Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-11-23 11:22:33 +01:00
Code Issues Releases Wiki Activity

Renamed OIDC files to all be aligned

Browse Source
This commit is contained in:
Dan Brown 2021-10-12 23:04:28 +01:00
parent 06a0d829c8
commit c167f40af3
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
14 changed files with 112 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Auth/Access/OpenIdConnect/OpenIdConnectAccessToken.php → app/Auth/Access/Oidc/OidcAccessToken.php
View File

@ -1,11 +1,11 @@
<?php
namespace BookStack\Auth\Access\OpenIdConnect;
namespace BookStack\Auth\Access\Oidc;
use InvalidArgumentException;
use League\OAuth2\Client\Token\AccessToken;
class OpenIdConnectAccessToken extends AccessToken
class OidcAccessToken extends AccessToken
{
/**
* Constructs an access token.

46
app/Auth/Access/OpenIdConnect/OpenIdConnectIdToken.php → app/Auth/Access/Oidc/OidcIdToken.php
View File

@ -1,8 +1,8 @@
<?php
namespace BookStack\Auth\Access\OpenIdConnect;
namespace BookStack\Auth\Access\Oidc;
class OpenIdConnectIdToken
class OidcIdToken
{
/**
* @var array
@ -74,7 +74,7 @@ class OpenIdConnectIdToken
/**
* Validate all possible parts of the id token.
* @throws InvalidTokenException
* @throws OidcInvalidTokenException
*/
public function validate(string $clientId): bool
{
@ -105,35 +105,35 @@ class OpenIdConnectIdToken
/**
* Validate the structure of the given token and ensure we have the required pieces.
* As per https://datatracker.ietf.org/doc/html/rfc7519#section-7.2
* @throws InvalidTokenException
* @throws OidcInvalidTokenException
*/
protected function validateTokenStructure(): void
{
foreach (['header', 'payload'] as $prop) {
if (empty($this->$prop) || !is_array($this->$prop)) {
throw new InvalidTokenException("Could not parse out a valid {$prop} within the provided token");
throw new OidcInvalidTokenException("Could not parse out a valid {$prop} within the provided token");
}
}
if (empty($this->signature) || !is_string($this->signature)) {
throw new InvalidTokenException("Could not parse out a valid signature within the provided token");
throw new OidcInvalidTokenException("Could not parse out a valid signature within the provided token");
}
}
/**
* Validate the signature of the given token and ensure it validates against the provided key.
* @throws InvalidTokenException
* @throws OidcInvalidTokenException
*/
protected function validateTokenSignature(): void
{
if ($this->header['alg'] !== 'RS256') {
throw new InvalidTokenException("Only RS256 signature validation is supported. Token reports using {$this->header['alg']}");
throw new OidcInvalidTokenException("Only RS256 signature validation is supported. Token reports using {$this->header['alg']}");
}
$parsedKeys = array_map(function($key) {
try {
return new JwtSigningKey($key);
} catch (InvalidKeyException $e) {
return new OidcJwtSigningKey($key);
} catch (OidcInvalidKeyException $e) {
return null;
}
}, $this->keys);
@ -141,27 +141,27 @@ class OpenIdConnectIdToken
$parsedKeys = array_filter($parsedKeys);
$contentToSign = $this->tokenParts[0] . '.' . $this->tokenParts[1];
/** @var JwtSigningKey $parsedKey */
/** @var OidcJwtSigningKey $parsedKey */
foreach ($parsedKeys as $parsedKey) {
if ($parsedKey->verify($contentToSign, $this->signature)) {
return;
}
}
throw new InvalidTokenException('Token signature could not be validated using the provided keys');
throw new OidcInvalidTokenException('Token signature could not be validated using the provided keys');
}
/**
* Validate the claims of the token.
* As per https://openid.net/specs/openid-connect-basic-1_0.html#IDTokenValidation
* @throws InvalidTokenException
* @throws OidcInvalidTokenException
*/
protected function validateTokenClaims(string $clientId): void
{
// 1. The Issuer Identifier for the OpenID Provider (which is typically obtained during Discovery)
