RobDWaller
Showing 2 of 8 files from the diff.
src/Validate.php
changed.
src/Parse.php
changed.
Other files ignored by Codecov
.github/workflows/ci.yml
is new.
tests/ValidateTest.php
has changed.
tests/ParseTest.php
has changed.
composer.json
has changed.
.travis.yml
was deleted.
readme.md
has changed.
@@ -86,4 +86,16 @@
Loading
| 86 | 86 | { |
|
| 87 | 87 | return hash_equals($signature, $comparison); |
|
| 88 | 88 | } |
|
| 89 | + | ||
| 90 | + | /** |
|
| 91 | + | * Check the alg claim is in the list of valid algorithms. These are the |
|
| 92 | + | * valid digital signatures, MAC algorithms or "none" as |
|
| 93 | + | * defined in RFC 7518. |
|
| 94 | + | */ |
|
| 95 | + | public function algorithm(string $algorithm, array $additional): bool |
|
| 96 | + | { |
|
| 97 | + | $base = ["none", "HS256"]; |
|
| 98 | + | ||
| 99 | + | return in_array($algorithm, array_merge($base, $additional)); |
|
| 100 | + | } |
|
| 89 | 101 | } |
@@ -134,6 +134,22 @@
Loading
| 134 | 134 | return $this; |
|
| 135 | 135 | } |
|
| 136 | 136 | ||
| 137 | + | /** |
|
| 138 | + | * Validate the tokens alg claim is a valid digital signature or MAC |
|
| 139 | + | * algorithm. Value can also be "none". See RFC 7518 for more details. |
|
| 140 | + | */ |
|
| 141 | + | public function validateAlgorithm(): self |
|
| 142 | + | { |
|
| 143 | + | if (!$this->validate->algorithm($this->getAlgorithm(), [])) { |
|
| 144 | + | throw new ValidateException( |
|
| 145 | + | 'Algorithm claim is not valid.', |
|
| 146 | + | 12 |
|
| 147 | + | ); |
|
| 148 | + | } |
|
| 149 | + | ||
| 150 | + | return $this; |
|
| 151 | + | } |
|
| 152 | + | ||
| 137 | 153 | /** |
|
| 138 | 154 | * Generate the Parsed Value Object. This method should be called last |
|
| 139 | 155 | * after the relevant validate methods have been called. |
@@ -258,6 +274,21 @@
Loading
| 258 | 274 | throw new ValidateException('Audience claim is not set.', 11); |
|
| 259 | 275 | } |
|
| 260 | 276 | ||
| 277 | + | /** |
|
| 278 | + | * Retrieve the algorithm claim from the JWT. |
|
| 279 | + | * |
|
| 280 | + | * @return string |
|
| 281 | + | * @throws ValidateException |
|
| 282 | + | */ |
|
| 283 | + | private function getAlgorithm(): string |
|
| 284 | + | { |
|
| 285 | + | if (isset($this->decodeHeader()['alg'])) { |
|
| 286 | + | return $this->decodeHeader()['alg']; |
|
| 287 | + | } |
|
| 288 | + | ||
| 289 | + | throw new ValidateException('Algorithm claim is not set.', 13); |
|
| 290 | + | } |
|
| 291 | + | ||
| 261 | 292 | /** |
|
| 262 | 293 | * Decode the JWT header string to an associative array. |
|
| 263 | 294 | * |
| Files | Complexity | Coverage |
|---|---|---|
| src | 110 | 100.00% |
| Project Totals (9 files) | 110 | 100.00% |
Sunburst
The inner-most circle is the entire project, moving away from the center are folders then, finally, a single file.
The size and color of each slice is representing the number of statements and the coverage, respectively.
Icicle
The top section represents the entire project. Proceeding with folders and finally individual files.
The size and color of each slice is representing the number of statements and the coverage, respectively.
