Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow JWT::decode to accept an empty string as a valid kid #581

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+38 −7
Open

Allow JWT::decode to accept an empty string as a valid kid #581

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 5 additions & 7 deletions src/JWT.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -465,17 +465,15 @@ private static function getKey(
$keyOrKeyArray,
?string $kid
): Key {

$kid = (string) $kid;

if ($keyOrKeyArray instanceof Key) {
return $keyOrKeyArray;
}

if (empty($kid) && $kid !== '0') {
throw new UnexpectedValueException('"kid" empty, unable to lookup correct key');
}

if ($keyOrKeyArray instanceof CachedKeySet) {
// Skip "isset" check, as this will automatically refresh if not set
return $keyOrKeyArray[$kid];
if (!is_array($keyOrKeyArray) && !$keyOrKeyArray instanceof ArrayAccess) {
throw new UnexpectedValueException('Expecting a Key or an associative array of keys');
}

if (!isset($keyOrKeyArray[$kid])) {
Expand Down
33 changes: 33 additions & 0 deletions tests/JWTTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,19 @@ public function testKIDChooser()
$this->assertEquals($decoded, $expected);
}

public function testArrayAccessKIDChooserWhenJWTHasNoKey()
{
$key = new Key('my_key0', 'HS256');
$keys = new ArrayObject([
'' => $key,
]);
$msg = JWT::encode(['message' => 'abc'], $key->getKeyMaterial(), 'HS256');
$decoded = JWT::decode($msg, $keys);
$expected = new stdClass();
$expected->message = 'abc';
$this->assertEquals($decoded, $expected);
}

public function testArrayAccessKIDChooser()
{
$keys = new ArrayObject([
Expand Down Expand Up @@ -383,6 +396,26 @@ public function testInvalidSignatureEncoding()
JWT::decode($msg, new Key('secret', 'HS256'));
}

public function testInvalideKeyOrKeyArray()
{
$key = 'yma6Hq4XQegCVND8ef23OYgxSrC3IKqk';
$payload = ['foo' => [1, 2, 3]];
$jwt = JWT::encode($payload, $key, 'HS256');
$this->expectException(UnexpectedValueException::class);
$this->expectExceptionMessage('Expecting a Key or an associative array of keys');
JWT::decode($jwt, 'SomeKeyNotAnArray');
}

public function testKeyNotInKeyOrKeyArray()
{
$key = 'yma6Hq4XQegCVND8ef23OYgxSrC3IKqk';
$payload = ['foo' => [1, 2, 3]];
$jwt = JWT::encode($payload, $key, 'HS256');
$this->expectException(UnexpectedValueException::class);
$this->expectExceptionMessage('"kid" invalid, unable to lookup correct key');
JWT::decode($jwt, ['notrealkey' => 'SomeKeyNotAnArray']);
}

public function testHSEncodeDecode()
{
$msg = JWT::encode(['message' => 'abc'], 'my_key', 'HS256');
Expand Down