// MUST exactly match the value of the iss (issuer) Claim.
if (empty($this->payload['iss']) || $this->issuer !== $this->payload['iss']) {
throw new InvalidTokenException('Missing or non-matching token issuer value');
throw new OidcInvalidTokenException('Missing or non-matching token issuer value');
}
// 2. The Client MUST validate that the aud (audience) Claim contains its client_id value registered
@ -169,16 +169,16 @@ class OpenIdConnectIdToken
// if the ID Token does not list the Client as a valid audience, or if it contains additional
// audiences not trusted by the Client.
if (empty($this->payload['aud'])) {
throw new InvalidTokenException('Missing token audience value');
throw new OidcInvalidTokenException('Missing token audience value');
}
$aud = is_string($this->payload['aud']) ? [$this->payload['aud']] : $this->payload['aud'];
if (count($aud) !== 1) {
throw new InvalidTokenException('Token audience value has ' . count($aud) . ' values, Expected 1');
throw new OidcInvalidTokenException('Token audience value has ' . count($aud) . ' values, Expected 1');
}
if ($aud[0] !== $clientId) {
throw new InvalidTokenException('Token audience value did not match the expected client_id');
throw new OidcInvalidTokenException('Token audience value did not match the expected client_id');
}
// 3. If the ID Token contains multiple audiences, the Client SHOULD verify that an azp Claim is present.
@ -187,32 +187,32 @@ class OpenIdConnectIdToken
// 4. If an azp (authorized party) Claim is present, the Client SHOULD verify that its client_id
// is the Claim Value.
if (isset($this->payload['azp']) && $this->payload['azp'] !== $clientId) {
throw new InvalidTokenException('Token authorized party exists but does not match the expected client_id');
throw new OidcInvalidTokenException('Token authorized party exists but does not match the expected client_id');
}
// 5. The current time MUST be before the time represented by the exp Claim
// (possibly allowing for some small leeway to account for clock skew).
if (empty($this->payload['exp'])) {
throw new InvalidTokenException('Missing token expiration time value');
throw new OidcInvalidTokenException('Missing token expiration time value');
}
$skewSeconds = 120;
$now = time();
if ($now >= (intval($this->payload['exp']) + $skewSeconds)) {
throw new InvalidTokenException('Token has expired');
throw new OidcInvalidTokenException('Token has expired');
}
// 6. The iat Claim can be used to reject tokens that were issued too far away from the current time,
// limiting the amount of time that nonces need to be stored to prevent attacks.
// The acceptable range is Client specific.
if (empty($this->payload['iat'])) {
throw new InvalidTokenException('Missing token issued at time value');
throw new OidcInvalidTokenException('Missing token issued at time value');
}
$dayAgo = time() - 86400;
$iat = intval($this->payload['iat']);
if ($iat > ($now + $skewSeconds) || $iat < $dayAgo) {
throw new InvalidTokenException('Token issue at time is not recent or is invalid');
throw new OidcInvalidTokenException('Token issue at time is not recent or is invalid');
}
// 7. If the acr Claim was requested, the Client SHOULD check that the asserted Claim Value is appropriate.
@ -225,7 +225,7 @@ class OpenIdConnectIdToken
// Custom: Ensure the "sub" (Subject) Claim exists and has a value.
if (empty($this->payload['sub'])) {
throw new InvalidTokenException('Missing token subject value');
throw new OidcInvalidTokenException('Missing token subject value');
}
}

8
app/Auth/Access/Oidc/OidcInvalidKeyException.php Normal file
View File

@ -0,0 +1,8 @@
<?php
namespace BookStack\Auth\Access\Oidc;
class OidcInvalidKeyException extends \Exception
{
}

10
app/Auth/Access/Oidc/OidcInvalidTokenException.php Normal file
View File

@ -0,0 +1,10 @@
<?php
namespace BookStack\Auth\Access\Oidc;
use Exception;
class OidcInvalidTokenException extends Exception
{
}

