/**
* @param Token $token
* @return bool
*/
public function validateToken(Token $token) : bool
{
return $token->validate($this->validationData) && $token->verify($this->signer, $this->secret);
}
/**
* @param ParsedToken $parsed
* @throws InvalidException if token validation fails
*/
protected function verifyParsedToken(ParsedToken $parsed)
{
if ($parsed->verify($this->signer, $this->config->getPublicKey())) {
return;
}
throw new InvalidException('Token signature is not valid', InvalidException::CODE_TOKEN_INVALID);
}
/**
* @inheritdoc
*/
public function isValid(Token $token)
{
$signer = new Sha256();
$key = new Key($this->pathPublicKey);
if (!$token->verify($signer, $key)) {
throw new InvalidDefinitionException('Invalid token');
}
$data = new ValidationData();
$data->setIssuer($token->getClaim('iss'));
$data->setAudience($token->getClaim('aud'));
$data->setId($token->getClaim('jti'));
$isValid = $token->validate($data);
if (!$isValid) {
throw new AuthenticationExpiredException('The access token has expired');
}
return $isValid;
}
/**
* @test
*
* @depends builderCanGenerateAToken
*
* @covers Lcobucci\JWT\Builder
* @covers Lcobucci\JWT\Parser
* @covers Lcobucci\JWT\Token
* @covers Lcobucci\JWT\Signature
* @covers Lcobucci\JWT\Claim\Factory
* @covers Lcobucci\JWT\Claim\Basic
* @covers Lcobucci\JWT\Signer\Key
* @covers Lcobucci\JWT\Signer\BaseSigner
* @covers Lcobucci\JWT\Signer\Hmac
* @covers Lcobucci\JWT\Signer\Hmac\Sha256
*/
public function verifyShouldReturnTrueWhenKeyIsRight(Token $token)
{
$this->assertTrue($token->verify($this->signer, 'testing'));
}
/**
* @test
*
* @uses Lcobucci\JWT\Token::__construct
*
* @covers Lcobucci\JWT\Token::verify
* @covers Lcobucci\JWT\Token::getPayload
*/
public function verifyMustDelegateTheValidationToSignature()
{
$signer = $this->getMock(Signer::class);
$signature = $this->getMock(Signature::class, [], [], '', false);
$signer->expects($this->any())->method('getAlgorithmId')->willReturn('HS256');
$signature->expects($this->once())->method('verify')->with($signer, $this->isType('string'), 'test')->willReturn(true);
$token = new Token(['alg' => 'HS256'], [], $signature);
$this->assertTrue($token->verify($signer, 'test'));
}
/**
* @test
*
* @depends builderCanGenerateAToken
*
* @covers Lcobucci\JWT\Builder
* @covers Lcobucci\JWT\Parser
* @covers Lcobucci\JWT\Token
* @covers Lcobucci\JWT\Signature
* @covers Lcobucci\JWT\Claim\Factory
* @covers Lcobucci\JWT\Claim\Basic
* @covers Lcobucci\JWT\Signer\Key
* @covers Lcobucci\JWT\Signer\BaseSigner
* @covers Lcobucci\JWT\Signer\Rsa
* @covers Lcobucci\JWT\Signer\Rsa\Sha256
*/
public function verifyShouldReturnTrueWhenKeyIsRight(Token $token)
{
$this->assertTrue($token->verify($this->signer, self::$rsaKeys['public']));
}
/**
* @test
*
* @depends builderCanGenerateAToken
*
* @covers \Lcobucci\JWT\Configuration
* @covers \Lcobucci\JWT\Builder
* @covers \Lcobucci\JWT\Parser
* @covers \Lcobucci\JWT\Token
* @covers \Lcobucci\JWT\Signature
* @covers \Lcobucci\JWT\Claim\Factory
* @covers \Lcobucci\JWT\Claim\Basic
* @covers \Lcobucci\JWT\Signer\Key
* @covers \Lcobucci\JWT\Signer\BaseSigner
* @covers \Lcobucci\JWT\Signer\Ecdsa
* @covers \Lcobucci\JWT\Signer\Ecdsa\KeyParser
* @covers \Lcobucci\JWT\Signer\Ecdsa\EccAdapter
* @covers \Lcobucci\JWT\Signer\Ecdsa\SignatureSerializer
* @covers \Lcobucci\JWT\Signer\Ecdsa\Sha256
*/
public function verifyShouldReturnTrueWhenKeyIsRight(Token $token)
{
self::assertTrue($token->verify($this->config->getSigner(), static::$ecdsaKeys['public1']));
}
/**
* validate a given token object
*
* @param Token $token
* @return boolean
*/
public function validate(Token $token)
{
$valid = $token->validate($this->rules());
$verified = $token->verify(new Sha256(), config('jwt.key'));
return $valid && $verified;
}
/**
* Verify is validate token in signature.
