Serves like a small DI container to simplify the creation and usage of the objects.
Since: 4.0.0
Author: Luís Otávio Cobucci Oblonczyk (lcobucci@gmail.com)
Configuration Class Documentation
コード例 #1
0
ファイル: HmacTokenTest.php プロジェクト: lcobucci/jwt 
 /**
  * @test
  *
  * @covers \Lcobucci\JWT\Configuration
  * @covers \Lcobucci\JWT\Builder
  * @covers \Lcobucci\JWT\Parser
  * @covers \Lcobucci\JWT\Token
  * @covers \Lcobucci\JWT\Signature
  * @covers \Lcobucci\JWT\Signer\Key
  * @covers \Lcobucci\JWT\Signer\BaseSigner
  * @covers \Lcobucci\JWT\Signer\Hmac
  * @covers \Lcobucci\JWT\Signer\Hmac\Sha256
  * @covers \Lcobucci\JWT\Claim\Factory
  * @covers \Lcobucci\JWT\Claim\Basic
  */
 public function everythingShouldWorkWhenUsingATokenGeneratedByOtherLibs()
 {
     $data = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJoZWxsbyI6IndvcmxkIn0.Rh' . '7AEgqCB7zae1PkgIlvOpeyw9Ab8NGTbeOH7heHO0o';
     $token = $this->config->getParser()->parse((string) $data);
     self::assertEquals('world', $token->getClaim('hello'));
     self::assertTrue($token->verify($this->config->getSigner(), 'testing'));
 }
コード例 #2
0
ファイル: RsaTokenTest.php プロジェクト: lcobucci/jwt 
 /**
  * @test
  *
  * @covers \Lcobucci\JWT\Configuration
  * @covers \Lcobucci\JWT\Builder
  * @covers \Lcobucci\JWT\Parser
  * @covers \Lcobucci\JWT\Token
  * @covers \Lcobucci\JWT\Signature
  * @covers \Lcobucci\JWT\Signer\Key
  * @covers \Lcobucci\JWT\Signer\BaseSigner
  * @covers \Lcobucci\JWT\Signer\Rsa
  * @covers \Lcobucci\JWT\Signer\Rsa\Sha256
  * @covers \Lcobucci\JWT\Claim\Factory
  * @covers \Lcobucci\JWT\Claim\Basic
  */
 public function everythingShouldWorkWhenUsingATokenGeneratedByOtherLibs()
 {
     $data = 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9.eyJoZWxsbyI6IndvcmxkIn0.s' . 'GYbB1KrmnESNfJ4D9hOe1Zad_BMyxdb8G4p4LNP7StYlOyBWck6q7XPpPj_6gB' . 'Bo1ohD3MA2o0HY42lNIrAStaVhfsFKGdIou8TarwMGZBPcif_3ThUV1pGS3fZc' . 'lFwF2SP7rqCngQis_xcUVCyqa8E1Wa_v28grnl1QZrnmQFO8B5JGGLqcrfUHJO' . 'nJCupP-Lqh4TmIhftIimSCgLNmJg80wyrpUEfZYReE7hPuEmY0ClTqAGIMQoNS' . '98ljwDxwhfbSuL2tAdbV4DekbTpWzspe3dOJ7RSzmPKVZ6NoezaIazKqyqkmHZfcMaHI1lQeGia6LTbHU1bp0gINi74Vw';
     $token = $this->config->getParser()->parse((string) $data);
     self::assertEquals('world', $token->getClaim('hello'));
     self::assertTrue($token->verify($this->config->getSigner(), self::$rsaKeys['public']));
 }
コード例 #3
0
ファイル: EcdsaTokenTest.php プロジェクト: lcobucci/jwt 
 /**
  * @test
  *
  * @covers \Lcobucci\JWT\Configuration
  * @covers \Lcobucci\JWT\Builder
  * @covers \Lcobucci\JWT\Parser
  * @covers \Lcobucci\JWT\Token
  * @covers \Lcobucci\JWT\Signature
  * @covers \Lcobucci\JWT\Signer\Key
  * @covers \Lcobucci\JWT\Signer\BaseSigner
  * @covers \Lcobucci\JWT\Signer\Ecdsa
  * @covers \Lcobucci\JWT\Signer\Ecdsa\KeyParser
  * @covers \Lcobucci\JWT\Signer\Ecdsa\EccAdapter