8
app/Auth/Access/Oidc/OidcIssuerDiscoveryException.php Normal file
View File

@ -0,0 +1,8 @@
<?php
namespace BookStack\Auth\Access\Oidc;
class OidcIssuerDiscoveryException extends \Exception
{
}

28
app/Auth/Access/OpenIdConnect/JwtSigningKey.php → app/Auth/Access/Oidc/OidcJwtSigningKey.php
View File

@ -1,13 +1,13 @@
<?php
namespace BookStack\Auth\Access\OpenIdConnect;
namespace BookStack\Auth\Access\Oidc;
use phpseclib3\Crypt\Common\PublicKey;
use phpseclib3\Crypt\PublicKeyLoader;
use phpseclib3\Crypt\RSA;
use phpseclib3\Math\BigInteger;
class JwtSigningKey
class OidcJwtSigningKey
{
/**
* @var PublicKey
@ -20,7 +20,7 @@ class JwtSigningKey
* 'file:///var/www/cert.pem'
* ['kty' => 'RSA', 'alg' => 'RS256', 'n' => 'abc123...']
* @param array|string $jwkOrKeyPath
* @throws InvalidKeyException
* @throws OidcInvalidKeyException
*/
public function __construct($jwkOrKeyPath)
{
@ -29,12 +29,12 @@ class JwtSigningKey
} else if (is_string($jwkOrKeyPath) && strpos($jwkOrKeyPath, 'file://') === 0) {
$this->loadFromPath($jwkOrKeyPath);
} else {
throw new InvalidKeyException('Unexpected type of key value provided');
throw new OidcInvalidKeyException('Unexpected type of key value provided');
}
}
/**
* @throws InvalidKeyException
* @throws OidcInvalidKeyException
*/
protected function loadFromPath(string $path)
{
@ -43,37 +43,37 @@ class JwtSigningKey
file_get_contents($path)
)->withPadding(RSA::SIGNATURE_PKCS1);
} catch (\Exception $exception) {
throw new InvalidKeyException("Failed to load key from file path with error: {$exception->getMessage()}");
throw new OidcInvalidKeyException("Failed to load key from file path with error: {$exception->getMessage()}");
}
if (!($this->key instanceof RSA)) {
throw new InvalidKeyException("Key loaded from file path is not an RSA key as expected");
throw new OidcInvalidKeyException("Key loaded from file path is not an RSA key as expected");
}
}
/**
* @throws InvalidKeyException
* @throws OidcInvalidKeyException
*/
protected function loadFromJwkArray(array $jwk)
{
if ($jwk['alg'] !== 'RS256') {
throw new InvalidKeyException("Only RS256 keys are currently supported. Found key using {$jwk['alg']}");
throw new OidcInvalidKeyException("Only RS256 keys are currently supported. Found key using {$jwk['alg']}");
}
if (empty($jwk['use'])) {
throw new InvalidKeyException('A "use" parameter on the provided key is expected');
throw new OidcInvalidKeyException('A "use" parameter on the provided key is expected');
}
if ($jwk['use'] !== 'sig') {
throw new InvalidKeyException("Only signature keys are currently supported. Found key for use {$jwk['use']}");
throw new OidcInvalidKeyException("Only signature keys are currently supported. Found key for use {$jwk['use']}");
}
if (empty($jwk['e'])) {
throw new InvalidKeyException('An "e" parameter on the provided key is expected');
throw new OidcInvalidKeyException('An "e" parameter on the provided key is expected');
}
if (empty($jwk['n'])) {
throw new InvalidKeyException('A "n" parameter on the provided key is expected');
throw new OidcInvalidKeyException('A "n" parameter on the provided key is expected');
}
$n = strtr($jwk['n'] ?? '', '-_', '+/');
@ -85,7 +85,7 @@ class JwtSigningKey
'n' => new BigInteger(base64_decode($n), 256),
])->withPadding(RSA::SIGNATURE_PKCS1);
} catch (\Exception $exception) {
throw new InvalidKeyException("Failed to load key from JWK parameters with error: {$exception->getMessage()}");
throw new OidcInvalidKeyException("Failed to load key from JWK parameters with error: {$exception->getMessage()}");
}
}

