Adding basic token validation

lcobucci · Mar 18, 2014 · 696633b · 696633b
1 parent 763d8fa
commit 696633b
Show file tree

Hide file tree

Showing 2 changed files with 135 additions and 0 deletions.
diff --git a/src/Token.php b/src/Token.php
@@ -118,6 +118,46 @@ public function verify($key)
         return $this->signature->verify($this->getPayload(), $key);
     }
 
+    /**
+     * Validates if the token is valid
+     *
+     * @param string $issuer
+     * @param string $audience
+     * @param string $subject
+     * @param int $currentTime
+     * @return boolean
+     */
+    public function validate(
+        $issuer = null,
+        $audience = null,
+        $subject = null,
+        $currentTime = null
+    ) {
+        $currentTime = $currentTime ?: time();
+
+        if (isset($this->claims['iss']) && $this->claims['iss'] != $issuer) {
+            return false;
+        }
+
+        if (isset($this->claims['aud']) && $this->claims['aud'] != $audience) {
+            return false;
+        }
+
+        if (isset($this->claims['sub']) && $this->claims['sub'] != $subject) {
+            return false;
+        }
+
+        if (isset($this->claims['nbf']) && $this->claims['nbf'] > $currentTime) {
+            return false;
+        }
+
+        if (isset($this->claims['exp']) && $this->claims['exp'] < $currentTime) {
+            return false;
+        }
+
+        return true;
+    }
+
     /**
      * Returns the token payload
      *

diff --git a/test/TokenTest.php b/test/TokenTest.php
@@ -138,6 +138,101 @@ public function verifyMustDelegateTheValidationToSignature()
         $this->assertTrue($token->verify('test'));
     }
 
+    /**
+     * @test
+     * @covers ::__construct
+     * @covers ::validate
+     */
+    public function validateShouldReturnTrueWhenClaimsAreEmpty()
+    {
+        $token = new Token();
+
+        $this->assertTrue($token->validate());
+    }
+
+    /**
+     * @test
+     * @covers ::__construct
+     * @covers ::validate
+     */
+    public function validateShouldReturnFalseWhenIssuerIsDiferentThanTheGivenOne()
+    {
+        $token = new Token([], ['iss' => 'test']);
+
+        $this->assertFalse($token->validate('test1'));
+    }
+
+    /**
+     * @test
+     * @covers ::__construct
+     * @covers ::validate
+     */
+    public function validateShouldReturnFalseWhenAudienceIsDiferentThanTheGivenOne()
+    {
+        $token = new Token([], ['aud' => 'test']);
+
+        $this->assertFalse($token->validate(null, 'test1'));
+    }
+
+    /**
+     * @test
+     * @covers ::__construct
+     * @covers ::validate
+     */
+    public function validateShouldReturnFalseWhenSubjectIsDiferentThanTheGivenOne()
+    {
+        $token = new Token([], ['sub' => 'test']);
+
+        $this->assertFalse($token->validate(null, null, 'test1'));
+    }
+
+    /**
+     * @test
+     * @covers ::__construct
+     * @covers ::validate
+     */
+    public function validateShouldReturnFalseWhenTokenCannotYetBeUsed()
+    {
+        $token = new Token([], ['nbf' => strtotime('+2 hours')]);
+
+        $this->assertFalse($token->validate(null, null, null, time()));
+    }
+
+    /**
+     * @test
+     * @covers ::__construct
+     * @covers ::validate
+     */
+    public function validateShouldReturnFalseWhenTokenIsExpired()
+    {
+        $token = new Token([], ['exp' => time()]);
+
+        $this->assertFalse($token->validate(null, null, null, strtotime('+2 hours')));
+    }
+
+    /**
+     * @test
+     * @covers ::__construct
+     * @covers ::validate
+     */
+    public function validateShouldReturnTrueWhenAllInformationsAreRight()
+    {
+        $token = new Token(
+            [],
+            [
+                'iss' => 'test0',
+                'aud' => 'test1',
+                'sub' => 'test2',
+                'nbf' => time(),
+                'exp' => strtotime('+3 hours')
+            ]
+        );
+
+        $this->assertTrue(
+            $token->validate('test0', 'test1', 'test2', strtotime('+1 hours'))
+        );
+    }
+
     /**
      * @test
      * @covers ::__construct