Skip to content

Commit 761791f

Browse files
cdococdoco
committed
Add test case
1 parent 75941f9 commit 761791f

File tree

7 files changed

+149
-11
lines changed

7 files changed

+149
-11
lines changed

README.md

+17-2
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
<div align="center">
22
<p><img src="https://jwt.io/img/logo-asset.svg" /></p>
3-
<p>A PHP extension for JSON Web Token (JWT)</p>
3+
<p>A PHP extension for <a target="_blank" href="https://tools.ietf.org/html/rfc7519">RFC 7519 OAuth JSON Web Token (JWT)</a></p>
44
<a target="_blank" href="https://travis-ci.org/cdoco/php-jwt" title="Build Status"><img src="https://travis-ci.org/cdoco/php-jwt.svg"></a>
55
<img src="https://img.shields.io/badge/branch-master-brightgreen.svg?style=flat-square">
66
</div>
@@ -252,20 +252,24 @@ try {
252252

253253
### Audience Claim
254254

255+
> The `aud` (audience) claim identifies the recipients that the JWT is intended for. Each principal intended to process the JWT MUST identify itself with a value in the audience claim. If the principal processing the claim does not identify itself with a value in the `aud` claim when this claim is present, then the JWT MUST be rejected. In the general case, the `aud` value is an array of case-sensitive strings, each containing a **StringOrURI** value. In the special case when the JWT has one audience, the `aud` value MAY be a single case-sensitive string containing a **StringOrURI** value. The interpretation of audience values is generally application specific. Use of this claim is OPTIONAL.
256+
255257
```php
256258
$payload = ['data' => 'data', 'aud' => 'Young Man'];
257259

258260
$token = jwt_encode($payload, $hmackey, 'HS256');
259261

260262
try {
261-
$decoded_token = jwt_decode($token, $hmackey, ['iss' => 'Young Man', 'algorithm' => 'HS256']);
263+
$decoded_token = jwt_decode($token, $hmackey, ['aud' => 'Young Man', 'algorithm' => 'HS256']);
262264
} catch (Exception $e) {
263265
// Handle invalid token
264266
}
265267
```
266268

267269
### JWT ID Claim
268270

271+
> The `jti` (JWT ID) claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object; if the application uses multiple issuers, collisions MUST be prevented among values produced by different issuers as well. The `jti` claim can be used to prevent the JWT from being replayed. The `jti` value is a **case-sensitive string**. Use of this claim is OPTIONAL.
272+
269273
```php
270274
$payload = ['data' => 'data', 'jti' => md5('id')];
271275

@@ -280,6 +284,8 @@ try {
280284

281285
### Issued At Claim
282286

287+
> The `iat` (issued at) claim identifies the time at which the JWT was issued. This claim can be used to determine the age of the JWT. Its value MUST be a number containing a **NumericDate** value. Use of this claim is OPTIONAL.
288+
283289
```php
284290
$payload = ['data' => 'data', 'iat' => time()];
285291

