From b0498ec56535660dc16be6da060c50f2a4f7acb2 Mon Sep 17 00:00:00 2001 From: Andrej Rypo Date: Wed, 19 Apr 2023 16:19:04 +0200 Subject: [PATCH] test improvements + secret test + single element array test --- composer.json | 2 +- src/FirebaseJwtDecoder.php | 6 +++--- tests/FirebaseJwtDecoderTest.phpt | 32 +++++++++++++++++++++++++++++++ tests/NoLibTest.phpt | 12 ++++++++++++ 4 files changed, 48 insertions(+), 4 deletions(-) diff --git a/composer.json b/composer.json index dfff5b8..a1c3155 100644 --- a/composer.json +++ b/composer.json @@ -18,7 +18,7 @@ }, "require-dev": { "ext-json": "*", - "firebase/php-jwt": "^5", + "firebase/php-jwt": "^5.5", "nette/tester": "^2.4.1", "slim/psr7": "^1.2", "slim/slim": "^4.5", diff --git a/src/FirebaseJwtDecoder.php b/src/FirebaseJwtDecoder.php index 401a40a..3f0f915 100644 --- a/src/FirebaseJwtDecoder.php +++ b/src/FirebaseJwtDecoder.php @@ -54,7 +54,7 @@ public function __construct($secret, ?array $algos = null) } if (!is_string($secret) && !class_exists(Key::class)) { - throw new UnexpectedValueException( + throw new InvalidArgumentException( 'Unsupported configuration. To use the `Secret` objects, upgrade peer library `firebase/php-jwt` to version 5.5 or 6 and above.' ); } @@ -68,7 +68,7 @@ public function __construct($secret, ?array $algos = null) } elseif (is_array($secret)) { $this->secret = array_map($key, $secret); } else { - throw new UnexpectedValueException( + throw new InvalidArgumentException( 'Invalid configuration: The secret must ether be a string, a `SecretContract` object or an array of such objects.' ); } @@ -91,7 +91,7 @@ public function __construct($secret, ?array $algos = null) // This is done to mitigate a possible security issue CVE-2021-46743. // For more details, see https://github.com/firebase/php-jwt/issues/351. // - throw new UnexpectedValueException( + throw new InvalidArgumentException( 'Peer library `firebase/php-jwt` has been updated to version v6 or above, which does not work with the current secret+algorithm configuration combination. Refer to the documentation od dakujem/auth-middleware for this version to solve the configuration issue.' ); } diff --git a/tests/FirebaseJwtDecoderTest.phpt b/tests/FirebaseJwtDecoderTest.phpt index 90e51fb..b82d35e 100644 --- a/tests/FirebaseJwtDecoderTest.phpt +++ b/tests/FirebaseJwtDecoderTest.phpt @@ -8,6 +8,8 @@ require_once __DIR__ . '/bootstrap.php'; require_once __DIR__ . '/support/ProxyLogger.php'; use Dakujem\Middleware\FirebaseJwtDecoder; +use Dakujem\Middleware\Secret; +use Dakujem\Middleware\SecretContract; use Dakujem\Middleware\Test\Support\_ProxyLogger; use InvalidArgumentException; use LogicException; @@ -39,6 +41,27 @@ class _FirebaseJwtDecoderTest extends TestCase }'); Assert::equal($expected, (new FirebaseJwtDecoder($this->key))($token)); Assert::equal($expected, (new FirebaseJwtDecoder($this->key, ['HS256']))($token)); + Assert::equal($expected, (new FirebaseJwtDecoder(new Secret($this->key, 'HS256')))($token)); + Assert::equal($expected, (new FirebaseJwtDecoder([new Secret($this->key, 'HS256')]))($token)); + } + + public function testInvalidSecrets() + { + Assert::type(SecretContract::class, new Secret('foo', '')); + Assert::type(SecretContract::class, new Secret('foo', 'foo')); + + Assert::throws( + fn() => new Secret('', 'foo'), + InvalidArgumentException::class + ); + Assert::throws( + fn() => new Secret(null, 'foo'), + InvalidArgumentException::class + ); + Assert::throws( + fn() => new Secret([], 'foo'), + InvalidArgumentException::class + ); } public function testMalformedToken() @@ -94,6 +117,11 @@ class _FirebaseJwtDecoderTest extends TestCase InvalidArgumentException::class ); + Assert::throws( + fn() => new FirebaseJwtDecoder((object)[]), + InvalidArgumentException::class + ); + $token = implode('.', $this->tokenParts()); Assert::throws( fn() => (new FirebaseJwtDecoder('foobar!'))($token), @@ -104,6 +132,10 @@ class _FirebaseJwtDecoderTest extends TestCase public function testInvalidAlgo() { $token = implode('.', $this->tokenParts()); + Assert::throws( + fn() => (new FirebaseJwtDecoder($this->key, []))($token), + InvalidArgumentException::class + ); Assert::throws( fn() => (new FirebaseJwtDecoder($this->key, ['ritpalova']))($token), UnexpectedValueException::class diff --git a/tests/NoLibTest.phpt b/tests/NoLibTest.phpt index 5f63459..8f99fca 100644 --- a/tests/NoLibTest.phpt +++ b/tests/NoLibTest.phpt @@ -7,11 +7,17 @@ namespace Dakujem\Middleware\Test; require_once __DIR__ . '/../vendor/nette/tester/src/bootstrap.php'; require_once __DIR__ . '/../src/Factory/AuthFactory.php'; require_once __DIR__ . '/../src/Factory/AuthWizard.php'; +require_once __DIR__ . '/../src/SecretContract.php'; +require_once __DIR__ . '/../src/Secret.php'; +require_once __DIR__ . '/../src/FirebaseJwtDecoder.php'; require_once __DIR__ . '/../vendor/psr/http-factory/src/ResponseFactoryInterface.php'; require_once __DIR__ . '/../vendor/slim/psr7/src/Factory/ResponseFactory.php'; use Dakujem\Middleware\Factory\AuthFactory; +use Dakujem\Middleware\Factory\AuthWizard; use Dakujem\Middleware\FirebaseJwtDecoder; +use Dakujem\Middleware\Secret; +use InvalidArgumentException; use LogicException; use Tester\Assert; @@ -28,3 +34,9 @@ Assert::throws( LogicException::class, 'Firebase JWT is not installed. Requires firebase/php-jwt package (`composer require firebase/php-jwt:"^5.5"`).' ); + +Assert::throws( + fn() => new FirebaseJwtDecoder(new Secret('whatever', AuthWizard::$defaultAlgo)), + InvalidArgumentException::class, + 'Unsupported configuration. To use the `Secret` objects, upgrade peer library `firebase/php-jwt` to version 5.5 or 6 and above.' +);