From fd2ec6085a11d5bd19ac73b8ea180621200834e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Bundyra?= Date: Thu, 9 Jun 2022 13:24:57 +0100 Subject: [PATCH 1/3] feat: Allow firebase/php-jwt ^6.2 --- composer.json | 5 ++++- src/MessageBird/RequestValidator.php | 17 ++++++++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/composer.json b/composer.json index a574015e..cd3f0e4a 100644 --- a/composer.json +++ b/composer.json @@ -19,7 +19,7 @@ "php": ">=7.3|~8.0.0|~8.1.0", "ext-curl": "*", "ext-json": "*", - "firebase/php-jwt": "^5.4" + "firebase/php-jwt": "^5.4|^6.2" }, "require-dev": { "phpunit/phpunit": "^9.5.14", @@ -34,5 +34,8 @@ "psr-4": { "Tests\\": "tests/" } + }, + "scripts": { + "test": "phpunit" } } diff --git a/src/MessageBird/RequestValidator.php b/src/MessageBird/RequestValidator.php index db3cac6d..374f1ee7 100644 --- a/src/MessageBird/RequestValidator.php +++ b/src/MessageBird/RequestValidator.php @@ -3,6 +3,7 @@ namespace MessageBird; use Firebase\JWT\JWT; +use Firebase\JWT\Key; use Firebase\JWT\SignatureInvalidException; use MessageBird\Exceptions\ValidationException; use MessageBird\Objects\SignedRequest; @@ -14,6 +15,7 @@ use function http_build_query; use function implode; use function ksort; +use function PHPUnit\Framework\throwException; use function time; /** @@ -139,7 +141,20 @@ public function validateSignature(string $signature, string $url, string $body) JWT::$leeway = 1; try { - $decoded = JWT::decode($signature, $this->signingKey, self::ALLOWED_ALGOS); + $headb64 = \explode('.', $signature)[0]; + $headerRaw = JWT::urlsafeB64Decode($headb64); + $header = JWT::jsonDecode($headerRaw); + + $key = []; + if ($header && property_exists($header, 'alg')) { + if (!in_array(strtoupper($header->alg), self::ALLOWED_ALGOS, true)) { + throw new ValidationException('Algorithm not supported'); + } + + $key = new Key($this->signingKey, $header->alg); + } + + $decoded = JWT::decode($signature, $key); } catch (\InvalidArgumentException | \UnexpectedValueException | SignatureInvalidException $e) { throw new ValidationException($e->getMessage(), $e->getCode(), $e); } From fab6d1f552170f0be7d6b04aca8344ba6c39a284 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Bundyra?= Date: Thu, 9 Jun 2022 13:29:09 +0100 Subject: [PATCH 2/3] update min version to 5.5.1 --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index cd3f0e4a..c5ec1d75 100644 --- a/composer.json +++ b/composer.json @@ -19,7 +19,7 @@ "php": ">=7.3|~8.0.0|~8.1.0", "ext-curl": "*", "ext-json": "*", - "firebase/php-jwt": "^5.4|^6.2" + "firebase/php-jwt": "^5.5.1|^6.2" }, "require-dev": { "phpunit/phpunit": "^9.5.14", From 3927802798f64994d454b910305d0abf2cdb2e49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Bundyra?= Date: Mon, 13 Jun 2022 07:40:48 +0100 Subject: [PATCH 3/3] Update composer.json --- composer.json | 3 --- 1 file changed, 3 deletions(-) diff --git a/composer.json b/composer.json index c5ec1d75..5e2679b9 100644 --- a/composer.json +++ b/composer.json @@ -34,8 +34,5 @@ "psr-4": { "Tests\\": "tests/" } - }, - "scripts": { - "test": "phpunit" } }