Skip to content

chore: make alg required for JWT::sign and JWT::encode #377

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Nov 11, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/JWT.php
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,7 @@ public static function decode($jwt, $keyOrKeyArray)
* @uses jsonEncode
* @uses urlsafeB64Encode
*/
public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $head = null)
public static function encode($payload, $key, $alg, $keyId = null, $head = null)
{
$header = array('typ' => 'JWT', 'alg' => $alg);
if ($keyId !== null) {
Expand Down Expand Up @@ -200,7 +200,7 @@ public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $he
*
* @throws DomainException Unsupported algorithm or bad key was specified
*/
public static function sign($msg, $key, $alg = 'HS256')
public static function sign($msg, $key, $alg)
{
if (empty(static::$supported_algs[$alg])) {
throw new DomainException('Algorithm not supported');
Expand Down
40 changes: 20 additions & 20 deletions tests/JWTTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,14 @@ public function testDecodeFromPython()

public function testUrlSafeCharacters()
{
$encoded = JWT::encode('f?', 'a');
$encoded = JWT::encode('f?', 'a', 'HS256');
$this->assertEquals('f?', JWT::decode($encoded, new Key('a', 'HS256')));
}

public function testMalformedUtf8StringsFail()
{
$this->setExpectedException('DomainException');
JWT::encode(pack('c', 128), 'a');
JWT::encode(pack('c', 128), 'a', 'HS256');
}

public function testMalformedJsonThrowsException()
Expand All @@ -52,7 +52,7 @@ public function testExpiredToken()
$payload = array(
"message" => "abc",
"exp" => time() - 20); // time in the past
$encoded = JWT::encode($payload, 'my_key');
$encoded = JWT::encode($payload, 'my_key', 'HS256');
JWT::decode($encoded, new Key('my_key', 'HS256'));
}

Expand All @@ -62,7 +62,7 @@ public function testBeforeValidTokenWithNbf()
$payload = array(
"message" => "abc",
"nbf" => time() + 20); // time in the future
$encoded = JWT::encode($payload, 'my_key');
$encoded = JWT::encode($payload, 'my_key', 'HS256');
JWT::decode($encoded, new Key('my_key', 'HS256'));
}

Expand All @@ -72,7 +72,7 @@ public function testBeforeValidTokenWithIat()
$payload = array(
"message" => "abc",
"iat" => time() + 20); // time in the future
$encoded = JWT::encode($payload, 'my_key');
$encoded = JWT::encode($payload, 'my_key', 'HS256');
JWT::decode($encoded, new Key('my_key', 'HS256'));
}

