feature #1072 Inject Clock in LcobucciJWSProvider (dbrumann)

This PR was merged into the 2.x branch. Discussion ---------- Inject Clock in LcobucciJWSProvider This PR proposes injecting the `Clock` to allow for a `FrozenClock` to make it easier to test the ValidAt-constraint at fixed times. Commits ------- 126ad8c Inject clock
lexik · Oct 9, 2022 · 92cd7c0 · 92cd7c0
2 parents 4559ae9 + 126ad8c
commit 92cd7c0
Showing 1 changed file with 13 additions and 4 deletions.
diff --git a/Services/JWSProvider/LcobucciJWSProvider.php b/Services/JWSProvider/LcobucciJWSProvider.php
@@ -2,6 +2,7 @@
 
 namespace Lexik\Bundle\JWTAuthenticationBundle\Services\JWSProvider;
 
+use Lcobucci\Clock\Clock;
 use Lcobucci\Clock\SystemClock;
 use Lcobucci\JWT\Builder;
 use Lcobucci\JWT\Encoding\ChainedFormatter;
@@ -41,6 +42,11 @@ class LcobucciJWSProvider implements JWSProviderInterface
      */
     private $keyLoader;
 
+    /**
+     * @var Clock
+     */
+    private $clock;
+
     /**
      * @var Signer
      */
@@ -69,13 +75,17 @@ class LcobucciJWSProvider implements JWSProviderInterface
     /**
      * @throws \InvalidArgumentException If the given crypto engine is not supported
      */
-    public function __construct(KeyLoaderInterface $keyLoader, string $cryptoEngine, string $signatureAlgorithm, ?int $ttl, ?int $clockSkew, bool $allowNoExpiration = false)
+    public function __construct(KeyLoaderInterface $keyLoader, string $cryptoEngine, string $signatureAlgorithm, ?int $ttl, ?int $clockSkew, bool $allowNoExpiration = false, Clock $clock = null)
     {
         if ('openssl' !== $cryptoEngine) {
             throw new \InvalidArgumentException(sprintf('The %s provider supports only "openssl" as crypto engine.', self::class));
         }
+        if (null === $clock) {
+            $clock = SystemClock::fromUTC();
+        }
 
         $this->keyLoader = $keyLoader;
+        $this->clock = $clock;
         $this->signer = $this->getSignerForAlgorithm($signatureAlgorithm);
         $this->ttl = $ttl;
         $this->clockSkew = $clockSkew;
@@ -248,12 +258,11 @@ private function verify(Token $jwt)
             $key = new Key($this->signer instanceof Hmac ? $this->keyLoader->loadKey(RawKeyLoader::TYPE_PRIVATE) : $this->keyLoader->loadKey(RawKeyLoader::TYPE_PUBLIC));
         }
 
-        $clock = SystemClock::fromUTC();
         $validator = new Validator();
 
         $isValid = $validator->validate(
             $jwt,
-            new ValidAt($clock, new \DateInterval("PT{$this->clockSkew}S")),
+            new ValidAt($this->clock, new \DateInterval("PT{$this->clockSkew}S")),
             new SignedWith($this->signer, $key)
         );
 
@@ -266,7 +275,7 @@ private function verify(Token $jwt)
         foreach ($publicKeys as $key) {
             $isValid = $validator->validate(
                 $jwt,
-                new ValidAt($clock, new \DateInterval("PT{$this->clockSkew}S")),
+                new ValidAt($this->clock, new \DateInterval("PT{$this->clockSkew}S")),
                 new SignedWith($this->signer, InMemory::plainText($key))
             );