Issues in JWT.php (master) - Issues in master - francis94c/ci-jwt - Measure and Improve Code Quality continuously with Scrutinizer

Issues (13)

libraries/JWT.php (6 issues)

Labels

Severity

<?php
defined('BASEPATH') OR exit('No direct script access allowed');

class JWT
{
  /**
   * [JWT description]
   * @var string
   */
  const JWT = "jwt";

  // Signing Algorithms.
  const NONE  = 'none';
  const HS256 = 'HS256';
  const HS512 = 'HS512';
  const HS384 = 'HS384';

  // JWT Standard Algs to PHP Algs.
  const ALGOS = [
    self::HS256 => 'sha256',
    self::HS512 => 'sha512',
    self::HS384 => 'sha384'
  ];

  /**
   * [private Default Signing Secret]
   * @var string
   */
  private $secret = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";

  /**
   * [private JWT header array]
   * @var array
   */
  private $header = [];

  /**
   * [private JWT payload array]
   * @var array
   */
  private $payload = [];

  /**
   * [private Allow Unsigned JWT]
   * @var bool
   */
  private $allow_unsigned = false;

  /**
   * [private Set Issued at Time]
   * @var bool
   */
  private $set_iat = true;

  /**
   * [private Auto expire at. Argument for PHP 'strtotime' function.]
   * @var string
   */
  private $auto_expire;

  /**
   * [private Default signing algorithm]
   * @var string
   */
  private $algorithm;

  /**
   * [__construct Package constructor.]
   * @date  2020-03-28
   * @param [type] $params Config array.

   */
  public function __construct(?array $params=null)
  {
    if ($params != null) $this->init($params);
    get_instance()->load->splint("francis94c/ci-jwt", "%base64");
  }

  /**
   * [init For setting config variables.]
   * @param  array  $config Config Options.
   */
  public function init(array $config):JWT
  {
    $this->secret = $config["secret"] ?? $this->secret;
    $this->allow_unsigned = $config["allow_unsigned"] ?? $this->allow_unsigned;
    $this->auto_expire = $config["auto_expire"] ?? $this->auto_expire;
    $this->algorithm = $config["algorithm"] ?? $this->algorithm;
    $this->set_iat = $config["set_iat"] ?? $this->set_iat;
    return $this;
  }

  /**
   * [algorithm description]
   * @date   2020-04-06
   * @param  string $algorithm [description]
   * @return JWT               [description]
   */
  public function algorithm(string $algorithm):JWT
  {
    $this->algorithm = $algorithm;
    return $this;
  }

  /**
   * [header Add an item to the header array.]
   * @param  string|null     $key   Key of the item. e.g "alg", "typ".
   * @param  string|int|null $value Value of the item.
   *
   * @return mixed           The value of the given key in the header array
   *                         if specified, or the header array if no key is
   *                         specified. Method chaining is supported.
   */
  public function header(?string $key=null, $value=null)
  {
    if (!$key) return $this->header;
    if ($value === null) return $this->header[$key];
    $this->header[$key] = $value;
    return $this;
  }

  /**
   * [headerArray Get the header array.]
   * @deprecated
   * @return array JWT header array.
   */
  public function headerArray():array
  {
    return $this->header;
  }

  /**
   * [payload Adds an item/claim with a key to the payload array.]
   * @param  string      $key   JWT Claim
   * @param  mixed       $value JWT Claim Value.
   *
   * @return mixed|null Value of $key if $value == null, payload array if $key
   *                    == null. Method chaining supported.
   */
  public function payload(?string $key=null, $value=null)
  {
    if (!$key) return $this->payload;
    if ($value === null) return $this->payload[$key];
    $this->payload[$key] = $value;
    return $this;
  }

  /**
   * [__call Magic method, get or set items in the payload array.]
   * @date   2020-04-06
   * @param  string     $method Payload field key.
   * @param  array      $args   Value.
   * @return [type]             [description]

   */
  public function __call(string $method, array $args)
  {
    if (count($args) == 0) return $this->payload[$method];
    $this->payload[$method] = $args[0];
    return $this;
  }