8
app/Auth/Access/OpenIdConnect/OpenIdConnectOAuthProvider.php → app/Auth/Access/Oidc/OidcOAuthProvider.php
View File

@ -1,6 +1,6 @@
<?php
namespace BookStack\Auth\Access\OpenIdConnect;
namespace BookStack\Auth\Access\Oidc;
use League\OAuth2\Client\Grant\AbstractGrant;
use League\OAuth2\Client\Provider\AbstractProvider;
@ -16,7 +16,7 @@ use Psr\Http\Message\ResponseInterface;
* Credit to the https://github.com/steverhoades/oauth2-openid-connect-client
* project for the idea of extending a League\OAuth2 client for this use-case.
*/
class OpenIdConnectOAuthProvider extends AbstractProvider
class OidcOAuthProvider extends AbstractProvider
{
use BearerAuthorizationTrait;
@ -116,11 +116,11 @@ class OpenIdConnectOAuthProvider extends AbstractProvider
*
* @param array $response
* @param AbstractGrant $grant
* @return OpenIdConnectAccessToken
* @return OidcAccessToken
*/
protected function createAccessToken(array $response, AbstractGrant $grant)
{
return new OpenIdConnectAccessToken($response);
return new OidcAccessToken($response);
}

18
app/Auth/Access/OpenIdConnect/OpenIdConnectProviderSettings.php → app/Auth/Access/Oidc/OidcProviderSettings.php
View File

@ -1,6 +1,6 @@
<?php
namespace BookStack\Auth\Access\OpenIdConnect;
namespace BookStack\Auth\Access\Oidc;
use GuzzleHttp\Psr7\Request;
use Illuminate\Contracts\Cache\Repository;
@ -13,7 +13,7 @@ use Psr\Http\Client\ClientInterface;
* Acts as a DTO for settings used within the oidc request and token handling.
* Performs auto-discovery upon request.
*/
class OpenIdConnectProviderSettings
class OidcProviderSettings
{
/**
* @var string
@ -103,7 +103,7 @@ class OpenIdConnectProviderSettings
/**
* Discover and autoload settings from the configured issuer.
* @throws IssuerDiscoveryException
* @throws OidcIssuerDiscoveryException
*/
public function discoverFromIssuer(ClientInterface $httpClient, Repository $cache, int $cacheMinutes)
{
@ -114,12 +114,12 @@ class OpenIdConnectProviderSettings
});
$this->applySettingsFromArray($discoveredSettings);
} catch (ClientExceptionInterface $exception) {
throw new IssuerDiscoveryException("HTTP request failed during discovery with error: {$exception->getMessage()}");
throw new OidcIssuerDiscoveryException("HTTP request failed during discovery with error: {$exception->getMessage()}");
}
}
/**
* @throws IssuerDiscoveryException
* @throws OidcIssuerDiscoveryException
* @throws ClientExceptionInterface
*/
protected function loadSettingsFromIssuerDiscovery(ClientInterface $httpClient): array
@ -130,11 +130,11 @@ class OpenIdConnectProviderSettings
$result = json_decode($response->getBody()->getContents(), true);
if (empty($result) || !is_array($result)) {
throw new IssuerDiscoveryException("Error discovering provider settings from issuer at URL {$issuerUrl}");
throw new OidcIssuerDiscoveryException("Error discovering provider settings from issuer at URL {$issuerUrl}");
}
if ($result['issuer'] !== $this->issuer) {
throw new IssuerDiscoveryException("Unexpected issuer value found on discovery response");
throw new OidcIssuerDiscoveryException("Unexpected issuer value found on discovery response");
}
$discoveredSettings = [];
@ -168,7 +168,7 @@ class OpenIdConnectProviderSettings
/**
* Return an array of jwks as PHP key=>value arrays.
* @throws ClientExceptionInterface
* @throws IssuerDiscoveryException
* @throws OidcIssuerDiscoveryException
*/
protected function loadKeysFromUri(string $uri, ClientInterface $httpClient): array
{
@ -177,7 +177,7 @@ class OpenIdConnectProviderSettings
$result = json_decode($response->getBody()->getContents(), true);
if (empty($result) || !is_array($result) || !isset($result['keys'])) {
throw new IssuerDiscoveryException("Error reading keys from issuer jwks_uri");
throw new OidcIssuerDiscoveryException("Error reading keys from issuer jwks_uri");
}
return $result['keys'];