*
* @param Lcobucci\JWT\Token $token
*
* @return bool
*/
public function isValidByToken(Token $token)
{
return $token->verify(new Sha256(), env('JWT_SECRET'));
}
/**
* @param \Lcobucci\JWT\Token $token
* @return bool
*/
public function verify(Token $token)
{
return $token->verify($this->signer, $this->key);
}
/**
* Validate token
* @param Token $token token object
* @return bool
*/
public function verifyToken(Token $token)
{
$alg = $token->getHeader('alg');
if (empty($this->supportedAlgs[$alg])) {
throw new InvalidParamException('Algorithm not supported');
}
$signer = Yii::createObject($this->supportedAlgs[$alg]);
return $token->verify($signer, $this->key);
}
/**
* @test
*
* @depends builderCanGenerateAToken
*
* @covers \Lcobucci\JWT\Configuration
* @covers \Lcobucci\JWT\Builder
* @covers \Lcobucci\JWT\Parser
* @covers \Lcobucci\JWT\Token
* @covers \Lcobucci\JWT\Signature
* @covers \Lcobucci\JWT\Claim\Factory
* @covers \Lcobucci\JWT\Claim\Basic
* @covers \Lcobucci\JWT\Signer\Key
* @covers \Lcobucci\JWT\Signer\BaseSigner
* @covers \Lcobucci\JWT\Signer\Hmac
* @covers \Lcobucci\JWT\Signer\Hmac\Sha256
*/
public function verifyShouldReturnTrueWhenKeyIsRight(Token $token)
{
self::assertTrue($token->verify($this->config->getSigner(), 'testing'));
}
/**
* @param Jwt $jwt
* @return bool
*/
public function verifySignature(Jwt $jwt)
{
return $jwt->verify($this->signer, $this->publicKey);
}
/**
* @test
*
* @depends builderCanGenerateAToken
*
* @covers Lcobucci\JWT\Builder
* @covers Lcobucci\JWT\Parser
* @covers Lcobucci\JWT\Token
* @covers Lcobucci\JWT\Signature
* @covers Lcobucci\JWT\Parsing\Encoder
* @covers Lcobucci\JWT\Claim\Factory
* @covers Lcobucci\JWT\Claim\Basic
* @covers Lcobucci\JWT\Signer\OpenSSL
* @covers Lcobucci\JWT\Signer\Ecdsa
* @covers Lcobucci\JWT\Signer\Ecdsa\Sha256
*/
public function verifyShouldReturnTrueWhenKeyIsRight(Token $token)
{
$this->assertTrue($token->verify($this->signer, $this->publicEcdsa()));
}
/**
* @param Token|null $token
*
* @return SessionInterface
*/
public function extractSessionContainer(Token $token = null) : SessionInterface
{
try {
if (null === $token || !$token->verify($this->signer, $this->verificationKey)) {
return DefaultSessionData::newEmptySession();
}
return DefaultSessionData::fromDecodedTokenData((object) $token->getClaim(self::SESSION_CLAIM, new \stdClass()));
} catch (\BadMethodCallException $invalidToken) {
return DefaultSessionData::newEmptySession();
}
}
/**
* @param ParsedToken $parsed
* @throws InvalidException if token validation fails
*/
protected function verifyParsedToken(ParsedToken $parsed)
{
if ($parsed->verify($this->signer, $this->config->getPublicKey())) {
return;
}
throw InvalidException::invalidSignature((string) $parsed);
}