  /**
   * [iss Convinient function for setting the iss claim]
   * @param  mixed      $iss Value to set the 'iss' claim to.
   * @return mixed|none      Value of the 'iss' claim, if the $iss argument wasn't
filter:
    dependency_paths: ["lib/*"]
   *                         supplied. Otherwise, null.
   */
  public function iss(string $iss=null)
  {
    if ($iss === null) return $this->payload['iss'];
    $this->payload['iss'] = $iss;
    return $this;
  }

  /**
   * [payloadArray Get the payload array.]
   * @deprecated
   * @return array The payload array.
   */
  public function payloadArray(): array
  {
    return $this->payload;
  }

  /**
   * [Creat/Start afresh, empty/reset header and payload array.]
   * @return JWT Method Chaining.
   */
  public function create():JWT
  {
    $this->header = [];
    $this->payload = [];
    return $this;
  }

  /**
   * [sign description]
   * @param  [type] $secret [description]

   * @return [type]         [description]

   */
  public function sign(string $secret=null):?string {
    // Checks.
    if  (count($this->payload) == 0) return null;
    // $key is $secret.
    $key = $secret ?? $this->secret;
    $this->header["alg"] = $this->header["alg"] ?? ($this->algorithm ?? self::HS512);
    $this->header["typ"] = $this->header["typ"] ?? self::JWT;
    // Generate Issued At Time.
    if ($this->set_iat) $this->payload["iat"] = $this->payload['iat'] ?? time();
    // Auto Expire.
    if ($this->auto_expire != null && !isset($this->payload['exp'])) $this->payload['exp'] = strtotime($this->auto_expire);
    $jwt = base64url_encode(json_encode($this->header));
    if ($jwt === false) return null;
    if ($jwt != "") $jwt .= ".";
    $payload = base64url_encode(json_encode($this->payload));
    $jwt .= $payload;
    if ($key != "") return $this->sign_token($jwt, $key, $this->header["alg"]);
    return $jwt . ".";
  }

  /**
   * [token description]
   * @return string [description]
   */
  public function token():?string
  {
    // Checks.
    if  (count($this->payload) == 0) return null;
    // Begin.
    $this->header["alg"] = self::NONE;
    if ($this->set_iat) $this->payload["iat"] = $this->payload["iat"] ?? time();
    if ($this->auto_expire != null) $this->payload["exp"] = strtotime($this->auto_expire);
    return base64url_encode(json_encode($this->header)) . "." . base64url_encode(json_encode($this->payload)) . ".";
  }

  /**
   * [verify description]
   * @param  string $jwt    [description]
   * @param  string $secret [description]
   * @return bool           [description]
   */
  public function verify(string $jwt, string $secret=null):bool {
    if (substr_count($jwt, ".") != 2) return false; // Invalid JWT.
    $key = $secret ?? $this->secret;
    $parts = explode(".", $jwt);
    $header = json_decode(base64url_decode($parts[0]) ,true);
    if ($header == null) return false;
    $alg = $this->algorithm ?? $header["alg"] ?? self::HS256;
    $payload = json_decode(base64url_decode($parts[1]) ,true);
    if ($payload == null) return false;
    if ($parts[2] == "") {
      return $this->allow_unsigned;
    }
    return $this->hashmac($alg, $parts[0] . "." . $parts[1], $parts[2], $key);
  }

  /**
   * [expire Sets expiry date of JWT. This basically assigns the return value of
   *         PHP's 'strtotime()' function to the 'exp' field of the payload,
   *         passing it the $when argument.
   *         see https://www.php.net/manual/en/function.strtotime.php]
   * @param string $when Future time e.g +1 Week, +1 week 2 days 4 hours 2 seconds.
   */
  public function expire(string $when):void
  {
    $this->payload["exp"] = strtotime($when);
  }

  /**
   * [decode description]
   * @param  string  $jwt [description]
   * @return boolean      [description]
   */
  public function decode(string $jwt):bool {
    $parts = explode(".", $jwt);
    $header = json_decode(base64url_decode($parts[0]), true);
    if ($header === false) return false;
    $payload = json_decode(base64url_decode($parts[1]), true);
    if ($payload === false) return false;
    $this->header = $header;
    $this->payload = $payload;
    return true;
  }
  /**
   * [expired description]
   * @param  string $jwt [description]
   * @return bool        [description]
   */
  public function expired(string $jwt=null):bool {
    $exp = $jwt == null ? ($this->payload["exp"] ?? time() + 4) : $this->get_expired($jwt);

    return time() >= $exp;
  }

  /**
   * [hashmac description]
   * @param  string $alg       [description]
   * @param  string $data      [description]
   * @param  string $signature [description]
   * @param  string $secret    [description]
   * @return bool              [description]
   */
  private function hashmac(string $alg, string $data, string $signature, string $secret):bool {
    return $signature === hash_hmac(self::ALGOS[$alg], $data, $secret);
  }

