|
* @covers NoccyLabs\SimpleJWT\JWTUtil
|
|
*/
|
|
public function testValidTokensShouldPassWithDefaultConfiguration()
|
|
{
|
|
$key = new JWTPlaintextKey("key");
|
|
$token = new JWTToken($key);
|
|
|
|
$validator = new JWTValidator();
|
|
$valid = $validator->validateToken($token);
|
|
$this->assertEquals(true, $valid);
|
|
}
|
|
|
|
/**
|
|
* @covers \NoccyLabs\SimpleJWT\Validator\JWTValidator
|
|
* @covers \NoccyLabs\SimpleJWT\Key\JWTPlaintextKey
|
|
* @covers \NoccyLabs\SimpleJWT\JWTToken
|
|
* @covers \NoccyLabs\SimpleJWT\Validator\JWTTokenException
|
|
* @covers NoccyLabs\SimpleJWT\Collection\PropertyBag
|
|
* @covers NoccyLabs\SimpleJWT\JWTUtil
|
|
*/
|
|
public function testExpiredTokensShouldFailWithException()
|
|
{
|
|
$key = new JWTPlaintextKey("key");
|
|
$token = new JWTToken($key);
|
|
$token->header->set("exp", 0);
|
|
|
|
$token = new JWTToken($key, $token->getSignedToken());
|
|
|
|
$validator = new JWTValidator();
|
|
$this->expectException(JWTTokenException::class);
|
|
$valid = $validator->validateToken($token);
|
|
}
|
|
|
|
/**
|
|
* @covers \NoccyLabs\SimpleJWT\Validator\JWTValidator
|
|
* @covers \NoccyLabs\SimpleJWT\Key\JWTPlaintextKey
|
|
* @covers \NoccyLabs\SimpleJWT\JWTToken
|
|
* @covers \NoccyLabs\SimpleJWT\Validator\JWTTokenException
|
|
* @covers NoccyLabs\SimpleJWT\Collection\PropertyBag
|
|
* @covers NoccyLabs\SimpleJWT\JWTUtil
|
|
* @dataProvider tokenGenerator
|
|
*/
|
|
public function testPinningIssuer($issuer,$audience,$key,$token)
|
|
{
|
|
$goodIssuer = "a-dom.tld";
|
|
$jwtKey = new JWTPlaintextKey($key);
|
|
$jwtToken = new JWTToken($jwtKey, $token);
|
|
|
|
$validator = new JWTValidator();
|
|
$validator->requireIssuer($goodIssuer);
|
|
if ($goodIssuer != $issuer) {
|
|
$this->expectException(JWTTokenException::class);
|
|
}
|
|
$valid = $validator->validateToken($jwtToken);
|
|
if ($goodIssuer == $issuer) {
|
|
$this->assertTrue($valid);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @covers \NoccyLabs\SimpleJWT\Validator\JWTValidator
|
|
* @covers \NoccyLabs\SimpleJWT\Key\JWTPlaintextKey
|
|
* @covers \NoccyLabs\SimpleJWT\JWTToken
|
|
* @covers \NoccyLabs\SimpleJWT\Validator\JWTTokenException
|
|
* @covers NoccyLabs\SimpleJWT\Collection\PropertyBag
|
|
* @covers NoccyLabs\SimpleJWT\JWTUtil
|
|
* @dataProvider tokenGenerator
|
|
*/
|
|
public function testPinningAudience($issuer,$audience,$key,$token)
|
|
{
|
|
$goodAudience = [ "a-dom.tld", "app.a-dom.tld" ];
|
|
$jwtKey = new JWTPlaintextKey($key);
|
|
$jwtToken = new JWTToken($jwtKey, $token);
|
|
|
|
$validator = new JWTValidator();
|
|
$validator->requireAudience($goodAudience);
|
|
if (!in_array($audience, $goodAudience)) {
|
|
$this->expectException(JWTTokenException::class);
|
|
}
|
|
$valid = $validator->validateToken($jwtToken);
|
|
if (in_array($audience, $goodAudience)) {
|
|
$this->assertTrue($valid);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @covers \NoccyLabs\SimpleJWT\Validator\JWTValidator
|
|
* @covers \NoccyLabs\SimpleJWT\Key\JWTPlaintextKey
|
|
* @covers \NoccyLabs\SimpleJWT\JWTToken
|
|
* @covers \NoccyLabs\SimpleJWT\Validator\JWTTokenException
|
|
* @covers NoccyLabs\SimpleJWT\Collection\PropertyBag
|
|
* @covers NoccyLabs\SimpleJWT\JWTUtil
|
|
* @dataProvider tokenGenerator
|
|
*/
|
|
public function testPinningBoth($issuer,$audience,$key,$token)
|
|
{
|
|
$goodIssuer = "a-dom.tld";
|
|
$goodAudience = [ "a-dom.tld", "app.a-dom.tld" ];
|
|
$jwtKey = new JWTPlaintextKey($key);
|
|
$jwtToken = new JWTToken($jwtKey, $token);
|
|
|
|
$validator = new JWTValidator();
|
|
$validator->requireIssuer($goodIssuer);
|
|
$validator->requireAudience($goodAudience);
|
|
if (($goodIssuer != $issuer) || (!in_array($audience, $goodAudience))) {
|
|
$this->expectException(JWTTokenException::class);
|
|
}
|
|
$valid = $validator->validateToken($jwtToken);
|
|
if (($goodIssuer == $issuer) && (in_array($audience, $goodAudience))) {
|
|
$this->assertTrue($valid);
|
|
}
|
|
}
|
|
|
|
public static function tokenGenerator()
|
|
{
|
|
$keyrand = function () {
|
|
return substr(sha1(microtime(true).rand(0,65535)), 5, 10);
|
|
};
|
|
$token = function ($head,$claims,$key) {
|
|
$jwtKey = new JWTPlaintextKey($key);
|
|
$tok = new JWTToken($jwtKey);
|
|
$tok->header->setAll($head);
|
|
$tok->claims->setAll($claims);
|
|
return $tok->getSignedToken();
|
|
};
|
|
$row = function ($iss, $aud, array $claims) use ($keyrand, $token) {
|
|
$key = $keyrand();
|
|
$jwtKey = new JWTPlaintextKey($key);
|
|
return [
|
|
$iss,
|
|
$aud,
|
|
$key,
|
|
$token(['iss'=>$iss, 'aud'=>$aud], $claims, $key),
|
|
];
|
|
};
|
|
|
|
return [
|
|
$row("a-dom.tld", "a-dom.tld", []),
|
|
$row("b-dom.tld", "a-dom.tld", []),
|
|
$row("b-dom.tld", "b-dom.tld", []),
|
|
$row("a-dom.tld", "app.a-dom.tld", []),
|
|
$row("a-dom.tld", "app.b-dom.tld", []),
|
|
$row("", "app.b-dom.tld", []),
|
|
];
|
|
|
|
}
|
|
|
|
}
|