24
app/Auth/Access/OpenIdConnect/OpenIdConnectService.php → app/Auth/Access/Oidc/OidcService.php
View File

@ -1,4 +1,4 @@
<?php namespace BookStack\Auth\Access\OpenIdConnect;
<?php namespace BookStack\Auth\Access\Oidc;
use BookStack\Auth\Access\LoginService;
use BookStack\Auth\Access\RegistrationService;
@ -20,7 +20,7 @@ use function url;
* Class OpenIdConnectService
* Handles any app-specific OIDC tasks.
*/
class OpenIdConnectService
class OidcService
{
protected $registrationService;
protected $loginService;
@ -72,12 +72,12 @@ class OpenIdConnectService
}
/**
* @throws IssuerDiscoveryException
* @throws OidcIssuerDiscoveryException
* @throws ClientExceptionInterface
*/
protected function getProviderSettings(): OpenIdConnectProviderSettings
protected function getProviderSettings(): OidcProviderSettings
{
$settings = new OpenIdConnectProviderSettings([
$settings = new OidcProviderSettings([
'issuer' => $this->config['issuer'],
'clientId' => $this->config['client_id'],
'clientSecret' => $this->config['client_secret'],
@ -104,15 +104,15 @@ class OpenIdConnectService
/**
* Load the underlying OpenID Connect Provider.
*/
protected function getProvider(OpenIdConnectProviderSettings $settings): OpenIdConnectOAuthProvider
protected function getProvider(OidcProviderSettings $settings): OidcOAuthProvider
{
return new OpenIdConnectOAuthProvider($settings->arrayForProvider());
return new OidcOAuthProvider($settings->arrayForProvider());
}
/**
* Calculate the display name
*/
protected function getUserDisplayName(OpenIdConnectIdToken $token, string $defaultValue): string
protected function getUserDisplayName(OidcIdToken $token, string $defaultValue): string
{
$displayNameAttr = $this->config['display_name_claims'];
@ -135,7 +135,7 @@ class OpenIdConnectService
* Extract the details of a user from an ID token.
* @return array{name: string, email: string, external_id: string}
*/
protected function getUserDetails(OpenIdConnectIdToken $token): array
protected function getUserDetails(OidcIdToken $token): array
{
$id = $token->getClaim('sub');
return [
@ -153,10 +153,10 @@ class OpenIdConnectService
* @throws UserRegistrationException
* @throws StoppedAuthenticationException
*/
protected function processAccessTokenCallback(OpenIdConnectAccessToken $accessToken, OpenIdConnectProviderSettings $settings): User
protected function processAccessTokenCallback(OidcAccessToken $accessToken, OidcProviderSettings $settings): User
{
$idTokenText = $accessToken->getIdToken();
$idToken = new OpenIdConnectIdToken(
$idToken = new OidcIdToken(
$idTokenText,
$settings->issuer,
$settings->keys,
@ -168,7 +168,7 @@ class OpenIdConnectService
try {
$idToken->validate($settings->clientId);
} catch (InvalidTokenException $exception) {
} catch (OidcInvalidTokenException $exception) {
throw new OpenIdConnectException("ID token validate failed with error: {$exception->getMessage()}");
}

8
app/Auth/Access/OpenIdConnect/InvalidKeyException.php
View File

@ -1,8 +0,0 @@
<?php
namespace BookStack\Auth\Access\OpenIdConnect;
class InvalidKeyException extends \Exception
{
}

