From 79770226a32682df6b6bffddc1a8f5cb75bce242 Mon Sep 17 00:00:00 2001 From: Markus Podar Date: Wed, 21 Feb 2024 15:36:47 +0100 Subject: [PATCH 1/2] gha: don't run php-cs-fixer on main branch Basically, only run it on feature branches --- .github/workflows/php-cs-fixer.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/php-cs-fixer.yml b/.github/workflows/php-cs-fixer.yml index bebbe39e..67e80afa 100644 --- a/.github/workflows/php-cs-fixer.yml +++ b/.github/workflows/php-cs-fixer.yml @@ -2,6 +2,8 @@ name: Coding Standards on: push: + branches: + - '!main' workflow_dispatch: jobs: From 1a99a167b18432e9fd1682d12109f86410a3477f Mon Sep 17 00:00:00 2001 From: Markus Podar Date: Wed, 21 Feb 2024 17:10:38 +0100 Subject: [PATCH 2/2] lcobucci/jwt: add array support for `aud` claim The underlying library already supports it (accepts multiples string args, see [1]). [1] https://github.com/lcobucci/jwt/blob/4.3.x/src/Builder.php#L20 --- CHANGELOG.md | 1 + src/Providers/JWT/Lcobucci.php | 6 +++- tests/Providers/JWT/LcobucciTest.php | 42 ++++++++++++++++++++++++++++ 3 files changed, 48 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c26add8..eefd8712 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ You can find and compare releases at the GitHub release page. ### Added - Different TTL configurations for each guard +- lcobucci/jwt: add array support for `aud` claim ## [2.0.0] 2022-09-08 - No changes to 2.0.0-RC1 diff --git a/src/Providers/JWT/Lcobucci.php b/src/Providers/JWT/Lcobucci.php index 937c2371..0a5be6e1 100644 --- a/src/Providers/JWT/Lcobucci.php +++ b/src/Providers/JWT/Lcobucci.php @@ -202,7 +202,11 @@ protected function addClaim($key, $value) $this->builder->issuedBy($value); break; case RegisteredClaims::AUDIENCE: - $this->builder->permittedFor($value); + if (is_array($value)) { + $this->builder->permittedFor(...$value); + } else { + $this->builder->permittedFor($value); + } break; case RegisteredClaims::SUBJECT: $this->builder->relatedTo($value); diff --git a/tests/Providers/JWT/LcobucciTest.php b/tests/Providers/JWT/LcobucciTest.php index 6413922f..31b1716e 100644 --- a/tests/Providers/JWT/LcobucciTest.php +++ b/tests/Providers/JWT/LcobucciTest.php @@ -231,6 +231,48 @@ public function itShouldCorrectlyInstantiateAnEcdsaSigner() $this->assertSame('ES256', $provider->getConfig()->signer()->algorithmId()); } + public function testEncodeAudienceClaimString(): void + { + $payload = [ + 'aud' => 'foo', + ]; + + $dataSet = new DataSet($payload, 'payload'); + + $this->builder->shouldReceive('permittedFor')->once()->andReturnSelf(); // aud + $this->builder + ->shouldReceive('getToken') + ->once() + ->with(\Mockery::type(Signer::class), \Mockery::type(Key::class)) + ->andReturn(new Token\Plain(new DataSet([], 'header'), $dataSet, new Token\Signature('', 'signature'))); + + /** @var Token $token */ + $token = $this->getProvider('secret', 'HS256')->encode($payload); + + $this->assertSame('header.payload.signature', $token); + } + + public function testEncodeAudienceClaimArray(): void + { + $payload = [ + 'aud' => ['foo', 'bar'], + ]; + + $dataSet = new DataSet($payload, 'payload'); + + $this->builder->shouldReceive('permittedFor')->once()->andReturnSelf(); // aud + $this->builder + ->shouldReceive('getToken') + ->once() + ->with(\Mockery::type(Signer::class), \Mockery::type(Key::class)) + ->andReturn(new Token\Plain(new DataSet([], 'header'), $dataSet, new Token\Signature('', 'signature'))); + + /** @var Token $token */ + $token = $this->getProvider('secret', 'HS256')->encode($payload); + + $this->assertSame('header.payload.signature', $token); + } + public function getProvider($secret, $algo, array $keys = []) { $provider = new Lcobucci($secret, $algo, $keys);