Skip to content
This repository has been archived by the owner on Sep 11, 2024. It is now read-only.

Feature/update php jwt use php8 #246

Open
wants to merge 13 commits into
base: 3.x
Choose a base branch
from
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@
composer.lock
.phplint-cache
coverage.xml
*.cache
3 changes: 3 additions & 0 deletions .vscode/settings.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
"php.version": "7.4"
}
15 changes: 7 additions & 8 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ For example implementation see [Slim API Skeleton](https://github.com/tuupola/sl
Install latest version using [composer](https://getcomposer.org/).

``` bash
$ composer require tuupola/slim-jwt-auth
composer require tuupola/slim-jwt-auth
```

If using Apache add the following to the `.htaccess` file. Otherwise PHP wont have access to `Authorization: Bearer` header.
Expand Down Expand Up @@ -56,8 +56,8 @@ When a request is made, the middleware tries to validate and decode the token. I

Validation errors are triggered when the token has been tampered with or the token has expired. For all possible validation errors, see [JWT library](https://github.com/firebase/php-jwt/blob/master/src/JWT.php#L60-L138) source.


## Optional parameters

### Path

The optional `path` parameter allows you to specify the protected part of your website. It can be either a string or an array. You do not need to specify each URL. Instead think of `path` setting as a folder. In the example below everything starting with `/api` will be authenticated. If you do not define `path` all routes will be protected.
Expand Down Expand Up @@ -195,7 +195,6 @@ $app->add(new Tuupola\Middleware\JwtAuthentication([

After function is called only when authentication succeeds and after the incoming middleware stack has been called. You can use this to alter the response before passing it next outgoing middleware in the stack. If it returns anything else than `Psr\Http\Message\ResponseInterface` the return value will be ignored.


``` php
$app = new Slim\App;

Expand Down Expand Up @@ -257,7 +256,7 @@ RequestPathRule contains both a `path` parameter and a `ignore` parameter. Latte

99% of the cases you do not need to use the `rules` parameter. It is only provided for special cases when defaults do not suffice.

## Security
## Security in Tokens

JSON Web Tokens are essentially passwords. You should treat them as such and you should always use HTTPS. If the middleware detects insecure usage over HTTP it will throw a `RuntimeException`. By default this rule is relaxed for requests to server running on `localhost`. To allow insecure usage you must enable it manually by setting `secure` to `false`.

Expand Down Expand Up @@ -317,12 +316,12 @@ $app->delete("/item/{id}", function ($request, $response, $arguments) {
You can run tests either manually or automatically on every code change. Automatic tests require [entr](http://entrproject.org/) to work.

``` bash
$ make test
make test
```

``` bash
$ brew install entr
$ make watch
brew install entr
make watch
```

## Contributing
Expand All @@ -331,7 +330,7 @@ Please see [CONTRIBUTING](CONTRIBUTING.md) for details.

## Security

If you discover any security related issues, please email [email protected] instead of using the issue tracker.
If you discover any security related issues, please email <[email protected]> instead of using the issue tracker.

## License

Expand Down
41 changes: 28 additions & 13 deletions UPGRADING.md
Original file line number Diff line number Diff line change
@@ -1,20 +1,26 @@
# Updgrading from 2.x to 3.x

## New namespace

For most cases it is enough just to update the classname. Instead of using the old `Slim\Middleware` namespace:

```php
$app->add(new Slim\Middleware\JwtAuthentication([
"secret" => "supersecretkeyyoushouldnotcommittogithub"
]));
$app->add(new Slim\Middleware\JwtAuthentication(
new JwtAuthOptions(
secret: "supersecretkeyyoushouldnotcommittogithub"
)
)
);
```

You should now use `Tuupola\Middleware` instead:

```php
$app->add(new Tuupola\Middleware\JwtAuthentication([
"secret" => "supersecretkeyyoushouldnotcommittogithub"
]));
$app->add(new Tuupola\Middleware\JwtAuthentication(
new JwtAuthOptions(
secret: "supersecretkeyyoushouldnotcommittogithub"
)
);

```

Expand All @@ -34,12 +40,15 @@ $app->add(new Tuupola\Middleware\JwtAuthentication([
You should now do the following instead. Note also that `$response` object is not bassed to `before` anymore. The `before` handler should return ``Psr\Http\Message\ServerRequestInterface`. Anything else will be ignored.

```php
$app->add(new Tuupola\Middleware\JwtAuthentication([
"ignore" => ["/token"],
"before" => function ($request, $arguments) {
$options = new JwtAuthOptions(
secret: "supersecretkeyyoushouldnotcommittogithub",
ignore: ["/token"],
before: => function (ServerRequestInterface $request, array $arguments) {
return $request->withHeader("Foo", "bar");
}
]));
);

$app->add(new Tuupola\Middleware\JwtAuthentication($options));
```

## Changed error handler signature
Expand All @@ -57,11 +66,13 @@ $app->add(new Tuupola\Middleware\JwtAuthentication([
You should now do the following instead.

```php
$app->add(new Tuupola\Middleware\JwtAuthentication([
"error" => function ($response, $arguments) {
$options = new JwtAuthOptions(
error: function (ReponseInterface $response, array $arguments): ResponseInterface {
return $response->witHeader("Foo", "bar");
}
]));
);

$app->add(new Tuupola\Middleware\JwtAuthentication($options);
```

Note that `error` should now return an instance of `Psr\Http\Message\ResponseInterface`. Anything else will be ignored.
Expand Down Expand Up @@ -90,3 +101,7 @@ $app->add(new Tuupola\Middleware\JwtAuthentication([
## Decoded token is now an array

The decoded token attached to the `$request` object is now an array instead of an object. This might require changes to token handling code.

## Algorithm is a string now

Prefer using strings instead of array of strings, for compartibility with firebase/php-jwt.
10 changes: 5 additions & 5 deletions composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@
}
],
"require": {
"php": "^7.4|^8.0",
"psr/log": "^1.0|^2.0|^3.0",
"firebase/php-jwt": "^3.0|^4.0|^5.0",
"psr/http-message": "^1.0|^2.0",
"tuupola/http-factory": "^1.3",
"php": "^8.0",
"psr/log": "^3.0",
"firebase/php-jwt": "^6.0",
"psr/http-message": "^1.0",
"tuupola/http-factory": "^1.4",
"tuupola/callable-handler": "^1.0",
"psr/http-server-middleware": "^1.0"
},
Expand Down
Loading