10
app/Auth/Access/OpenIdConnect/InvalidTokenException.php
View File

@ -1,10 +0,0 @@
<?php
namespace BookStack\Auth\Access\OpenIdConnect;
use Exception;
class InvalidTokenException extends Exception
{
}

8
app/Auth/Access/OpenIdConnect/IssuerDiscoveryException.php
View File

@ -1,8 +0,0 @@
<?php
namespace BookStack\Auth\Access\OpenIdConnect;
class IssuerDiscoveryException extends \Exception
{
}

4
app/Http/Controllers/Auth/OpenIdConnectController.php
View File

@ -2,7 +2,7 @@
namespace BookStack\Http\Controllers\Auth;
use BookStack\Auth\Access\OpenIdConnect\OpenIdConnectService;
use BookStack\Auth\Access\Oidc\OidcService;
use BookStack\Http\Controllers\Controller;
use Illuminate\Http\Request;
@ -14,7 +14,7 @@ class OpenIdConnectController extends Controller
/**
* OpenIdController constructor.
*/
public function __construct(OpenIdConnectService $oidcService)
public function __construct(OidcService $oidcService)
{
$this->oidcService = $oidcService;
$this->middleware('guard:oidc');

40
tests/Unit/OpenIdConnectIdTokenTest.php → tests/Unit/OidcIdTokenTest.php
View File