@@ -294,6 +300,8 @@ try {
294300

295301
### Subject Claim
296302

303+
> The `sub` (subject) claim identifies the principal that is the subject of the JWT. The Claims in a JWT are normally statements about the subject. The subject value MUST either be scoped to be locally unique in the context of the issuer or be globally unique. The processing of this claim is generally application specific. The sub value is a case-sensitive string containing a **StringOrURI** value. Use of this claim is OPTIONAL.
304+
297305
```php
298306
$payload = ['data' => 'data', 'sub' => 'Subject'];
299307

@@ -328,6 +336,13 @@ HMAC|HS256|HS384|HS512
328336
RSA|RS256|RS384|RS512
329337
ECDSA|ES256|ES384|ES512
330338

339+
## Inspired By
340+
341+
- <https://github.com./benmcollins/libjwt>
342+
- <https://github.com./firebase/php-jwt>
343+
- <https://github.com./kohkimakimoto/php-jwt>
344+
- <https://github.com./jwt/ruby-jwt>
345+
331346
## License
332347

333348
PHP License. See the [LICENSE](LICENSE) file.

jwt.c

+9-9
Original file line numberDiff line numberDiff line change
@@ -348,16 +348,16 @@ int jwt_parse_options(zval *options)
348348

349349
PHP_FUNCTION(jwt_encode)
350350
{
351-
zval *claims = NULL, header;
351+
zval *payload = NULL, header;
352352
zend_string *key = NULL;
353-
smart_str json_header = {0}, json_claims = {0}, segments = {0};
353+
smart_str json_header = {0}, json_payload = {0}, segments = {0};
354354

355355
char *sig = NULL, *alg = "HS256";
356356
unsigned int sig_len;
357357
size_t alg_len;
358358
jwt_t *jwt = NULL;
359359

360-
if (zend_parse_parameters(ZEND_NUM_ARGS(), "aS|s", &claims, &key, &alg, &alg_len) == FAILURE) {
360+
if (zend_parse_parameters(ZEND_NUM_ARGS(), "aS|s", &payload, &key, &alg, &alg_len) == FAILURE) {
361361
return;
362362
}
363363

@@ -373,9 +373,9 @@ PHP_FUNCTION(jwt_encode)
373373
}
374374

375375
/* set expiration and not before */
376-
JWT_G(expiration) = jwt_hash_str_find_long(claims, "exp");
377-
JWT_G(not_before) = jwt_hash_str_find_long(claims, "nbf");
378-
JWT_G(iat) = jwt_hash_str_find_long(claims, "iat");
376+
JWT_G(expiration) = jwt_hash_str_find_long(payload, "exp");
377+
JWT_G(not_before) = jwt_hash_str_find_long(payload, "nbf");
378+
JWT_G(iat) = jwt_hash_str_find_long(payload, "iat");
379379

380380
/* init */
381381
array_init(&header);
@@ -386,17 +386,17 @@ PHP_FUNCTION(jwt_encode)
386386

387387
/* json encode */
388388
php_json_encode(&json_header, &header, 0);
389-
php_json_encode(&json_claims, claims, 0);
389+
php_json_encode(&json_payload, payload, 0);
390390

391391
zval_ptr_dtor(&header);
392392

393393
/* base64 encode */
394394
smart_str_appends(&segments, jwt_b64_url_encode(json_header.s));
395395
smart_str_appends(&segments, ".");
396-
smart_str_appends(&segments, jwt_b64_url_encode(json_claims.s));
396+
smart_str_appends(&segments, jwt_b64_url_encode(json_payload.s));
397397

398398
smart_str_free(&json_header);
399-
smart_str_free(&json_claims);
399+
smart_str_free(&json_payload);
400400

401401
/* sign */
402402
if (jwt->alg == JWT_ALG_NONE) {

tests/006.phpt

+28
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
--TEST--
2+
Check for jwt exp claim name (Expired token)
3+
--SKIPIF--
4+
<?php if (!extension_loaded("jwt")) print "skip"; ?>
5+
--FILE--
6+
<?php
7+
$hmackey = "example-hmac-key";
8+
$payload = ['data' => 'data', 'exp' => time() - 10];
9+
$token = jwt_encode($payload, $hmackey, 'HS256');
10+
11+
try {
12+
$decoded_token = jwt_decode($token, $hmackey, ['algorithm' => 'HS256']);
13+
} catch (Exception $e) {
14+
// Expired token
15+
echo $e->getMessage() . "\n";
16+
}
17+
18+
try {
19+
$decoded_token = jwt_decode($token, $hmackey, ['leeway' => 30, 'algorithm' => 'HS256']);
20+
echo "Success\n";
21+
} catch (Exception $e) {
22+
// Expired token
23+
echo $e->getMessage() . "\n";
24+
}
25+
?>
26+
--EXPECT--
27+
Expired token
28+
Success

tests/007.phpt

+27
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
--TEST--
2+
Check for jwt nbf claim name
3+
--SKIPIF--
4+
<?php if (!extension_loaded("jwt")) print "skip"; ?>
5+
--FILE--
6+
<?php
7+
$hmackey = "example-hmac-key";
8+
$payload = ['data' => 'data', 'nbf' => time() + 10];
9+
$token = jwt_encode($payload, $hmackey, 'HS256');
10+
11+
try {
12+
$decoded_token = jwt_decode($token, $hmackey, ['algorithm' => 'HS256']);
13+
} catch (Exception $e) {
14+
// Expired token
15+
echo "FAIL\n";
16+
}
17+
18+
try {
19+
$decoded_token = jwt_decode($token, $hmackey, ['leeway' => 30, 'algorithm' => 'HS256']);
20+
echo "SUCCESS\n";
21+
} catch (Exception $e) {
22+
// Expired token
23+
}
24+
?>
25+
--EXPECT--
26+
FAIL
27+
SUCCESS

tests/008.phpt

+20
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
--TEST--
2+
Check for jwt iat claim name
3+
--SKIPIF--
4+
<?php if (!extension_loaded("jwt")) print "skip"; ?>
5+
--FILE--
6+
<?php
7+
$hmackey = "example-hmac-key";
8+
$payload = ['data' => 'data', 'iat' => time()];
9+
$token = jwt_encode($payload, $hmackey, 'HS256');
10+
11+
try {
12+
$decoded_token = jwt_decode($token, $hmackey, ['algorithm' => 'HS256']);
13+
echo "SUCCESS\n";
14+
} catch (Exception $e) {
15+
// Handle invalid token
16+
}
17+
?>
18+
--EXPECT--
19+
SUCCESS
20+

tests/009.phpt

+28
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
--TEST--
2+
Check for jwt iss claim name
3+
--SKIPIF--
4+
<?php if (!extension_loaded("jwt")) print "skip"; ?>
5+
--FILE--
6+
<?php
7+
$hmackey = "example-hmac-key";
8+
$payload = ['data' => 'data', 'iss' => 'http://example.org'];
9+
10+
$token = jwt_encode($payload, $hmackey, 'HS256');
11+
12+
try {
13+
$decoded_token = jwt_decode($token, $hmackey, ['iss' => 'http://example.org', 'algorithm' => 'HS256']);
14+
echo "SUCCESS\n";
15+
} catch (Exception $e) {
16+
// Handle invalid token
17+
}
18+
19+
try {
20+
$decoded_token = jwt_decode($token, $hmackey, ['iss' => 'test', 'algorithm' => 'HS256']);
21+
} catch (Exception $e) {
22+
// Handle invalid token
23+
echo "FAIL\n";
24+
}
25+
?>
26+
--EXPECT--
27+
SUCCESS
28+
FAIL

tests/010.phpt

+20
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
--TEST--
2+
Check for jwt claim name
3+
--SKIPIF--
4+
<?php if (!extension_loaded("jwt")) print "skip"; ?>
5+
--FILE--
6+
<?php
7+
$hmackey = "example-hmac-key";
8+
$payload = ['data' => 'data', 'sub' => '1234567890'];
9+
10+
$token = jwt_encode($payload, $hmackey);
11+
12+
try {
13+
$decoded_token = jwt_decode($token, $hmackey, ['iss' => 'http://example.org']);
14+
echo "SUCCESS\n";
15+
} catch (Exception $e) {
16+
// Expired token
17+
}
18+
?>
19+
--EXPECT--
20+
SUCCESS

0 commit comments

Comments
 (0)