  /**
   * [get_expired description]
   * @param  string $jwt [description]
   * @return int         [description]
   */
  private function get_expired(string $jwt):int
  {
    $parts = explode(".", $jwt);
    return json_decode(base64url_decode($parts[1]) ,true)["exp"] ?? time() + 4;
  }

  /**
   * [sign_token Sign JWT]
   * @param  string $token base64 url encoded header and payload token pair.
   * @param  string $key   The scecret used to sign the token.
   * @param  string $alg   The algorithm used to sign the token.
   * @return string        Complete JWT.
   */
  private function sign_token(string $token, string $key, string $alg):string
  {
    if ($alg == self::NONE) return $token . ".";
    $token = rtrim($token, ".");
    $signature = hash_hmac(self::ALGOS[$alg], $token, $key);
    return $token . "." . $signature;
  }
}


1			<?php
2			defined('BASEPATH') OR exit('No direct script access allowed');
3
4			class JWT
5			{
6			/**
7			* [JWT description]
8			* @var string
9			*/
10			const JWT = "jwt";
11
12			// Signing Algorithms.
13			const NONE = 'none';
14			const HS256 = 'HS256';
15			const HS512 = 'HS512';
16			const HS384 = 'HS384';
17
18			// JWT Standard Algs to PHP Algs.
19			const ALGOS = [
20			self::HS256 => 'sha256',
21			self::HS512 => 'sha512',
22			self::HS384 => 'sha384'
23			];
24
25			/**
26			* [private Default Signing Secret]
27			* @var string
28			*/
29			private $secret = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
30
31			/**
32			* [private JWT header array]
33			* @var array
34			*/
35			private $header = [];
36
37			/**
38			* [private JWT payload array]
39			* @var array
40			*/
41			private $payload = [];
42
43			/**
44			* [private Allow Unsigned JWT]
45			* @var bool
46			*/
47			private $allow_unsigned = false;
48
49			/**
50			* [private Set Issued at Time]
51			* @var bool
52			*/
53			private $set_iat = true;
54
55			/**
56			* [private Auto expire at. Argument for PHP 'strtotime' function.]
57			* @var string
58			*/
59			private $auto_expire;
60
61			/**
62			* [private Default signing algorithm]
63			* @var string
64			*/
65			private $algorithm;
66
67			/**
68			* [__construct Package constructor.]
69			* @date 2020-03-28
70			* @param [type] $params Config array.
			0 ignored issues – show Documentation Bug introduced 2020-04-08 02:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc comment `[type]` at position `0` could not be parsed: Unknown type name '[' at position 0 in [type]. Loading history...
71			*/
72			public function __construct(?array $params=null)
73			{
74			if ($params != null) $this->init($params);
75			get_instance()->load->splint("francis94c/ci-jwt", "%base64");
76			}
77
78			/**
79			* [init For setting config variables.]
80			* @param array $config Config Options.
81			*/
82			public function init(array $config):JWT
83			{
84			$this->secret = $config["secret"] ?? $this->secret;
85			$this->allow_unsigned = $config["allow_unsigned"] ?? $this->allow_unsigned;
86			$this->auto_expire = $config["auto_expire"] ?? $this->auto_expire;
87			$this->algorithm = $config["algorithm"] ?? $this->algorithm;
88			$this->set_iat = $config["set_iat"] ?? $this->set_iat;
89			return $this;
90			}
91
92			/**
93			* [algorithm description]
94			* @date 2020-04-06
95			* @param string $algorithm [description]
96			* @return JWT [description]
97			*/
98			public function algorithm(string $algorithm):JWT
99			{
100			$this->algorithm = $algorithm;
101			return $this;
102			}
103
104			/**
105			* [header Add an item to the header array.]
106			* @param string\|null $key Key of the item. e.g "alg", "typ".
107			* @param string\|int\|null $value Value of the item.
108			*
109			* @return mixed The value of the given key in the header array
110			* if specified, or the header array if no key is
111			* specified. Method chaining is supported.
112			*/
113			public function header(?string $key=null, $value=null)
114			{
115			if (!$key) return $this->header;
116			if ($value === null) return $this->header[$key];
117			$this->header[$key] = $value;
118			return $this;
119			}
120
121			/**
122			* [headerArray Get the header array.]
123			* @deprecated
124			* @return array JWT header array.
