Skip to content
This repository has been archived by the owner on Sep 11, 2024. It is now read-only.

Commit

Permalink
Updating Docs to be more clear
Browse files Browse the repository at this point in the history
  • Loading branch information
JimTools committed Feb 19, 2024
1 parent 662f965 commit 712c609
Show file tree
Hide file tree
Showing 2 changed files with 82 additions and 11 deletions.
25 changes: 19 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# PSR-7 and PSR-15 JWT Authentication Middleware
> [!IMPORTANT]
> This is a drop in replacement for `tuupola/slim-jwt-auth` with the updated version of `firebase/php-jwt` to resolve
> [CVE-2021-46743](https://nvd.nist.gov/vuln/detail/CVE-2021-46743) for the meantime I plan to maintiane conpatability in v1,
> v2 I plan to deverge
> This is a replacement for `tuupola/slim-jwt-auth` with the updated version of `firebase/php-jwt` to resolve
> [CVE-2021-46743](https://nvd.nist.gov/vuln/detail/CVE-2021-46743) for the meantime I plan to maintiane conpatability in v1 some,
> there is v2 I plan to deverge
This middleware implements JSON Web Token Authentication. It was originally developed for Slim but can be used with any framework using PSR-7 and PSR-15 style middlewares. It has been tested with [Slim Framework](http://www.slimframework.com/) and [Zend Expressive](https://zendframework.github.io/zend-expressive/).

Expand All @@ -19,9 +19,22 @@ Middleware does **not** implement OAuth 2.0 authorization server nor does it pro

For example implementation see [Slim API Skeleton](https://github.com/tuupola/slim-api-skeleton).

## Breaking Channges
Because of the way firebase/php-jwt:v6 now works, the way `secrets` and `algorithm` are pass needs
to change
## Breaking Changes
Because of the way firebase/php-jwt:v6 now works, the way `secrets` and `algorithm` are pass needs to change so the following change will need to be made.

```php
$app = new Slim\App;

$app->add(new Tuupola\Middleware\JwtAuthentication([
"secret" => [
"acme" => "supersecretkeyyoushouldnotcommittogithub",
"beta" => "supersecretkeyyoushouldnotcommittogithub",
"algorithm" => [
"amce" => "HS256",
"beta" => "HS384"
]
]));
```

## Install

Expand Down
68 changes: 63 additions & 5 deletions phpstan-baseline.neon
Original file line number Diff line number Diff line change
@@ -1,24 +1,82 @@
parameters:
ignoreErrors:
-
message: '#^Method .* is unused.$#'
message: "#^Method Tuupola\\\\Middleware\\\\JwtAuthentication\\:\\:after\\(\\) is unused\\.$#"
count: 1
path: src/JwtAuthentication.php

-
message: "#^Offset 'secret' does not exist on array\\{secret\\?\\: array\\<string\\>\\|string, secure\\: bool, relaxed\\: array\\<string\\>, algorithm\\: array\\<string\\>, header\\: string, regexp\\: string, cookie\\: string, attribute\\: string, \\.\\.\\.\\}\\.$#"
message: "#^Method Tuupola\\\\Middleware\\\\JwtAuthentication\\:\\:algorithm\\(\\) is unused\\.$#"
count: 1
path: src/JwtAuthentication.php

-
message: "#^Parameter \\#1 \\$callback of function call_user_func expects callable\\(\\)\\: mixed, array\\{\\$this\\(Tuupola\\\\Middleware\\\\JwtAuthentication\\), string\\} given\\.$#"
message: "#^Method Tuupola\\\\Middleware\\\\JwtAuthentication\\:\\:attribute\\(\\) is unused\\.$#"
count: 1
path: src/JwtAuthentication.php

-
message: "#^Parameter \\#1 \\$value of method SplDoublyLinkedList\\<Tuupola\\\\Middleware\\\\JwtAuthentication\\\\RuleInterface\\>\\:\\:push\\(\\) expects Tuupola\\\\Middleware\\\\JwtAuthentication\\\\RuleInterface, callable\\(\\)\\: mixed given\\.$#"
message: "#^Method Tuupola\\\\Middleware\\\\JwtAuthentication\\:\\:before\\(\\) is unused\\.$#"
count: 1
path: src/JwtAuthentication.php

-
message: "#^Property Tuupola\\\\Middleware\\\\JwtAuthentication\\:\\:\\$message is unused\\.$#"
message: "#^Method Tuupola\\\\Middleware\\\\JwtAuthentication\\:\\:cookie\\(\\) is unused\\.$#"
count: 1
path: src/JwtAuthentication.php

-
message: "#^Method Tuupola\\\\Middleware\\\\JwtAuthentication\\:\\:error\\(\\) is unused\\.$#"
count: 1
path: src/JwtAuthentication.php

-
message: "#^Method Tuupola\\\\Middleware\\\\JwtAuthentication\\:\\:header\\(\\) is unused\\.$#"
count: 1
path: src/JwtAuthentication.php

-
message: "#^Method Tuupola\\\\Middleware\\\\JwtAuthentication\\:\\:ignore\\(\\) is unused\\.$#"
count: 1
path: src/JwtAuthentication.php

-
message: "#^Method Tuupola\\\\Middleware\\\\JwtAuthentication\\:\\:logger\\(\\) is unused\\.$#"
count: 1
path: src/JwtAuthentication.php

-
message: "#^Method Tuupola\\\\Middleware\\\\JwtAuthentication\\:\\:path\\(\\) is unused\\.$#"
count: 1
path: src/JwtAuthentication.php

-
message: "#^Method Tuupola\\\\Middleware\\\\JwtAuthentication\\:\\:regexp\\(\\) is unused\\.$#"
count: 1
path: src/JwtAuthentication.php

-
message: "#^Method Tuupola\\\\Middleware\\\\JwtAuthentication\\:\\:relaxed\\(\\) is unused\\.$#"
count: 1
path: src/JwtAuthentication.php

-
message: "#^Method Tuupola\\\\Middleware\\\\JwtAuthentication\\:\\:rules\\(\\) is unused\\.$#"
count: 1
path: src/JwtAuthentication.php

-
message: "#^Method Tuupola\\\\Middleware\\\\JwtAuthentication\\:\\:secret\\(\\) is unused\\.$#"
count: 1
path: src/JwtAuthentication.php

-
message: "#^Method Tuupola\\\\Middleware\\\\JwtAuthentication\\:\\:secure\\(\\) is unused\\.$#"
count: 1
path: src/JwtAuthentication.php

-
message: "#^Parameter \\#1 \\$value of method SplDoublyLinkedList\\<Tuupola\\\\Middleware\\\\JwtAuthentication\\\\RuleInterface\\>\\:\\:push\\(\\) expects Tuupola\\\\Middleware\\\\JwtAuthentication\\\\RuleInterface, callable\\(\\)\\: mixed given\\.$#"
count: 1
path: src/JwtAuthentication.php

Expand Down

0 comments on commit 712c609

Please sign in to comment.