Expand All @@ -81,7 +81,7 @@ public function testValidToken()
$payload = array(
"message" => "abc",
"exp" => time() + JWT::$leeway + 20); // time in the future
$encoded = JWT::encode($payload, 'my_key');
$encoded = JWT::encode($payload, 'my_key', 'HS256');
$decoded = JWT::decode($encoded, new Key('my_key', 'HS256'));
$this->assertEquals($decoded->message, 'abc');
}
Expand All @@ -92,7 +92,7 @@ public function testValidTokenWithLeeway()
$payload = array(
"message" => "abc",
"exp" => time() - 20); // time in the past
$encoded = JWT::encode($payload, 'my_key');
$encoded = JWT::encode($payload, 'my_key', 'HS256');
$decoded = JWT::decode($encoded, new Key('my_key', 'HS256'));
$this->assertEquals($decoded->message, 'abc');
JWT::$leeway = 0;
Expand All @@ -105,7 +105,7 @@ public function testExpiredTokenWithLeeway()
"message" => "abc",
"exp" => time() - 70); // time far in the past
$this->setExpectedException('Firebase\JWT\ExpiredException');
$encoded = JWT::encode($payload, 'my_key');
$encoded = JWT::encode($payload, 'my_key', 'HS256');
$decoded = JWT::decode($encoded, new Key('my_key', 'HS256'));
$this->assertEquals($decoded->message, 'abc');
JWT::$leeway = 0;
Expand All @@ -118,7 +118,7 @@ public function testValidTokenWithNbf()
"iat" => time(),
"exp" => time() + 20, // time in the future
"nbf" => time() - 20);
$encoded = JWT::encode($payload, 'my_key');
$encoded = JWT::encode($payload, 'my_key', 'HS256');
$decoded = JWT::decode($encoded, new Key('my_key', 'HS256'));
$this->assertEquals($decoded->message, 'abc');
}
Expand All @@ -129,7 +129,7 @@ public function testValidTokenWithNbfLeeway()
$payload = array(
"message" => "abc",
"nbf" => time() + 20); // not before in near (leeway) future
$encoded = JWT::encode($payload, 'my_key');
$encoded = JWT::encode($payload, 'my_key', 'HS256');
$decoded = JWT::decode($encoded, new Key('my_key', 'HS256'));
$this->assertEquals($decoded->message, 'abc');
JWT::$leeway = 0;
Expand All @@ -141,7 +141,7 @@ public function testInvalidTokenWithNbfLeeway()
$payload = array(
"message" => "abc",
"nbf" => time() + 65); // not before too far in future
$encoded = JWT::encode($payload, 'my_key');
$encoded = JWT::encode($payload, 'my_key', 'HS256');
$this->setExpectedException('Firebase\JWT\BeforeValidException');
JWT::decode($encoded, new Key('my_key', 'HS256'));
JWT::$leeway = 0;
Expand All @@ -153,7 +153,7 @@ public function testValidTokenWithIatLeeway()
$payload = array(
"message" => "abc",
"iat" => time() + 20); // issued in near (leeway) future
$encoded = JWT::encode($payload, 'my_key');
$encoded = JWT::encode($payload, 'my_key', 'HS256');
$decoded = JWT::decode($encoded, new Key('my_key', 'HS256'));
$this->assertEquals($decoded->message, 'abc');
JWT::$leeway = 0;
Expand All @@ -165,7 +165,7 @@ public function testInvalidTokenWithIatLeeway()
$payload = array(
"message" => "abc",
"iat" => time() + 65); // issued too far in future
$encoded = JWT::encode($payload, 'my_key');
$encoded = JWT::encode($payload, 'my_key', 'HS256');
$this->setExpectedException('Firebase\JWT\BeforeValidException');
JWT::decode($encoded, new Key('my_key', 'HS256'));
JWT::$leeway = 0;
Expand All @@ -176,7 +176,7 @@ public function testInvalidToken()
$payload = array(
"message" => "abc",
"exp" => time() + 20); // time in the future
$encoded = JWT::encode($payload, 'my_key');
$encoded = JWT::encode($payload, 'my_key', 'HS256');
$this->setExpectedException('Firebase\JWT\SignatureInvalidException');
JWT::decode($encoded, new Key('my_key2', 'HS256'));
}
Expand All @@ -186,7 +186,7 @@ public function testNullKeyFails()
$payload = array(
"message" => "abc",
"exp" => time() + JWT::$leeway + 20); // time in the future
$encoded = JWT::encode($payload, 'my_key');
$encoded = JWT::encode($payload, 'my_key', 'HS256');
$this->setExpectedException('InvalidArgumentException');
JWT::decode($encoded, new Key(null, 'HS256'));
}
Expand All @@ -196,7 +196,7 @@ public function testEmptyKeyFails()
$payload = array(
"message" => "abc",
"exp" => time() + JWT::$leeway + 20); // time in the future
$encoded = JWT::encode($payload, 'my_key');
$encoded = JWT::encode($payload, 'my_key', 'HS256');
$this->setExpectedException('InvalidArgumentException');
JWT::decode($encoded, new Key('', 'HS256'));
}
Expand Down Expand Up @@ -225,21 +225,21 @@ public function testArrayAccessKIDChooser()

public function testNoneAlgorithm()
{
$msg = JWT::encode('abc', 'my_key');
$msg = JWT::encode('abc', 'my_key', 'HS256');
$this->setExpectedException('UnexpectedValueException');
JWT::decode($msg, new Key('my_key', 'none'));
}

public function testIncorrectAlgorithm()
{
$msg = JWT::encode('abc', 'my_key');
$msg = JWT::encode('abc', 'my_key', 'HS256');
$this->setExpectedException('UnexpectedValueException');
JWT::decode($msg, new Key('my_key', 'RS256'));
}

public function testEmptyAlgorithm()
{
$msg = JWT::encode('abc', 'my_key');
$msg = JWT::encode('abc', 'my_key', 'HS256');
$this->setExpectedException('UnexpectedValueException');
JWT::decode($msg, new Key('my_key', ''));
}
Expand All @@ -265,7 +265,7 @@ public function testInvalidSignatureEncoding()

public function testHSEncodeDecode()
{
$msg = JWT::encode('abc', 'my_key');
$msg = JWT::encode('abc', 'my_key', 'HS256');
$this->assertEquals(JWT::decode($msg, new Key('my_key', 'HS256')), 'abc');
}

Expand Down