test improvements

+ secret test
+ single element array test

composer.json

@@ -18,7 +18,7 @@
   },
   "require-dev": {
     "ext-json": "*",
-    "firebase/php-jwt": "^5",
+    "firebase/php-jwt": "^5.5",
     "nette/tester": "^2.4.1",
     "slim/psr7": "^1.2",
     "slim/slim": "^4.5",

src/FirebaseJwtDecoder.php

@@ -54,7 +54,7 @@ public function __construct($secret, ?array $algos = null)
         }
 
         if (!is_string($secret) && !class_exists(Key::class)) {
-            throw new UnexpectedValueException(
+            throw new InvalidArgumentException(
                 'Unsupported configuration. To use the `Secret` objects, upgrade peer library `firebase/php-jwt` to version 5.5 or 6 and above.'
             );
         }
@@ -68,7 +68,7 @@ public function __construct($secret, ?array $algos = null)
             } elseif (is_array($secret)) {
                 $this->secret = array_map($key, $secret);
             } else {
-                throw new UnexpectedValueException(
+                throw new InvalidArgumentException(
                     'Invalid configuration: The secret must ether be a string, a `SecretContract` object or an array of such objects.'
                 );
             }
@@ -91,7 +91,7 @@ public function __construct($secret, ?array $algos = null)
                         // This is done to mitigate a possible security issue CVE-2021-46743.
                         // For more details, see https://github.com/firebase/php-jwt/issues/351.
                         //
-                        throw new UnexpectedValueException(
+                        throw new InvalidArgumentException(
                             'Peer library `firebase/php-jwt` has been updated to version v6 or above, which does not work with the current secret+algorithm configuration combination. Refer to the documentation od dakujem/auth-middleware for this version to solve the configuration issue.'
                         );
                     }

tests/FirebaseJwtDecoderTest.phpt

@@ -8,6 +8,8 @@ require_once __DIR__ . '/bootstrap.php';
 require_once __DIR__ . '/support/ProxyLogger.php';
 
 use Dakujem\Middleware\FirebaseJwtDecoder;
+use Dakujem\Middleware\Secret;
+use Dakujem\Middleware\SecretContract;
 use Dakujem\Middleware\Test\Support\_ProxyLogger;
 use InvalidArgumentException;
 use LogicException;
@@ -39,6 +41,27 @@ class _FirebaseJwtDecoderTest extends TestCase
         }');
         Assert::equal($expected, (new FirebaseJwtDecoder($this->key))($token));
         Assert::equal($expected, (new FirebaseJwtDecoder($this->key, ['HS256']))($token));
+        Assert::equal($expected, (new FirebaseJwtDecoder(new Secret($this->key, 'HS256')))($token));
+        Assert::equal($expected, (new FirebaseJwtDecoder([new Secret($this->key, 'HS256')]))($token));
+    }
+
+    public function testInvalidSecrets()
+    {
+        Assert::type(SecretContract::class, new Secret('foo', ''));
+        Assert::type(SecretContract::class, new Secret('foo', 'foo'));
+
+        Assert::throws(
+            fn() => new Secret('', 'foo'),
+            InvalidArgumentException::class
+        );
+        Assert::throws(
+            fn() => new Secret(null, 'foo'),
+            InvalidArgumentException::class
+        );
+        Assert::throws(
+            fn() => new Secret([], 'foo'),
+            InvalidArgumentException::class
+        );
     }
 
     public function testMalformedToken()
@@ -94,6 +117,11 @@ class _FirebaseJwtDecoderTest extends TestCase
             InvalidArgumentException::class
         );
 
+        Assert::throws(
+            fn() => new FirebaseJwtDecoder((object)[]),
+            InvalidArgumentException::class
+        );
+
         $token = implode('.', $this->tokenParts());
         Assert::throws(
             fn() => (new FirebaseJwtDecoder('foobar!'))($token),
@@ -104,6 +132,10 @@ class _FirebaseJwtDecoderTest extends TestCase
     public function testInvalidAlgo()
     {
         $token = implode('.', $this->tokenParts());
+        Assert::throws(
+            fn() => (new FirebaseJwtDecoder($this->key, []))($token),
+            InvalidArgumentException::class
+        );
         Assert::throws(
             fn() => (new FirebaseJwtDecoder($this->key, ['ritpalova']))($token),
             UnexpectedValueException::class

tests/NoLibTest.phpt

@@ -7,11 +7,17 @@ namespace Dakujem\Middleware\Test;
 require_once __DIR__ . '/../vendor/nette/tester/src/bootstrap.php';
 require_once __DIR__ . '/../src/Factory/AuthFactory.php';
 require_once __DIR__ . '/../src/Factory/AuthWizard.php';
+require_once __DIR__ . '/../src/SecretContract.php';
+require_once __DIR__ . '/../src/Secret.php';
+require_once __DIR__ . '/../src/FirebaseJwtDecoder.php';
 require_once __DIR__ . '/../vendor/psr/http-factory/src/ResponseFactoryInterface.php';
 require_once __DIR__ . '/../vendor/slim/psr7/src/Factory/ResponseFactory.php';
 
 use Dakujem\Middleware\Factory\AuthFactory;
+use Dakujem\Middleware\Factory\AuthWizard;
 use Dakujem\Middleware\FirebaseJwtDecoder;
+use Dakujem\Middleware\Secret;
+use InvalidArgumentException;
 use LogicException;
 use Tester\Assert;
 
@@ -28,3 +34,9 @@ Assert::throws(
     LogicException::class,
     'Firebase JWT is not installed. Requires firebase/php-jwt package (`composer require firebase/php-jwt:"^5.5"`).'
 );
+
+Assert::throws(
+    fn() => new FirebaseJwtDecoder(new Secret('whatever', AuthWizard::$defaultAlgo)),
+    InvalidArgumentException::class,
+    'Unsupported configuration. To use the `Secret` objects, upgrade peer library `firebase/php-jwt` to version 5.5 or 6 and above.'
+);