@ -2,16 +2,16 @@
namespace Tests\Unit;
use BookStack\Auth\Access\OpenIdConnect\InvalidTokenException;
use BookStack\Auth\Access\OpenIdConnect\OpenIdConnectIdToken;
use BookStack\Auth\Access\Oidc\OidcInvalidTokenException;
use BookStack\Auth\Access\Oidc\OidcIdToken;
use phpseclib3\Crypt\RSA;
use Tests\TestCase;
class OpenIdConnectIdTokenTest extends TestCase
class OidcIdTokenTest extends TestCase
{
public function test_valid_token_passes_validation()
{
$token = new OpenIdConnectIdToken($this->idToken(), 'https://auth.example.com', [
$token = new OidcIdToken($this->idToken(), 'https://auth.example.com', [
$this->jwkKeyArray()
]);
@ -20,20 +20,20 @@ class OpenIdConnectIdTokenTest extends TestCase
public function test_get_claim_returns_value_if_existing()
{
$token = new OpenIdConnectIdToken($this->idToken(), 'https://auth.example.com', []);
$token = new OidcIdToken($this->idToken(), 'https://auth.example.com', []);
$this->assertEquals('bscott@example.com', $token->getClaim('email'));
}
public function test_get_claim_returns_null_if_not_existing()
{
$token = new OpenIdConnectIdToken($this->idToken(), 'https://auth.example.com', []);
$token = new OidcIdToken($this->idToken(), 'https://auth.example.com', []);
$this->assertEquals(null, $token->getClaim('emails'));
}
public function test_get_all_claims_returns_all_payload_claims()
{
$defaultPayload = $this->getDefaultPayload();
$token = new OpenIdConnectIdToken($this->idToken($defaultPayload), 'https://auth.example.com', []);
$token = new OidcIdToken($this->idToken($defaultPayload), 'https://auth.example.com', []);
$this->assertEquals($defaultPayload, $token->getAllClaims());
}
@ -52,7 +52,7 @@ class OpenIdConnectIdTokenTest extends TestCase
];
foreach ($messagesAndTokenValues as [$message, $tokenValue]) {
$token = new OpenIdConnectIdToken($tokenValue, 'https://auth.example.com', []);
$token = new OidcIdToken($tokenValue, 'https://auth.example.com', []);
$err = null;
try {
$token->validate('abc');
@ -60,43 +60,43 @@ class OpenIdConnectIdTokenTest extends TestCase
$err = $exception;
}
$this->assertInstanceOf(InvalidTokenException::class, $err, $message);
$this->assertInstanceOf(OidcInvalidTokenException::class, $err, $message);
$this->assertEquals($message, $err->getMessage());
}
}
public function test_error_thrown_if_token_signature_not_validated_from_no_keys()
{
$token = new OpenIdConnectIdToken($this->idToken(), 'https://auth.example.com', []);
$this->expectException(InvalidTokenException::class);
$token = new OidcIdToken($this->idToken(), 'https://auth.example.com', []);
$this->expectException(OidcInvalidTokenException::class);
$this->expectExceptionMessage('Token signature could not be validated using the provided keys');
$token->validate('abc');
}
public function test_error_thrown_if_token_signature_not_validated_from_non_matching_key()
{
$token = new OpenIdConnectIdToken($this->idToken(), 'https://auth.example.com', [
$token = new OidcIdToken($this->idToken(), 'https://auth.example.com', [
array_merge($this->jwkKeyArray(), [
'n' => 'iqK-1QkICMf_cusNLpeNnN-bhT0-9WLBvzgwKLALRbrevhdi5ttrLHIQshaSL0DklzfyG2HWRmAnJ9Q7sweEjuRiiqRcSUZbYu8cIv2hLWYu7K_NH67D2WUjl0EnoHEuiVLsZhQe1CmdyLdx087j5nWkd64K49kXRSdxFQUlj8W3NeK3CjMEUdRQ3H4RZzJ4b7uuMiFA29S2ZhMNG20NPbkUVsFL-jiwTd10KSsPT8yBYipI9O7mWsUWt_8KZs1y_vpM_k3SyYihnWpssdzDm1uOZ8U3mzFr1xsLAO718GNUSXk6npSDzLl59HEqa6zs4O9awO2qnSHvcmyELNk31w'
])
]);
$this->expectException(InvalidTokenException::class);
$this->expectException(OidcInvalidTokenException::class);
$this->expectExceptionMessage('Token signature could not be validated using the provided keys');
$token->validate('abc');
}
public function test_error_thrown_if_token_signature_not_validated_from_invalid_key()
{
$token = new OpenIdConnectIdToken($this->idToken(), 'https://auth.example.com', ['url://example.com']);
$this->expectException(InvalidTokenException::class);
$token = new OidcIdToken($this->idToken(), 'https://auth.example.com', ['url://example.com']);
$this->expectException(OidcInvalidTokenException::class);
$this->expectExceptionMessage('Token signature could not be validated using the provided keys');
$token->validate('abc');
}
public function test_error_thrown_if_token_algorithm_is_not_rs256()
{
$token = new OpenIdConnectIdToken($this->idToken([], ['alg' => 'HS256']), 'https://auth.example.com', []);
$this->expectException(InvalidTokenException::class);
$token = new OidcIdToken($this->idToken([], ['alg' => 'HS256']), 'https://auth.example.com', []);
$this->expectException(OidcInvalidTokenException::class);
$this->expectExceptionMessage("Only RS256 signature validation is supported. Token reports using HS256");
$token->validate('abc');
}
@ -133,7 +133,7 @@ class OpenIdConnectIdTokenTest extends TestCase
];
foreach ($claimOverridesByErrorMessage as [$message, $overrides]) {
$token = new OpenIdConnectIdToken($this->idToken($overrides), 'https://auth.example.com', [
$token = new OidcIdToken($this->idToken($overrides), 'https://auth.example.com', [
$this->jwkKeyArray()
]);
@ -144,7 +144,7 @@ class OpenIdConnectIdTokenTest extends TestCase
$err = $exception;
}
$this->assertInstanceOf(InvalidTokenException::class, $err, $message);
$this->assertInstanceOf(OidcInvalidTokenException::class, $err, $message);
$this->assertEquals($message, $err->getMessage());
}
}
@ -154,7 +154,7 @@ class OpenIdConnectIdTokenTest extends TestCase
$file = tmpfile();
$testFilePath = 'file://' . stream_get_meta_data($file)['uri'];
file_put_contents($testFilePath, $this->pemKey());
$token = new OpenIdConnectIdToken($this->idToken(), 'https://auth.example.com', [
$token = new OidcIdToken($this->idToken(), 'https://auth.example.com', [
$testFilePath
]);