From 696633b9584023c024e834fd34d9b7ededfd2c95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lu=C3=ADs=20Ot=C3=A1vio=20Cobucci=20Oblonczyk?= Date: Tue, 18 Mar 2014 00:12:24 +0000 Subject: [PATCH] Adding basic token validation --- src/Token.php | 40 +++++++++++++++++++ test/TokenTest.php | 95 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 135 insertions(+) diff --git a/src/Token.php b/src/Token.php index f7b8d73e..e6ec96d0 100644 --- a/src/Token.php +++ b/src/Token.php @@ -118,6 +118,46 @@ public function verify($key) return $this->signature->verify($this->getPayload(), $key); } + /** + * Validates if the token is valid + * + * @param string $issuer + * @param string $audience + * @param string $subject + * @param int $currentTime + * @return boolean + */ + public function validate( + $issuer = null, + $audience = null, + $subject = null, + $currentTime = null + ) { + $currentTime = $currentTime ?: time(); + + if (isset($this->claims['iss']) && $this->claims['iss'] != $issuer) { + return false; + } + + if (isset($this->claims['aud']) && $this->claims['aud'] != $audience) { + return false; + } + + if (isset($this->claims['sub']) && $this->claims['sub'] != $subject) { + return false; + } + + if (isset($this->claims['nbf']) && $this->claims['nbf'] > $currentTime) { + return false; + } + + if (isset($this->claims['exp']) && $this->claims['exp'] < $currentTime) { + return false; + } + + return true; + } + /** * Returns the token payload * diff --git a/test/TokenTest.php b/test/TokenTest.php index a0cbfe32..7da3ccc4 100644 --- a/test/TokenTest.php +++ b/test/TokenTest.php @@ -138,6 +138,101 @@ public function verifyMustDelegateTheValidationToSignature() $this->assertTrue($token->verify('test')); } + /** + * @test + * @covers ::__construct + * @covers ::validate + */ + public function validateShouldReturnTrueWhenClaimsAreEmpty() + { + $token = new Token(); + + $this->assertTrue($token->validate()); + } + + /** + * @test + * @covers ::__construct + * @covers ::validate + */ + public function validateShouldReturnFalseWhenIssuerIsDiferentThanTheGivenOne() + { + $token = new Token([], ['iss' => 'test']); + + $this->assertFalse($token->validate('test1')); + } + + /** + * @test + * @covers ::__construct + * @covers ::validate + */ + public function validateShouldReturnFalseWhenAudienceIsDiferentThanTheGivenOne() + { + $token = new Token([], ['aud' => 'test']); + + $this->assertFalse($token->validate(null, 'test1')); + } + + /** + * @test + * @covers ::__construct + * @covers ::validate + */ + public function validateShouldReturnFalseWhenSubjectIsDiferentThanTheGivenOne() + { + $token = new Token([], ['sub' => 'test']); + + $this->assertFalse($token->validate(null, null, 'test1')); + } + + /** + * @test + * @covers ::__construct + * @covers ::validate + */ + public function validateShouldReturnFalseWhenTokenCannotYetBeUsed() + { + $token = new Token([], ['nbf' => strtotime('+2 hours')]); + + $this->assertFalse($token->validate(null, null, null, time())); + } + + /** + * @test + * @covers ::__construct + * @covers ::validate + */ + public function validateShouldReturnFalseWhenTokenIsExpired() + { + $token = new Token([], ['exp' => time()]); + + $this->assertFalse($token->validate(null, null, null, strtotime('+2 hours'))); + } + + /** + * @test + * @covers ::__construct + * @covers ::validate + */ + public function validateShouldReturnTrueWhenAllInformationsAreRight() + { + $token = new Token( + [], + [ + 'iss' => 'test0', + 'aud' => 'test1', + 'sub' => 'test2', + 'nbf' => time(), + 'exp' => strtotime('+3 hours') + ] + ); + + $this->assertTrue( + $token->validate('test0', 'test1', 'test2', strtotime('+1 hours')) + ); + } + /** * @test * @covers ::__construct