Skip to content
This repository has been archived by the owner on Sep 11, 2024. It is now read-only.

Commit

Permalink
Manipulating algorithm in hydrator
Browse files Browse the repository at this point in the history
When only one algorithm is passed into the configuration but multiple secrets are provided the algorithm
array then needs to be manipulated into a key value store, using the key from the secrets list and the
algorithm being used for the value.

for example:
```
[
    'secret' => [
        'foo' => 'keepItSecret',
        'bar' => 'tooManySecrets',
    ],
    'algorithm' => [
        'HS256',
    ],
]
```

will become
```
[
    'secret' => [
        'foo' => 'keepItSecret',
        'bar' => 'tooManySecrets',
    ],
    'algorithm' => [
        'foo' => 'HS256',
        'bar' => 'HS256',
    ],
]
```
  • Loading branch information
JimTools committed Dec 17, 2023
1 parent 0d3615c commit 6346d2f
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 69 deletions.
15 changes: 15 additions & 0 deletions src/JwtAuthentication.php
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,11 @@
use Tuupola\Middleware\JwtAuthentication\RequestPathRule;
use Tuupola\Middleware\JwtAuthentication\RuleInterface;

use function array_fill_keys;
use function array_keys;
use function count;
use function is_array;

final class JwtAuthentication implements MiddlewareInterface
{
use DoublePassTrait;
Expand Down Expand Up @@ -332,6 +337,16 @@ private function decodeToken(string $token): array
*/
private function hydrate(array $data = []): void
{
$data['algorithm'] = $data['algorithm'] ?? $this->options['algorithm'];
if ((is_array($data['secret']) || $data['secret'] instanceof ArrayAccess)
&& is_array($data['algorithm'])
&& count($data['algorithm']) === 1
&& count($data['secret']) > count($data['algorithm'])

Check failure on line 344 in src/JwtAuthentication.php

View workflow job for this annotation

GitHub Actions / build (ubuntu-latest, 7.4, lowest)

Parameter #1 $var of function count expects array|Countable, array|ArrayAccess given.

Check failure on line 344 in src/JwtAuthentication.php

View workflow job for this annotation

GitHub Actions / build (ubuntu-latest, 7.4, highest)

Parameter #1 $var of function count expects array|Countable, array|ArrayAccess given.

Check failure on line 344 in src/JwtAuthentication.php

View workflow job for this annotation

GitHub Actions / build (ubuntu-latest, 8.2, highest)

Parameter #1 $value of function count expects array|Countable, array|ArrayAccess given.

Check failure on line 344 in src/JwtAuthentication.php

View workflow job for this annotation

GitHub Actions / build (ubuntu-latest, 8.0, lowest)

Parameter #1 $value of function count expects array|Countable, array|ArrayAccess given.

Check failure on line 344 in src/JwtAuthentication.php

View workflow job for this annotation

GitHub Actions / build (ubuntu-latest, 8.1, highest)

Parameter #1 $value of function count expects array|Countable, array|ArrayAccess given.

Check failure on line 344 in src/JwtAuthentication.php

View workflow job for this annotation

GitHub Actions / build (ubuntu-latest, 8.0, highest)

Parameter #1 $value of function count expects array|Countable, array|ArrayAccess given.

Check failure on line 344 in src/JwtAuthentication.php

View workflow job for this annotation

GitHub Actions / build (ubuntu-latest, 8.2, lowest)

Parameter #1 $value of function count expects array|Countable, array|ArrayAccess given.
) {
$secretIndex = array_keys((array) $data['secret']);
$data['algorithm'] = array_fill_keys($secretIndex, $data['algorithm'][0]);
}

foreach ($data as $key => $value) {
/* https://github.com/facebook/hhvm/issues/6368 */
$key = str_replace(".", " ", $key);
Expand Down
58 changes: 0 additions & 58 deletions tests/ArrayAccessImpl.php

This file was deleted.

14 changes: 3 additions & 11 deletions tests/JwtAuthenticationTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,8 @@

namespace Tuupola\Middleware;

use ArrayObject;
use Equip\Dispatch\MiddlewareCollection;
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
use PHPUnit\Framework\TestCase;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Message\ResponseInterface;
Expand Down Expand Up @@ -108,7 +107,6 @@ public function testShouldReturn200WithTokenFromHeader(): void
$collection = new MiddlewareCollection([
new JwtAuthentication([
"secret" => "supersecretkeyyoushouldnotcommittogithub",
"algorithm" => ['HS256'],
"header" => "X-Token"
])
]);
Expand All @@ -134,7 +132,6 @@ public function testShouldReturn200WithTokenFromHeaderWithCustomRegexp(): void
$collection = new MiddlewareCollection([
new JwtAuthentication([
"secret" => "supersecretkeyyoushouldnotcommittogithub",
"algorithm" => ['HS256'],
"header" => "X-Token",
"regexp" => "/(.*)/"
])
Expand All @@ -161,7 +158,6 @@ public function testShouldReturn200WithTokenFromCookie(): void
$collection = new MiddlewareCollection([
new JwtAuthentication([
"secret" => "supersecretkeyyoushouldnotcommittogithub",
"algorithm" => ['HS256'],
"cookie" => "nekot",
])
]);
Expand All @@ -187,7 +183,6 @@ public function testShouldReturn200WithTokenFromBearerCookie(): void
$collection = new MiddlewareCollection([
new JwtAuthentication([
"secret" => "supersecretkeyyoushouldnotcommittogithub",
"algorithm" => ['HS256'],
"cookie" => "nekot",
])
]);
Expand Down Expand Up @@ -217,7 +212,6 @@ public function testShouldReturn200WithSecretArray(): void
"acme" =>"supersecretkeyyoushouldnotcommittogithub",
"beta" =>"anothersecretkeyfornevertocommittogithub"
],
"algorithm" => ['acme' => 'HS256', 'beta' => 'HS256'],
])
]);

Expand Down Expand Up @@ -264,14 +258,13 @@ public function testShouldReturn200WithSecretArrayAccess(): void
return $response;
};

$secret = new ArrayAccessImpl();
$secret = new ArrayObject();
$secret["acme"] = "supersecretkeyyoushouldnotcommittogithub";
$secret["beta"] ="anothersecretkeyfornevertocommittogithub";

$collection = new MiddlewareCollection([
new JwtAuthentication([
"secret" => $secret,
"algorithm" => ['acme' => 'HS256', 'beta' => 'HS256'],
])
]);

Expand All @@ -292,14 +285,13 @@ public function testShouldReturn401WithSecretArrayAccess(): void
return $response;
};

$secret = new ArrayAccessImpl();
$secret = new ArrayObject();
$secret["xxxx"] = "supersecretkeyyoushouldnotcommittogithub";
$secret["yyyy"] = "anothersecretkeyfornevertocommittogithub";

$collection = new MiddlewareCollection([
new JwtAuthentication([
"secret" => $secret,
"algorithm" => ['xxxx' => 'HS256', 'yyyy' => 'HS256',],
])
]);

Expand Down

0 comments on commit 6346d2f

Please sign in to comment.