Issues in Jwt.php (master) - Issues in master - GuilhermeTome/jwt - Measure and Improve Code Quality continuously with Scrutinizer

Issues (3)

src/Jwt.php (3 issues)

Labels

Bug 3

Severity

Major 3

<?php

namespace GuilhermeTome;

/*
 *
 * class Jwt
 * 
 * used to encode and decode jwt
 * pass the secret in global var
 * 
 */

class Jwt
{

    /**
     * The secret to encode and decode the JWT
     * 
     * @var string;
     */
    private static string $secret = JWT_SECRET;


    /**
     * JWT hash to use
     * 
     * @var string
     */
    private static string $hash = JWT_HASH;


    /**
     * JWT alg to put in header
     * 
     * @var string
     */
    private static string $alg = JWT_ALG;


    /**
     * Create a jwt token
     * 
     * @param array $data
     * @return string
     */
    public static function encode(array $data): string
    {

        // Header json
        $header = json_encode(["alg" => self::$alg, "typ" => "JWT"]);

        // Payload json
        $payload = json_encode($data);

        // Convert then to base64
        $header = self::base64url_encode($header);
        $payload = self::base64url_encode($payload);

        // Creating and converting signature with key
        $signature = hash_hmac(self::$hash, $header . "." . $payload, self::$secret, true);
        $signature = self::base64url_encode($signature);

        return $header . "." . $payload . "." . $signature;
    }

    /**
     * Validate a jwt token
     * 
     * @param string $token
     * @return bool|array
     */
    public static function decode(string $token)
    {
        if (!empty($token)) {
            $split = explode('.', $token);
            if (count($split) == 3) {

                $signature = hash_hmac(self::$hash, $split[0] . "." . $split[1], self::$secret, true);
                $bsig = self::base64url_encode($signature);

                if ($bsig == $split[2]) {
                    return json_decode(self::base64url_decode($split[1]));
                }
            }
        }
        return false;
    }

    /**
     * Private function to encode url base64
     *
     * @param string $data
     * @return string
     */
    private static function base64url_encode(string $data): string
    {
        return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
    }

    /**
     * Private function to decode url base64
     *
     * @param string $data
     * @return string
     */
    private static function base64url_decode(string $data): string
    {
        return base64_decode(strtr($data, '-_', '+/') . str_repeat('=', 3 - (3 + strlen($data)) % 4));
    }
}


1			<?php
2
3			namespace GuilhermeTome;
4
5			/*
6			*
7			* class Jwt
8			*
9			* used to encode and decode jwt
10			* pass the secret in global var
11			*
12			*/
13
14			class Jwt
15			{
16
17			/**
18			* The secret to encode and decode the JWT
19			*
20			* @var string;
21			*/
22			private static string $secret = JWT_SECRET;
			0 ignored issues – show Bug introduced 2020-06-20 14:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `GuilhermeTome\JWT_SECRET` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
23
24			/**
25			* JWT hash to use
26			*
27			* @var string
28			*/
29			private static string $hash = JWT_HASH;
			0 ignored issues – show Bug introduced 2020-06-20 14:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `GuilhermeTome\JWT_HASH` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
30
31			/**
32			* JWT alg to put in header
33			*
34			* @var string
35			*/
36			private static string $alg = JWT_ALG;
			0 ignored issues – show Bug introduced 2020-06-20 14:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `GuilhermeTome\JWT_ALG` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
37
38			/**
39			* Create a jwt token
40			*
41			* @param array $data
42			* @return string
43			*/
44			public static function encode(array $data): string
45			{
46
47			// Header json
48			$header = json_encode(["alg" => self::$alg, "typ" => "JWT"]);
49
50			// Payload json
51			$payload = json_encode($data);
52
53			// Convert then to base64
54			$header = self::base64url_encode($header);
55			$payload = self::base64url_encode($payload);
56
57			// Creating and converting signature with key
58			$signature = hash_hmac(self::$hash, $header . "." . $payload, self::$secret, true);
59			$signature = self::base64url_encode($signature);
60
61			return $header . "." . $payload . "." . $signature;
62			}
63
64			/**
65			* Validate a jwt token
66			*
67			* @param string $token
68			* @return bool\|array
69			*/
70			public static function decode(string $token)
71			{
72			if (!empty($token)) {
73			$split = explode('.', $token);
74			if (count($split) == 3) {
75
76			$signature = hash_hmac(self::$hash, $split[0] . "." . $split[1], self::$secret, true);
77			$bsig = self::base64url_encode($signature);
78
79			if ($bsig == $split[2]) {
80			return json_decode(self::base64url_decode($split[1]));
81			}
82			}
83			}
84			return false;
85			}
86
87			/**
88			* Private function to encode url base64
89			*
90			* @param string $data
91			* @return string
92			*/
93			private static function base64url_encode(string $data): string
94			{
95			return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
96			}
97
98			/**
99			* Private function to decode url base64
100			*
101			* @param string $data
102			* @return string
103			*/
104			private static function base64url_decode(string $data): string
105			{
106			return base64_decode(strtr($data, '-_', '+/') . str_repeat('=', 3 - (3 + strlen($data)) % 4));
107			}
108			}
109

GuilhermeTome / jwt

Issues (3)

src/Jwt.php (3 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like