Skip to content

Commit

Permalink
Ensure JWT payload is an object
Browse files Browse the repository at this point in the history
  • Loading branch information
@spvickers
spvickers committed Apr 19, 2021
1 parent 27d1b82 commit 7f0dbca
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 6 deletions.
12 changes: 11 additions & 1 deletion src/Jwt/SpomkyLabsClient.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
use Jose\Checker\ExpirationTimeChecker;
use Jose\Checker\IssuedAtChecker;
use Jose\Checker\NotBeforeChecker;
use Base64Url\Base64Url;
use ceLTIc\LTI\Util;

/**
Expand All @@ -29,6 +30,7 @@ class SpomkyLabsClient implements ClientInterface

private $jwe = null;
private $jwt = null;
private $payload = null;
private static $lastHeaders = null;
private static $lastPayload = null;

Expand Down Expand Up @@ -78,6 +80,10 @@ public function load($jwtString, $privateKey = null)
try {
$loader = new Jose\Loader();
$this->jwt = $loader->load($jwtString);
$parts = explode('.', $jwtString);
if (count($parts) >= 2) {
$this->payload = json_decode(Base64Url::decode($parts[1]));
}
$this->decrypt($privateKey);
} catch (\Exception $e) {
$ok = false;
Expand Down Expand Up @@ -203,7 +209,7 @@ public function getClaim($name, $defaultValue = null)
*/
public function getPayload()
{
return $this->jwt->getPayload();
return $this->payload;
}

/**
Expand Down Expand Up @@ -436,6 +442,10 @@ private function decrypt($privateKey)
$jwtString = $this->jwt->getPayload();
$loader = new Jose\Loader();
$this->jwt = $loader->load($jwtString);
$parts = explode('.', $jwtString);
if (count($parts) >= 2) {
$this->payload = json_decode(Base64Url::decode($parts[1]));
}
$ok = $this->jwt instanceof JWS;
}
}
Expand Down
13 changes: 8 additions & 5 deletions src/Jwt/WebTokenClient.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,8 @@ class WebTokenClient implements ClientInterface

private $jwe = null;
private $jwt = null;
private $claims = array();
private $claimsArray = null;
private $claims = null;
private static $lastHeaders = null;
private static $lastPayload = null;

Expand Down Expand Up @@ -71,6 +72,7 @@ public function load($jwtString, $privateKey = null)
$ok = true;
$this->jwe = null;
$this->jwt = null;
$this->claimsArray = null;
$this->claims = null;
try {
$serializer = new Signature\Serializer\CompactSerializer();
Expand All @@ -88,7 +90,8 @@ public function load($jwtString, $privateKey = null)
}
}
if ($ok) {
$this->claims = json_decode($this->jwt->getPayload(), true);
$this->claimsArray = json_decode($this->jwt->getPayload(), true);
$this->claims = json_decode($this->jwt->getPayload());
}

return $ok;
Expand Down Expand Up @@ -181,7 +184,7 @@ public static function getLastHeaders()
*/
public function hasClaim($name)
{
return array_key_exists($name, $this->claims);
return array_key_exists($name, $this->claimsArray);
}

/**
Expand All @@ -195,7 +198,7 @@ public function hasClaim($name)
public function getClaim($name, $defaultValue = null)
{
if ($this->hasClaim($name)) {
$value = $this->claims[$name];
$value = $this->claimsArray[$name];
$value = json_decode(json_encode($value));
} else {
$value = $defaultValue;
Expand Down Expand Up @@ -247,7 +250,7 @@ public function verify($publicKey, $jku = null)
new Checker\ExpirationTimeChecker($leeway)
]
);
$claimCheckerManager->check($this->claims);
$claimCheckerManager->check($this->claimsArray);
$algorithmManager = new Core\AlgorithmManager([
new Signature\Algorithm\RS256(),
new Signature\Algorithm\RS384(),
Expand Down

0 comments on commit 7f0dbca

Please sign in to comment.