From dd3cc7c83222fa569b8dfcc0de12cabe5876fe12 Mon Sep 17 00:00:00 2001 From: Jozz Scott Date: Tue, 28 May 2024 11:20:42 +1000 Subject: [PATCH] - setSecret regenerates the config in Lcobucci provider --- src/Providers/JWT/Lcobucci.php | 14 ++++++++++++++ tests/Providers/JWT/LcobucciTest.php | 20 ++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/src/Providers/JWT/Lcobucci.php b/src/Providers/JWT/Lcobucci.php index 4e08e561..c2293d5b 100644 --- a/src/Providers/JWT/Lcobucci.php +++ b/src/Providers/JWT/Lcobucci.php @@ -278,4 +278,18 @@ protected function getKey(string $contents, string $passphrase = ''): Key { return InMemory::plainText($contents, $passphrase); } + + /** + * Set the secret used to sign the token. + * + * @param string $secret + * @return $this + */ + public function setSecret($secret) + { + $this->secret = $secret; + $this->config = $this->buildConfig(); + + return $this; + } } diff --git a/tests/Providers/JWT/LcobucciTest.php b/tests/Providers/JWT/LcobucciTest.php index 5d9750b5..0657f061 100644 --- a/tests/Providers/JWT/LcobucciTest.php +++ b/tests/Providers/JWT/LcobucciTest.php @@ -227,6 +227,26 @@ public function it_should_return_the_keys() $this->assertSame($keys, $provider->getKeys()); } + public function testItShouldThrowAExceptionWhenTheSecretHasBeenUpdatedAndAnOldTokenIsUsed() + { + $orignal_secret = 'OF8SQY475aF8uiRuWunK9ZO6VdZDBemk'; + $new_secret = 'vsd1z800ApIihL6HVNyhbGLRyBLD74sZ'; + + $payload = ['sub' => '1', 'exp' => $this->testNowTimestamp + 3600, 'iat' => $this->testNowTimestamp, 'iss' => '/foo']; + + $provider = $this->getProvider($orignal_secret, 'HS256', []); + $token = $provider->encode($payload); + + $this->assertSame($payload, $provider->decode($token)); + + $provider->setSecret($new_secret); + + $this->expectException(TokenInvalidException::class); + $this->expectExceptionMessage('Token Signature could not be verified.'); + + $provider->decode($token); + } + public function getProvider($secret, $algo, array $keys = []) { return new Lcobucci($secret, $algo, $keys);