php-simple-jwt/tests/Validator/JwtValidatorTest.php

164 lines
5.6 KiB
PHP

<?php
namespace NoccyLabs\SimpleJWT\Validator;
use NoccyLabs\SimpleJWT\JWTToken;
use NoccyLabs\SimpleJWT\Key\JWTPlaintextKey;
class JWTValidatorTest extends \PHPUnit\Framework\TestCase
{
/**
* @covers \NoccyLabs\SimpleJWT\Key\JWTPlaintextKey
* @covers \NoccyLabs\SimpleJWT\JWTToken
* @covers \NoccyLabs\SimpleJWT\Validator\JWTValidator
* @covers NoccyLabs\SimpleJWT\Collection\PropertyBag
* @covers NoccyLabs\SimpleJWT\JWTUtil
*/
public function testValidTokensShouldPassWithDefaultConfiguration()
{
$key = new JWTPlaintextKey("key");
$token = new JWTToken($key);
$validator = new JWTValidator();
$valid = $validator->validateToken($token);
$this->assertEquals(true, $valid);
}
/**
* @covers \NoccyLabs\SimpleJWT\Validator\JWTValidator
* @covers \NoccyLabs\SimpleJWT\Key\JWTPlaintextKey
* @covers \NoccyLabs\SimpleJWT\JWTToken
* @covers \NoccyLabs\SimpleJWT\Validator\JWTTokenException
* @covers NoccyLabs\SimpleJWT\Collection\PropertyBag
* @covers NoccyLabs\SimpleJWT\JWTUtil
*/
public function testExpiredTokensShouldFailWithException()
{
$key = new JWTPlaintextKey("key");
$token = new JWTToken($key);
$token->header->set("exp", 0);
$token = new JWTToken($key, $token->getSignedToken());
$validator = new JWTValidator();
$this->expectException(JWTTokenException::class);
$valid = $validator->validateToken($token);
}
/**
* @covers \NoccyLabs\SimpleJWT\Validator\JWTValidator
* @covers \NoccyLabs\SimpleJWT\Key\JWTPlaintextKey
* @covers \NoccyLabs\SimpleJWT\JWTToken
* @covers \NoccyLabs\SimpleJWT\Validator\JWTTokenException
* @covers NoccyLabs\SimpleJWT\Collection\PropertyBag
* @covers NoccyLabs\SimpleJWT\JWTUtil
* @dataProvider tokenGenerator
*/
public function testPinningIssuer($issuer,$audience,$key,$token)
{
$goodIssuer = "a-dom.tld";
$jwtKey = new JWTPlaintextKey($key);
$jwtToken = new JWTToken($jwtKey, $token);
$validator = new JWTValidator();
$validator->requireIssuer($goodIssuer);
if ($goodIssuer != $issuer) {
$this->expectException(JWTTokenException::class);
}
$valid = $validator->validateToken($jwtToken);
if ($goodIssuer == $issuer) {
$this->assertTrue($valid);
}
}
/**
* @covers \NoccyLabs\SimpleJWT\Validator\JWTValidator
* @covers \NoccyLabs\SimpleJWT\Key\JWTPlaintextKey
* @covers \NoccyLabs\SimpleJWT\JWTToken
* @covers \NoccyLabs\SimpleJWT\Validator\JWTTokenException
* @covers NoccyLabs\SimpleJWT\Collection\PropertyBag
* @covers NoccyLabs\SimpleJWT\JWTUtil
* @dataProvider tokenGenerator
*/
public function testPinningAudience($issuer,$audience,$key,$token)
{
$goodAudience = [ "a-dom.tld", "app.a-dom.tld" ];
$jwtKey = new JWTPlaintextKey($key);
$jwtToken = new JWTToken($jwtKey, $token);
$validator = new JWTValidator();
$validator->requireAudience($goodAudience);
if (!in_array($audience, $goodAudience)) {
$this->expectException(JWTTokenException::class);
}
$valid = $validator->validateToken($jwtToken);
if (in_array($audience, $goodAudience)) {
$this->assertTrue($valid);
}
}
/**
* @covers \NoccyLabs\SimpleJWT\Validator\JWTValidator
* @covers \NoccyLabs\SimpleJWT\Key\JWTPlaintextKey
* @covers \NoccyLabs\SimpleJWT\JWTToken
* @covers \NoccyLabs\SimpleJWT\Validator\JWTTokenException
* @covers NoccyLabs\SimpleJWT\Collection\PropertyBag
* @covers NoccyLabs\SimpleJWT\JWTUtil
* @dataProvider tokenGenerator
*/
public function testPinningBoth($issuer,$audience,$key,$token)
{
$goodIssuer = "a-dom.tld";
$goodAudience = [ "a-dom.tld", "app.a-dom.tld" ];
$jwtKey = new JWTPlaintextKey($key);
$jwtToken = new JWTToken($jwtKey, $token);
$validator = new JWTValidator();
$validator->requireIssuer($goodIssuer);
$validator->requireAudience($goodAudience);
if (($goodIssuer != $issuer) || (!in_array($audience, $goodAudience))) {
$this->expectException(JWTTokenException::class);
}
$valid = $validator->validateToken($jwtToken);
if (($goodIssuer == $issuer) && (in_array($audience, $goodAudience))) {
$this->assertTrue($valid);
}
}
public static function tokenGenerator()
{
$keyrand = function () {
return substr(sha1(microtime(true).rand(0,65535)), 5, 10);
};
$token = function ($head,$claims,$key) {
$jwtKey = new JWTPlaintextKey($key);
$tok = new JWTToken($jwtKey);
$tok->header->setAll($head);
$tok->claims->setAll($claims);
return $tok->getSignedToken();
};
$row = function ($iss, $aud, array $claims) use ($keyrand, $token) {
$key = $keyrand();
$jwtKey = new JWTPlaintextKey($key);
return [
$iss,
$aud,
$key,
$token(['iss'=>$iss, 'aud'=>$aud], $claims, $key),
];
};
return [
$row("a-dom.tld", "a-dom.tld", []),
$row("b-dom.tld", "a-dom.tld", []),
$row("b-dom.tld", "b-dom.tld", []),
$row("a-dom.tld", "app.a-dom.tld", []),
$row("a-dom.tld", "app.b-dom.tld", []),
$row("", "app.b-dom.tld", []),
];
}
}