Merge branch 'refs/heads/main' into mfn-l11

# Conflicts: # CHANGELOG.md
PHP-Open-Source-Saver · Feb 27, 2024 · 81c1f08 · 81c1f08
2 parents cff349a + 826aa52
commit 81c1f08
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 1 deletion.
diff --git a/.github/workflows/php-cs-fixer.yml b/.github/workflows/php-cs-fixer.yml
@@ -2,6 +2,8 @@ name: Coding Standards
 
 on:
   push:
+    branches:
+      - '!main'
   workflow_dispatch:
 
 jobs:

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@ You can find and compare releases at the GitHub release page.
 
 ### Added
 - Different TTL configurations for each guard
+- lcobucci/jwt: add array support for `aud` claim
 - Laravel 11 support
 
 ## [2.1.0] 2023-02-17

diff --git a/src/Providers/JWT/Lcobucci.php b/src/Providers/JWT/Lcobucci.php
@@ -202,7 +202,11 @@ protected function addClaim($key, $value)
                 $this->builder->issuedBy($value);
                 break;
             case RegisteredClaims::AUDIENCE:
-                $this->builder->permittedFor($value);
+                if (is_array($value)) {
+                    $this->builder->permittedFor(...$value);
+                } else {
+                    $this->builder->permittedFor($value);
+                }
                 break;
             case RegisteredClaims::SUBJECT:
                 $this->builder->relatedTo($value);

diff --git a/tests/Providers/JWT/LcobucciTest.php b/tests/Providers/JWT/LcobucciTest.php
@@ -231,6 +231,48 @@ public function itShouldCorrectlyInstantiateAnEcdsaSigner()
         $this->assertSame('ES256', $provider->getConfig()->signer()->algorithmId());
     }
 
+    public function testEncodeAudienceClaimString(): void
+    {
+        $payload = [
+            'aud' => 'foo',
+        ];
+
+        $dataSet = new DataSet($payload, 'payload');
+
+        $this->builder->shouldReceive('permittedFor')->once()->andReturnSelf();  // aud
+        $this->builder
+            ->shouldReceive('getToken')
+            ->once()
+            ->with(\Mockery::type(Signer::class), \Mockery::type(Key::class))
+            ->andReturn(new Token\Plain(new DataSet([], 'header'), $dataSet, new Token\Signature('', 'signature')));
+
+        /** @var Token $token */
+        $token = $this->getProvider('secret', 'HS256')->encode($payload);
+
+        $this->assertSame('header.payload.signature', $token);
+    }
+
+    public function testEncodeAudienceClaimArray(): void
+    {
+        $payload = [
+            'aud' => ['foo', 'bar'],
+        ];
+
+        $dataSet = new DataSet($payload, 'payload');
+
+        $this->builder->shouldReceive('permittedFor')->once()->andReturnSelf();  // aud
+        $this->builder
+            ->shouldReceive('getToken')
+            ->once()
+            ->with(\Mockery::type(Signer::class), \Mockery::type(Key::class))
+            ->andReturn(new Token\Plain(new DataSet([], 'header'), $dataSet, new Token\Signature('', 'signature')));
+
+        /** @var Token $token */
+        $token = $this->getProvider('secret', 'HS256')->encode($payload);
+
+        $this->assertSame('header.payload.signature', $token);
+    }
+
     public function getProvider($secret, $algo, array $keys = [])
     {
         $provider = new Lcobucci($secret, $algo, $keys);
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,6 +2,8 @@ name: Coding Standards @@
     on:
       push:
+        branches:
+          - '!main'
       workflow_dispatch:
     jobs:
@@ Expand Down @@