From 02a7bc03cf545695c086f300d58e5610d5888871 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maxime=20H=C3=A9lias?= Date: Wed, 1 Mar 2023 18:35:29 +0100 Subject: [PATCH] Allow lcobucci/jwt v5 --- Services/JWSProvider/LcobucciJWSProvider.php | 66 +++++--------------- composer.json | 3 +- 2 files changed, 18 insertions(+), 51 deletions(-) diff --git a/Services/JWSProvider/LcobucciJWSProvider.php b/Services/JWSProvider/LcobucciJWSProvider.php index 1f2900f8..3507983b 100644 --- a/Services/JWSProvider/LcobucciJWSProvider.php +++ b/Services/JWSProvider/LcobucciJWSProvider.php @@ -68,11 +68,6 @@ class LcobucciJWSProvider implements JWSProviderInterface */ private $allowNoExpiration; - /** - * @var bool - */ - private $useDateObjects; - /** * @throws \InvalidArgumentException If the given crypto engine is not supported */ @@ -82,7 +77,7 @@ public function __construct(KeyLoaderInterface $keyLoader, string $cryptoEngine, throw new \InvalidArgumentException(sprintf('The %s provider supports only "openssl" as crypto engine.', self::class)); } if (null === $clock) { - $clock = SystemClock::fromUTC(); + $clock = new SystemClock(new \DateTimeZone('UTC')); } $this->keyLoader = $keyLoader; @@ -91,7 +86,6 @@ public function __construct(KeyLoaderInterface $keyLoader, string $cryptoEngine, $this->ttl = $ttl; $this->clockSkew = $clockSkew; $this->allowNoExpiration = $allowNoExpiration; - $this->useDateObjects = method_exists(Token::class, 'payload') || class_exists(Plain::class); // exists only on lcobucci/jwt 3.4+ } /** @@ -106,7 +100,7 @@ public function create(array $payload, array $header = []) } foreach ($header as $k => $v) { - $jws->withHeader($k, $v); + $jws = $jws->withHeader($k, $v); } $now = time(); @@ -114,28 +108,28 @@ public function create(array $payload, array $header = []) $issuedAt = $payload['iat'] ?? $now; unset($payload['iat']); - $jws->issuedAt($this->useDateObjects && !$issuedAt instanceof \DateTimeImmutable ? new \DateTimeImmutable("@{$issuedAt}") : $issuedAt); + $jws = $jws->issuedAt(!$issuedAt instanceof \DateTimeImmutable ? new \DateTimeImmutable("@{$issuedAt}") : $issuedAt); if (null !== $this->ttl || isset($payload['exp'])) { $exp = $payload['exp'] ?? $now + $this->ttl; unset($payload['exp']); if ($exp) { - $jws->expiresAt($exp instanceof \DateTimeImmutable ? $exp : ($this->useDateObjects ? new \DateTimeImmutable("@$exp") : $exp)); + $jws = $jws->expiresAt(!$exp instanceof \DateTimeImmutable ? new \DateTimeImmutable("@{$exp}") : $exp); } } if (isset($payload['sub'])) { - $jws->relatedTo($payload['sub']); + $jws = $jws->relatedTo($payload['sub']); unset($payload['sub']); } if (interface_exists(RegisteredClaims::class)) { - $this->addStandardClaims($jws, $payload); + $jws = $this->addStandardClaims($jws, $payload); } foreach ($payload as $name => $value) { - $jws->withClaim($name, $value); + $jws = $jws->withClaim($name, $value); } $e = $token = null; @@ -159,25 +153,18 @@ public function load($token) } $payload = []; - - if (!$this->useDateObjects) { - foreach ($jws->getClaims() as $claim) { - $payload[$claim->getName()] = $claim->getValue(); - } - } else { - foreach ($jws->claims()->all() as $name => $value) { - if ($value instanceof \DateTimeInterface) { - $value = $value->getTimestamp(); - } - $payload[$name] = $value; + foreach ($jws->claims()->all() as $name => $value) { + if ($value instanceof \DateTimeInterface) { + $value = $value->getTimestamp(); } + $payload[$name] = $value; } $jws = new LoadedJWS( $payload, $this->verify($jws), false == $this->allowNoExpiration, - $this->useDateObjects ? $jws->headers()->all() : $jws->getHeaders(), + $jws->headers()->all(), $this->clockSkew ); @@ -230,29 +217,6 @@ private function getSignedToken(Builder $jws) private function verify(Token $jwt) { - if (!$this->useDateObjects) { - if (!$jwt->validate(new ValidationData(time() + $this->clockSkew))) { - return false; - } - - if ($this->signer instanceof Hmac) { - return $jwt->verify( - $this->signer, - $this->keyLoader->loadKey(RawKeyLoader::TYPE_PRIVATE) - ); - } - - if (!empty($keys = $this->keyLoader->getAdditionalPublicKeys())) { - foreach ($keys as $key) { - if ($jwt->verify($this->signer, $key)) { - return true; - } - } - - return false; - } - } - if (class_exists(InMemory::class)) { $key = InMemory::plainText($this->signer instanceof Hmac ? $this->keyLoader->loadKey(RawKeyLoader::TYPE_PRIVATE) : $this->keyLoader->loadKey(RawKeyLoader::TYPE_PUBLIC)); } else { @@ -289,7 +253,7 @@ private function verify(Token $jwt) return false; } - private function addStandardClaims(Builder $builder, array &$payload) + private function addStandardClaims(Builder $builder, array &$payload): Builder { $mutatorMap = [ RegisteredClaims::AUDIENCE => 'permittedFor', @@ -311,7 +275,9 @@ private function addStandardClaims(Builder $builder, array &$payload) continue; } - $builder->{$mutator}($value); + $builder = $builder->{$mutator}($value); } + + return $builder; } } diff --git a/composer.json b/composer.json index 435f8d8b..8b984d42 100644 --- a/composer.json +++ b/composer.json @@ -39,7 +39,8 @@ "require": { "php": ">=7.1", "ext-openssl": "*", - "lcobucci/jwt": "^3.4|^4.0", + "lcobucci/clock": "^1.2|^2.0|^3.0", + "lcobucci/jwt": "^3.4|^4.1|^5.0", "namshi/jose": "^7.2", "symfony/config": "^4.4|^5.3|^6.0", "symfony/dependency-injection": "^4.4|^5.3|^6.0",