125			*/
126			public function headerArray():array
127			{
128			return $this->header;
129			}
130
131			/**
132			* [payload Adds an item/claim with a key to the payload array.]
133			* @param string $key JWT Claim
134			* @param mixed $value JWT Claim Value.
135			*
136			* @return mixed\|null Value of $key if $value == null, payload array if $key
137			* == null. Method chaining supported.
138			*/
139			public function payload(?string $key=null, $value=null)
140			{
141			if (!$key) return $this->payload;
142			if ($value === null) return $this->payload[$key];
143			$this->payload[$key] = $value;
144			return $this;
145			}
146
147			/**
148			* [__call Magic method, get or set items in the payload array.]
149			* @date 2020-04-06
150			* @param string $method Payload field key.
151			* @param array $args Value.
152			* @return [type] [description]
			0 ignored issues – show Documentation Bug introduced 2020-04-08 02:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc comment `[type]` at position `0` could not be parsed: Unknown type name '[' at position 0 in [type]. Loading history...
153			*/
154			public function __call(string $method, array $args)
155			{
156			if (count($args) == 0) return $this->payload[$method];
157			$this->payload[$method] = $args[0];
158			return $this;
159			}
160
161			/**
162			* [iss Convinient function for setting the iss claim]
163			* @param mixed $iss Value to set the 'iss' claim to.
164			* @return mixed\|none Value of the 'iss' claim, if the $iss argument wasn't
			0 ignored issues – show Bug introduced 2020-04-08 20:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `none` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
165			* supplied. Otherwise, null.
166			*/
167			public function iss(string $iss=null)
168			{
169			if ($iss === null) return $this->payload['iss'];
170			$this->payload['iss'] = $iss;
171			return $this;
172			}
173
174			/**
175			* [payloadArray Get the payload array.]
176			* @deprecated
177			* @return array The payload array.
178			*/
179			public function payloadArray(): array
180			{
181			return $this->payload;
182			}
183
184			/**
185			* [Creat/Start afresh, empty/reset header and payload array.]
186			* @return JWT Method Chaining.
187			*/
188			public function create():JWT
189			{
190			$this->header = [];
191			$this->payload = [];
192			return $this;
193			}
194
195			/**
196			* [sign description]
197			* @param [type] $secret [description]
			0 ignored issues – show Documentation Bug introduced 2019-07-19 19:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc comment `[type]` at position `0` could not be parsed: Unknown type name '[' at position 0 in [type]. Loading history...
198			* @return [type] [description]
			0 ignored issues – show Documentation Bug introduced 2019-07-19 19:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc comment `[type]` at position `0` could not be parsed: Unknown type name '[' at position 0 in [type]. Loading history...
199			*/
200			public function sign(string $secret=null):?string {
201			// Checks.
202			if (count($this->payload) == 0) return null;
203			// $key is $secret.
204			$key = $secret ?? $this->secret;
205			$this->header["alg"] = $this->header["alg"] ?? ($this->algorithm ?? self::HS512);
206			$this->header["typ"] = $this->header["typ"] ?? self::JWT;
207			// Generate Issued At Time.
208			if ($this->set_iat) $this->payload["iat"] = $this->payload['iat'] ?? time();
209			// Auto Expire.
210			if ($this->auto_expire != null && !isset($this->payload['exp'])) $this->payload['exp'] = strtotime($this->auto_expire);
211			$jwt = base64url_encode(json_encode($this->header));
212			if ($jwt === false) return null;
213			if ($jwt != "") $jwt .= ".";
214			$payload = base64url_encode(json_encode($this->payload));
215			$jwt .= $payload;
216			if ($key != "") return $this->sign_token($jwt, $key, $this->header["alg"]);
217			return $jwt . ".";
218			}
219
220			/**
221			* [token description]
222			* @return string [description]
223			*/
224			public function token():?string
225			{
226			// Checks.
227			if (count($this->payload) == 0) return null;
228			// Begin.
