1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
use ByJG\Util\JwtWrapper; |
4
|
|
|
use PHPUnit\Framework\TestCase; |
5
|
|
|
|
6
|
|
|
class JwtWrapperHashTest extends TestCase |
7
|
|
|
{ |
8
|
|
|
|
9
|
|
|
/** |
10
|
|
|
* @var JwtWrapper |
11
|
|
|
*/ |
12
|
|
|
protected $object; |
13
|
|
|
|
14
|
|
|
protected $dataToToken = ["name" => "John", "id"=>"1"]; |
15
|
|
|
protected $server = "example.com"; |
16
|
|
|
|
17
|
|
|
/** |
18
|
|
|
* @var \ByJG\Util\JwtKeyInterface |
19
|
|
|
*/ |
20
|
|
|
protected $jwtKey; |
21
|
|
|
|
22
|
|
|
protected function setUp() |
23
|
|
|
{ |
24
|
|
|
$this->jwtKey = \ByJG\Util\JwtKeySecret::getInstance("secrect_key_for_test", false); |
25
|
|
|
|
26
|
|
|
unset($_SERVER["HTTP_AUTHORIZATION"]); |
27
|
|
|
$this->object = new JwtWrapper($this->server, $this->jwtKey); |
28
|
|
|
} |
29
|
|
|
|
30
|
|
|
protected function tearDown() |
31
|
|
|
{ |
32
|
|
|
$this->object = null; |
33
|
|
|
unset($_SERVER["HTTP_AUTHORIZATION"]); |
34
|
|
|
} |
35
|
|
|
|
36
|
|
|
|
37
|
|
View Code Duplication |
public function testSuccessfulFlow1() |
|
|
|
|
38
|
|
|
{ |
39
|
|
|
$jwt = $this->object->createJwtData($this->dataToToken); |
40
|
|
|
|
41
|
|
|
$this->assertEquals([ |
42
|
|
|
'iat' => $jwt["iat"], // Not deterministic for the test |
43
|
|
|
'jti' => $jwt["jti"], // Not deterministic for the test |
44
|
|
|
'iss' => "example.com", |
45
|
|
|
'nbf' => $jwt["iat"], |
46
|
|
|
'exp' => $jwt["iat"] + 60, |
47
|
|
|
'data' => $this->dataToToken |
48
|
|
|
], $jwt); |
49
|
|
|
|
50
|
|
|
$token = $this->object->generateToken($jwt); |
51
|
|
|
|
52
|
|
|
$data = $this->object->extractData($token); |
53
|
|
|
|
54
|
|
|
$expectedData = new stdClass(); |
55
|
|
|
$expectedData->iat = $jwt["iat"]; // Not deterministic for the test |
56
|
|
|
$expectedData->jti = $jwt["jti"]; // Not deterministic for the test |
57
|
|
|
$expectedData->iss = "example.com"; |
58
|
|
|
$expectedData->nbf = $jwt["iat"]; |
59
|
|
|
$expectedData->exp = $jwt["iat"] + 60; |
60
|
|
|
$expectedData->data = (object)$this->dataToToken; |
61
|
|
|
|
62
|
|
|
$this->assertEquals( |
63
|
|
|
$expectedData, |
64
|
|
|
$data |
65
|
|
|
); |
66
|
|
|
|
67
|
|
|
} |
68
|
|
|
|
69
|
|
View Code Duplication |
public function testSuccessfulFlow2() |
|
|
|
|
70
|
|
|
{ |
71
|
|
|
$jwt = $this->object->createJwtData($this->dataToToken); |
72
|
|
|
|
73
|
|
|
$this->assertEquals([ |
74
|
|
|
'iat' => $jwt["iat"], // Not deterministic for the test |
75
|
|
|
'jti' => $jwt["jti"], // Not deterministic for the test |
76
|
|
|
'iss' => "example.com", |
77
|
|
|
'nbf' => $jwt["iat"], |
78
|
|
|
'exp' => $jwt["iat"] + 60, |
79
|
|
|
'data' => $this->dataToToken |
80
|
|
|
], $jwt); |
81
|
|
|
|
82
|
|
|
$token = $this->object->generateToken($jwt); |
83
|
|
|
|
84
|
|
|
$_SERVER["HTTP_AUTHORIZATION"] = "Bearer $token"; |
85
|
|
|
|
86
|
|
|
$data = $this->object->extractData(); |
87
|
|
|
|
88
|
|
|
$expectedData = new stdClass(); |
89
|
|
|
$expectedData->iat = $jwt["iat"]; // Not deterministic for the test |
90
|
|
|
$expectedData->jti = $jwt["jti"]; // Not deterministic for the test |
91
|
|
|
$expectedData->iss = "example.com"; |
92
|
|
|
$expectedData->nbf = $jwt["iat"]; |
93
|
|
|
$expectedData->exp = $jwt["iat"] + 60; |