  * @covers \Lcobucci\JWT\Signer\Ecdsa\SignatureSerializer
  * @covers \Lcobucci\JWT\Signer\Ecdsa\Sha512
  * @covers \Lcobucci\JWT\Signer\Hmac
  * @covers \Lcobucci\JWT\Signer\Hmac\Sha512
  * @covers \Lcobucci\JWT\Claim\Factory
  * @covers \Lcobucci\JWT\Claim\Basic
  */
 public function preventRegressionsThatAllowsMaliciousTampering()
 {
     $data = 'eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJoZWxsbyI6IndvcmxkIn0.' . 'AQx1MqdTni6KuzfOoedg2-7NUiwe-b88SWbdmviz40GTwrM0Mybp1i1tVtm' . 'TSQ91oEXGXBdtwsN6yalzP9J-sp2YATX_Tv4h-BednbdSvYxZsYnUoZ--ZU' . 'dL10t7g8Yt3y9hdY_diOjIptcha6ajX8yzkDGYG42iSe3f5LywSuD6FO5c';
     $key = new Key('-----BEGIN PUBLIC KEY-----' . PHP_EOL . 'MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAcpkss6wI7PPlxj3t7A1RqMH3nvL4' . PHP_EOL . 'L5Tzxze/XeeYZnHqxiX+gle70DlGRMqqOq+PJ6RYX7vK0PJFdiAIXlyPQq0B3KaU' . PHP_EOL . 'e86IvFeQSFrJdCc0K8NfiH2G1loIk3fiR+YLqlXk6FAeKtpXJKxR1pCQCAM+vBCs' . PHP_EOL . 'mZudf1zCUZ8/4eodlHU=' . PHP_EOL . '-----END PUBLIC KEY-----');
     // Let's let the attacker tamper with our message!
     $bad = $this->createMaliciousToken($data, $key);
     /**
      * At this point, we have our forged message in $bad for testing...
      *
      * Now, if we allow the attacker to dictate what Signer we use
      * (e.g. HMAC-SHA512 instead of ECDSA), they can forge messages!
      */
     $token = $this->config->getParser()->parse((string) $bad);
     self::assertEquals('world', $token->getClaim('hello'), 'The claim content should not be modified');
     self::assertTrue($token->verify(new HS512(), $key), 'Using the attackers signer should make things unsafe');
     self::assertFalse($token->verify(Sha512::create(), $key), 'But we know which Signer should be used so the attack fails');
 }
コード例 #4
0
ファイル: ConfigurationTest.php プロジェクト: lcobucci/jwt 
 /**
  * @test
  *
  * @covers \Lcobucci\JWT\Configuration::getSigner
  * @covers \Lcobucci\JWT\Configuration::setSigner
  *
  * @uses \Lcobucci\JWT\Builder
  * @uses \Lcobucci\JWT\Claim\Factory
  * @uses \Lcobucci\JWT\Parser
  */
 public function getSignerShouldReturnTheConfiguredSigner()
 {
     $config = new Configuration();
     $config->setSigner($this->signer);
     self::assertSame($this->signer, $config->getSigner());
 }
コード例 #5
0
ファイル: UnsignedTokenTest.php プロジェクト: lcobucci/jwt 
 /**
  * @test
  *
  * @depends builderCanGenerateAToken
  *
  * @covers \Lcobucci\JWT\Configuration
  * @covers \Lcobucci\JWT\Builder
  * @covers \Lcobucci\JWT\Parser
  * @covers \Lcobucci\JWT\Token
  * @covers \Lcobucci\JWT\Claim\Factory
  * @covers \Lcobucci\JWT\Claim\Basic
  */
 public function parserCanReadAToken(Token $generated)
 {
     $read = $this->config->getParser()->parse((string) $generated);
     self::assertEquals($generated, $read);
     self::assertEquals('testing', $read->getClaim('user')['name']);
 }