229			$this->header["alg"] = self::NONE;
230			if ($this->set_iat) $this->payload["iat"] = $this->payload["iat"] ?? time();
231			if ($this->auto_expire != null) $this->payload["exp"] = strtotime($this->auto_expire);
232			return base64url_encode(json_encode($this->header)) . "." . base64url_encode(json_encode($this->payload)) . ".";
233			}
234
235			/**
236			* [verify description]
237			* @param string $jwt [description]
238			* @param string $secret [description]
239			* @return bool [description]
240			*/
241			public function verify(string $jwt, string $secret=null):bool {
242			if (substr_count($jwt, ".") != 2) return false; // Invalid JWT.
243			$key = $secret ?? $this->secret;
244			$parts = explode(".", $jwt);
245			$header = json_decode(base64url_decode($parts[0]) ,true);
246			if ($header == null) return false;
247			$alg = $this->algorithm ?? $header["alg"] ?? self::HS256;
248			$payload = json_decode(base64url_decode($parts[1]) ,true);
249			if ($payload == null) return false;
250			if ($parts[2] == "") {
251			return $this->allow_unsigned;
252			}
253			return $this->hashmac($alg, $parts[0] . "." . $parts[1], $parts[2], $key);
254			}
255
256			/**
257			* [expire Sets expiry date of JWT. This basically assigns the return value of
258			* PHP's 'strtotime()' function to the 'exp' field of the payload,
259			* passing it the $when argument.
260			* see https://www.php.net/manual/en/function.strtotime.php]
261			* @param string $when Future time e.g +1 Week, +1 week 2 days 4 hours 2 seconds.
262			*/
263			public function expire(string $when):void
264			{
265			$this->payload["exp"] = strtotime($when);
266			}
267
268			/**
269			* [decode description]
270			* @param string $jwt [description]
271			* @return boolean [description]
272			*/
273			public function decode(string $jwt):bool {
274			$parts = explode(".", $jwt);
275			$header = json_decode(base64url_decode($parts[0]), true);
276			if ($header === false) return false;
277			$payload = json_decode(base64url_decode($parts[1]), true);
278			if ($payload === false) return false;
279			$this->header = $header;
280			$this->payload = $payload;
281			return true;
282			}
283			/**
284			* [expired description]
285			* @param string $jwt [description]
286			* @return bool [description]
287			*/
288			public function expired(string $jwt=null):bool {
289			$exp = $jwt == null ? ($this->payload["exp"] ?? time() + 4) : $this->get_expired($jwt);
			0 ignored issues – show Bug introduced 2019-07-20 20:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing `$jwt` of type `null\|string` against `null`; this is ambiguous if the string can be empty. Consider using a strict comparison `===` instead. Loading history...
290			return time() >= $exp;
291			}
292
293			/**
294			* [hashmac description]
295			* @param string $alg [description]
296			* @param string $data [description]
297			* @param string $signature [description]
298			* @param string $secret [description]
299			* @return bool [description]
300			*/
301			private function hashmac(string $alg, string $data, string $signature, string $secret):bool {
302			return $signature === hash_hmac(self::ALGOS[$alg], $data, $secret);
303			}
304
305			/**
306			* [get_expired description]
307			* @param string $jwt [description]
308			* @return int [description]
309			*/
310			private function get_expired(string $jwt):int
311			{
312			$parts = explode(".", $jwt);
313			return json_decode(base64url_decode($parts[1]) ,true)["exp"] ?? time() + 4;
314			}
315
316			/**
317			* [sign_token Sign JWT]
318			* @param string $token base64 url encoded header and payload token pair.
319			* @param string $key The scecret used to sign the token.
320			* @param string $alg The algorithm used to sign the token.
321			* @return string Complete JWT.
322			*/
323			private function sign_token(string $token, string $key, string $alg):string
324			{
325			if ($alg == self::NONE) return $token . ".";
326			$token = rtrim($token, ".");
327			$signature = hash_hmac(self::ALGOS[$alg], $token, $key);
328			return $token . "." . $signature;
329			}
330			}
331

francis94c / ci-jwt

Issues (13)

libraries/JWT.php (6 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like