94
|
|
|
$expectedData->data = (object)$this->dataToToken; |
95
|
|
|
|
96
|
|
|
$this->assertEquals( |
97
|
|
|
$expectedData, |
98
|
|
|
$data |
99
|
|
|
); |
100
|
|
|
|
101
|
|
|
} |
102
|
|
|
|
103
|
|
|
/** |
104
|
|
|
* @throws \ByJG\Util\JwtWrapperException |
105
|
|
|
* @expectedException \ByJG\Util\JwtWrapperException |
106
|
|
|
*/ |
107
|
|
View Code Duplication |
public function testTokenWrongServerSameSecret() |
|
|
|
|
108
|
|
|
{ |
109
|
|
|
$jwt = $this->object->createJwtData($this->dataToToken); |
110
|
|
|
$token = $this->object->generateToken($jwt); |
111
|
|
|
|
112
|
|
|
$jwtWrapper = new JwtWrapper("otherserver.com", $this->jwtKey); |
113
|
|
|
|
114
|
|
|
$jwtWrapper->extractData($token); |
115
|
|
|
} |
116
|
|
|
|
117
|
|
|
/** |
118
|
|
|
* @throws \ByJG\Util\JwtWrapperException |
119
|
|
|
* @expectedException \Firebase\JWT\SignatureInvalidException |
120
|
|
|
*/ |
121
|
|
View Code Duplication |
public function testTokenWrongSecret() |
|
|
|
|
122
|
|
|
{ |
123
|
|
|
$jwt = $this->object->createJwtData($this->dataToToken); |
124
|
|
|
$token = $this->object->generateToken($jwt); |
125
|
|
|
|
126
|
|
|
$jwtWrapper = new JwtWrapper($this->server, new \ByJG\Util\JwtKeySecret("some_creepy_secret", true)); |
127
|
|
|
|
128
|
|
|
$jwtWrapper->extractData($token); |
129
|
|
|
} |
130
|
|
|
|
131
|
|
|
/** |
132
|
|
|
* @throws \ByJG\Util\JwtWrapperException |
133
|
|
|
* @expectedException \Firebase\JWT\ExpiredException |
134
|
|
|
*/ |
135
|
|
View Code Duplication |
public function testExpiredToken() |
|
|
|
|
136
|
|
|
{ |
137
|
|
|
$jwt = $this->object->createJwtData($this->dataToToken,1); |
138
|
|
|
$token = $this->object->generateToken($jwt); |
139
|
|
|
|
140
|
|
|
sleep(2); |
141
|
|
|
|
142
|
|
|
$this->object->extractData($token); |
143
|
|
|
} |
144
|
|
|
|
145
|
|
|
/** |
146
|
|
|
* @throws \ByJG\Util\JwtWrapperException |
147
|
|
|
* @expectedException \Firebase\JWT\BeforeValidException |
148
|
|
|
*/ |
149
|
|
View Code Duplication |
public function testNotBeforeToken() |
|
|
|
|
150
|
|
|
{ |
151
|
|
|
$jwt = $this->object->createJwtData($this->dataToToken,60, 60); |
152
|
|
|
$token = $this->object->generateToken($jwt); |
153
|
|
|
|
154
|
|
|
$this->object->extractData($token); |
155
|
|
|
} |
156
|
|
|
|
157
|
|
|
/** |
158
|
|
|
* @throws \ByJG\Util\JwtWrapperException |
159
|
|
|
* @expectedException \ByJG\Util\JwtWrapperException |
160
|
|
|
*/ |
161
|
|
|
public function testGetEmptyAuthorizationBearer() |
162
|
|
|
{ |
163
|
|
|
$this->object->extractData(); |
164
|
|
|
} |
165
|
|
|
|
166
|
|
|
/** |
167
|
|
|
* @throws \ByJG\Util\JwtWrapperException |
168
|
|
|
* @expectedException UnexpectedValueException |
169
|
|
|
*/ |
170
|
|
|
public function testGetInvalidTokenSequence() |
171
|
|
|
{ |
172
|
|
|
$this->object->extractData("invalidtoken"); |
173
|
|
|
} |
174
|
|
|
|
175
|
|
|
/** |
176
|
|
|
* @throws \ByJG\Util\JwtWrapperException |
177
|
|
|
* @expectedException DomainException |
178
|
|
|
*/ |
179
|
|
|
public function testGetInvalidToken() |
180
|
|
|
{ |
181
|
|
|
$this->object->extractData("invalidtoken.hasthree.parts"); |
182
|
|
|
} |
183
|
|
|
} |
184
|
|
|
|
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.