Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JWT header alteration #352

Merged
merged 12 commits into from
Jun 30, 2017
Merged

JWT header alteration #352

merged 12 commits into from
Jun 30, 2017

Conversation

Spomky
Copy link
Contributor

@Spomky Spomky commented Jun 16, 2017

This PR tries to fix #351 .

Please note that method signatures are changed.
BC is kept but a minor release seems to be needed.

  • Tests added
  • Documentation updated.

@@ -29,10 +29,10 @@ public function __construct(JWSProviderInterface $jwsProvider)
/**
* {@inheritdoc}
*/
public function encode(array $payload)
public function encode(array $header, array $payload)
Copy link
Collaborator

@chalasr chalasr Jun 17, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given this class can be an extension point, I think we should keep BC. We can do it by not changing the signature right now, handling the new argument only if passed and triggering a deprecation if it is not, saying that this method takes a new argument that will be mandatory in 3.0.
It can be done using func_num_args()/func_get_arg(), see https://github.com/symfony/symfony/blob/3.3/src/Symfony/Component/Console/Helper/QuestionHelper.php#L104 for inspiration

Copy link
Collaborator

@chalasr chalasr Jun 17, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Btw, let's make $header the last arg, that will give a simpler upgrade path. I would also make it optional, so we can let the interface as is and rethink about changing it in 3.0 add a new HeaderAwareEncoderInterface implemented by our encoders (no upgrade path possible for interfaces, we definitely have to make this new arg optional, which is fine to me, and we don't have to trigger any deprecation).

@chalasr
Copy link
Collaborator

chalasr commented Jun 17, 2017

Thanks for working on this @Spomky!

@Spomky
Copy link
Contributor Author

Spomky commented Jun 21, 2017

You're welcome.
I will continue that PR soon. I am quite busy this week.

@Spomky
Copy link
Contributor Author

Spomky commented Jun 29, 2017

Hi @chalasr,

Sorry for the delay.
I updated my PR with your recommandations.

Comments are welcome.

Kind regards.

*/
public function getHeader()
{
return $this->payload;
Copy link
Collaborator

@chalasr chalasr Jun 29, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should be $this->header :) I guess this is what breaks tests

*
* @return string the encoded token string
*
* @throws JWTEncodeFailureException If an error occurred while trying to create
* the token (invalid crypto key, invalid payload...)
*/
public function encode(array $data);
public function encode(array $data, array $header = []);
Copy link
Collaborator

@chalasr chalasr Jun 29, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding an argument here still breaks BC, even if optional. The signature in concrete implementations must match the interface one. What we need is to introduce a HeaderAwareEncoderInterface which extends JWTEncoderInterface and just redefine encode() with this new arg, then make our built-in encoders implement it and check that the passed encoder does implement it before relying on the new argument internally

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed

*
* @return array
*
* @throws JWTDecodeFailureException If an error occurred while trying to load the token
* (invalid signature, invalid crypto key, expired token...)
*/
public function decode($token);
public function decode($token, array &$header = []);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually I would not change decode() as we don't allow to pass a payload here, just an immutable (stringish) token, its content should not be altered at this stage I think. But maybe you have a specific use case in mind?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The idea is to find a way to return the header after the decoding process, not to modify it.
But I have no specific use case and I will remove it.

@Spomky Spomky changed the title [WIP] JWT header alteration JWT header alteration Jun 30, 2017
@chalasr chalasr merged commit 75d60cf into lexik:master Jun 30, 2017
@chalasr
Copy link
Collaborator

chalasr commented Jun 30, 2017

Thanks a lot @Spomky

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

How to add a HEADER parameter?
2 participants