RobDWaller / ReallySimpleJWT
Showing 2 of 4 files from the diff.

@@ -110,6 +110,23 @@
Loading
110 110
        return $this;
111 111
    }
112 112
113 +
    /**
114 +
     * Validate the token's alg claim is not none.
115 +
     *
116 +
     * @throws ValidateException
117 +
     */
118 +
    public function algorithmNotNone(): Validate
119 +
    {
120 +
        if ($this->validate->algorithm(strtolower($this->parse->getAlgorithm()), ['none'])) {
121 +
            throw new ValidateException(
122 +
                'Algorithm claim should not be none.',
123 +
                14
124 +
            );
125 +
        }
126 +
127 +
        return $this;
128 +
    }
129 +
113 130
    /**
114 131
     * Validate the JWT's signature. The signature taken from the JWT should
115 132
     * match a new one generated from the JWT header and payload, and secret.

@@ -134,8 +134,9 @@
Loading
134 134
        $validate = $this->validator($token, $secret);
135 135
136 136
        try {
137 -
            $validate->structure();
138 -
            $validate->signature();
137 +
            $validate->structure()
138 +
                ->algorithmNotNone()
139 +
                ->signature();
139 140
            return true;
140 141
        } catch (ValidateException $e) {
141 142
            return false;
Files Complexity Coverage
src 127 100.00%
Project Totals (13 files) 127 100.00%
Sunburst
The inner-most circle is the entire project, moving away from the center are folders then, finally, a single file. The size and color of each slice is representing the number of statements and the coverage, respectively.
Icicle
The top section represents the entire project. Proceeding with folders and finally individual files. The size and color of each slice is representing the number of statements and the coverage, respectively.
Grid
Each block represents a single file in the project. The size and color of each block is represented by the number of statements and the coverage, respectively.
Loading