diff options
| -rw-r--r-- | Exceptions/BeforeValidException.php | 6 | ||||
| -rw-r--r-- | Exceptions/ExpiredException.php | 6 | ||||
| -rw-r--r-- | Exceptions/SignatureInvalidException.php | 6 | ||||
| -rw-r--r-- | README.md | 1 | ||||
| -rw-r--r-- | composer.json | 6 | ||||
| -rw-r--r-- | src/BeforeValidException.php | 7 | ||||
| -rw-r--r-- | src/ExpiredException.php | 7 | ||||
| -rw-r--r-- | src/JWT.php (renamed from Authentication/JWT.php) | 60 | ||||
| -rw-r--r-- | src/SignatureInvalidException.php | 7 | ||||
| -rw-r--r-- | tests/JWTTest.php | 21 |
10 files changed, 78 insertions, 49 deletions
diff --git a/Exceptions/BeforeValidException.php b/Exceptions/BeforeValidException.php deleted file mode 100644 index 5a84975..0000000 --- a/Exceptions/BeforeValidException.php +++ /dev/null @@ -1,6 +0,0 @@ -<?php - -class BeforeValidException extends UnexpectedValueException -{ - -} diff --git a/Exceptions/ExpiredException.php b/Exceptions/ExpiredException.php deleted file mode 100644 index bd80468..0000000 --- a/Exceptions/ExpiredException.php +++ /dev/null @@ -1,6 +0,0 @@ -<?php - -class ExpiredException extends UnexpectedValueException -{ - -} diff --git a/Exceptions/SignatureInvalidException.php b/Exceptions/SignatureInvalidException.php deleted file mode 100644 index d122232..0000000 --- a/Exceptions/SignatureInvalidException.php +++ /dev/null @@ -1,6 +0,0 @@ -<?php - -class SignatureInvalidException extends UnexpectedValueException -{ - -} @@ -21,6 +21,7 @@ Example ------- ```php <?php +use \Firebase\JWT\JWT; $key = "example_key"; $token = array( diff --git a/composer.json b/composer.json index 95560af..1a5e93b 100644 --- a/composer.json +++ b/composer.json @@ -16,10 +16,12 @@ ], "license": "BSD-3-Clause", "require": { - "php": ">=5.2.0" + "php": ">=5.3.0" }, "autoload": { - "classmap": ["Authentication/", "Exceptions/"] + "psr-4": { + "Firebase\\JWT\\": "src" + } }, "minimum-stability": "dev" } diff --git a/src/BeforeValidException.php b/src/BeforeValidException.php new file mode 100644 index 0000000..a6ee2f7 --- /dev/null +++ b/src/BeforeValidException.php @@ -0,0 +1,7 @@ +<?php +namespace Firebase\JWT; + +class BeforeValidException extends \UnexpectedValueException +{ + +} diff --git a/src/ExpiredException.php b/src/ExpiredException.php new file mode 100644 index 0000000..3597370 --- /dev/null +++ b/src/ExpiredException.php @@ -0,0 +1,7 @@ +<?php +namespace Firebase\JWT; + +class ExpiredException extends \UnexpectedValueException +{ + +} diff --git a/Authentication/JWT.php b/src/JWT.php index becd100..e8426b5 100644 --- a/Authentication/JWT.php +++ b/src/JWT.php @@ -1,5 +1,10 @@ <?php +namespace Firebase\JWT; +use \DomainException; +use \UnexpectedValueException; +use \DateTime; + /** * JSON Web Token implementation, based on this spec: * http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06 @@ -33,11 +38,13 @@ class JWT /** * Decodes a JWT string into a PHP object. * - * @param string $jwt The JWT - * @param string|Array|null $key The secret key, or map of keys - * @param Array $allowed_algs List of supported verification algorithms + * @param string $jwt The JWT + * @param string|array|null $key The key, or map of keys. + * If the algorithm used is asymmetric, this is the public key + * @param array $allowed_algs List of supported verification algorithms + * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' * - * @return object The JWT's payload as a PHP object + * @return object The JWT's payload as a PHP object * * @throws DomainException Algorithm was not provided * @throws UnexpectedValueException Provided JWT was invalid @@ -117,13 +124,15 @@ class JWT /** * Converts and signs a PHP object or array into a JWT string. * - * @param object|array $payload PHP object or array - * @param string $key The secret key - * @param string $alg The signing algorithm. Supported - * algorithms are 'HS256', 'HS384' and 'HS512' - * @param array $head An array with header elements to attach + * @param object|array $payload PHP object or array + * @param string $key The secret key. + * If the algorithm used is asymmetric, this is the private key + * @param string $alg The signing algorithm. + * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' + * @param array $head An array with header elements to attach + * + * @return string A signed JWT * - * @return string A signed JWT * @uses jsonEncode * @uses urlsafeB64Encode */ @@ -150,12 +159,13 @@ class JWT /** * Sign a string with a given key and algorithm. * - * @param string $msg The message to sign - * @param string|resource $key The secret key - * @param string $alg The signing algorithm. Supported algorithms - * are 'HS256', 'HS384', 'HS512' and 'RS256' + * @param string $msg The message to sign + * @param string|resource $key The secret key + * @param string $alg The signing algorithm. + * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' + * + * @return string An encrypted message * - * @return string An encrypted message * @throws DomainException Unsupported algorithm was specified */ public static function sign($msg, $key, $alg = 'HS256') @@ -179,13 +189,16 @@ class JWT } /** - * Verify a signature with the mesage, key and method. Not all methods + * Verify a signature with the message, key and method. Not all methods * are symmetric, so we must have a separate verify and sign method. - * @param string $msg the original message - * @param string $signature - * @param string|resource $key for HS*, a string key works. for RS*, must be a resource of an openssl public key - * @param string $alg + * + * @param string $msg The original message (header and body) + * @param string $signature The original signature + * @param string|resource $key For HS*, a string key works. for RS*, must be a resource of an openssl public key + * @param string $alg The algorithm + * * @return bool + * * @throws DomainException Invalid Algorithm or OpenSSL failure */ private static function verify($msg, $signature, $key, $alg) @@ -226,7 +239,8 @@ class JWT * * @param string $input JSON string * - * @return object Object representation of JSON string + * @return object Object representation of JSON string + * * @throws DomainException Provided string was invalid JSON */ public static function jsonDecode($input) @@ -260,7 +274,8 @@ class JWT * * @param object|array $input A PHP object or array * - * @return string JSON representation of the PHP object or array + * @return string JSON representation of the PHP object or array + * * @throws DomainException Provided object could not be encoded to valid JSON */ public static function jsonEncode($input) @@ -328,6 +343,7 @@ class JWT * Get the number of bytes in cryptographic strings. * * @param string + * * @return int */ private static function safeStrlen($str) diff --git a/src/SignatureInvalidException.php b/src/SignatureInvalidException.php new file mode 100644 index 0000000..27332b2 --- /dev/null +++ b/src/SignatureInvalidException.php @@ -0,0 +1,7 @@ +<?php +namespace Firebase\JWT; + +class SignatureInvalidException extends \UnexpectedValueException +{ + +} diff --git a/tests/JWTTest.php b/tests/JWTTest.php index ab1ae36..89de8d2 100644 --- a/tests/JWTTest.php +++ b/tests/JWTTest.php @@ -1,4 +1,5 @@ <?php +use \Firebase\JWT\JWT; class JWTTest extends PHPUnit_Framework_TestCase { @@ -37,7 +38,7 @@ class JWTTest extends PHPUnit_Framework_TestCase public function testExpiredToken() { - $this->setExpectedException('ExpiredException'); + $this->setExpectedException('Firebase\JWT\ExpiredException'); $payload = array( "message" => "abc", "exp" => time() - 20); // time in the past @@ -47,7 +48,7 @@ class JWTTest extends PHPUnit_Framework_TestCase public function testBeforeValidTokenWithNbf() { - $this->setExpectedException('BeforeValidException'); + $this->setExpectedException('Firebase\JWT\BeforeValidException'); $payload = array( "message" => "abc", "nbf" => time() + 20); // time in the future @@ -57,7 +58,7 @@ class JWTTest extends PHPUnit_Framework_TestCase public function testBeforeValidTokenWithIat() { - $this->setExpectedException('BeforeValidException'); + $this->setExpectedException('Firebase\JWT\BeforeValidException'); $payload = array( "message" => "abc", "iat" => time() + 20); // time in the future @@ -93,7 +94,7 @@ class JWTTest extends PHPUnit_Framework_TestCase $payload = array( "message" => "abc", "exp" => time() - 70); // time far in the past - $this->setExpectedException('ExpiredException'); + $this->setExpectedException('Firebase\JWT\ExpiredException'); $encoded = JWT::encode($payload, 'my_key'); $decoded = JWT::decode($encoded, 'my_key', array('HS256')); $this->assertEquals($decoded->message, 'abc'); @@ -141,7 +142,7 @@ class JWTTest extends PHPUnit_Framework_TestCase "message" => "abc", "nbf" => time() + 65); // not before too far in future $encoded = JWT::encode($payload, 'my_key'); - $this->setExpectedException('BeforeValidException'); + $this->setExpectedException('Firebase\JWT\BeforeValidException'); $decoded = JWT::decode($encoded, 'my_key', array('HS256')); JWT::$leeway = 0; } @@ -165,7 +166,7 @@ class JWTTest extends PHPUnit_Framework_TestCase "message" => "abc", "iat" => time() + 65); // issued too far in future $encoded = JWT::encode($payload, 'my_key'); - $this->setExpectedException('BeforeValidException'); + $this->setExpectedException('Firebase\JWT\BeforeValidException'); $decoded = JWT::decode($encoded, 'my_key', array('HS256')); JWT::$leeway = 0; } @@ -176,7 +177,7 @@ class JWTTest extends PHPUnit_Framework_TestCase "message" => "abc", "exp" => time() + 20); // time in the future $encoded = JWT::encode($payload, 'my_key'); - $this->setExpectedException('SignatureInvalidException'); + $this->setExpectedException('Firebase\JWT\SignatureInvalidException'); $decoded = JWT::decode($encoded, 'my_key2', array('HS256')); } @@ -254,4 +255,10 @@ class JWTTest extends PHPUnit_Framework_TestCase $msg = JWT::encode('abc', 'my_key', 'HS256', null, array('cty' => 'test-eit;v=1')); $this->assertEquals(JWT::decode($msg, 'my_key', array('HS256')), 'abc'); } + + public function testInvalidSegmentCount() + { + $this->setExpectedException('UnexpectedValueException'); + JWT::decode('brokenheader.brokenbody', 'my_key', array('HS256')); + } } |