From fc7d45465184348fd4a75ca0895acd8946ded556 Mon Sep 17 00:00:00 2001 From: Maspri Date: Thu, 3 Aug 2023 05:07:54 +0700 Subject: [PATCH 1/4] feat: add non-empty-only secret validation --- src/Encoders/EncodeHS256Strong.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/Encoders/EncodeHS256Strong.php b/src/Encoders/EncodeHS256Strong.php index 8616901..1925fb3 100644 --- a/src/Encoders/EncodeHS256Strong.php +++ b/src/Encoders/EncodeHS256Strong.php @@ -28,9 +28,14 @@ public function __construct(string $secret) * The secret should contain a number, a upper and a lowercase letter, and a * special character *&!@%^#$. It should be at least 12 characters in * length. The regex here uses lookahead assertions. + * nonEmptyOnlyValidation is an option to only validate secret is empty or not. */ - private function validSecret(string $secret): bool + private function validSecret(string $secret, bool $nonEmptyOnlyValidation = false): bool { + if ($nonEmptyOnlyValidation) { + return !empty($secret); + } + if ( !preg_match( '/^.*(?=.{12,}+)(?=.*\d+)(?=.*[A-Z]+)(?=.*[a-z]+)(?=.*[\*&!@%\^#\$]+).*$/', From b17d9b9553315943ddc98de0e4f7ebec5bdb2717 Mon Sep 17 00:00:00 2001 From: Maspri Date: Thu, 3 Aug 2023 10:56:40 +0700 Subject: [PATCH 2/4] feat: add validation options when creating token --- src/Encoders/EncodeHS256Strong.php | 8 ++++---- src/Token.php | 5 +++-- src/Tokens.php | 8 ++++---- 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/src/Encoders/EncodeHS256Strong.php b/src/Encoders/EncodeHS256Strong.php index 1925fb3..c9070af 100644 --- a/src/Encoders/EncodeHS256Strong.php +++ b/src/Encoders/EncodeHS256Strong.php @@ -15,9 +15,9 @@ class EncodeHS256Strong extends EncodeHS256 /** * This class only instantiates if the secret provided is strong enough. */ - public function __construct(string $secret) + public function __construct(string $secret, object $options) { - if (!$this->validSecret($secret)) { + if (!$this->validSecret($secret, !!$$options['fixed_secret_length_enabled'])) { throw new EncodeException('Invalid secret.', 9); } @@ -30,9 +30,9 @@ public function __construct(string $secret) * length. The regex here uses lookahead assertions. * nonEmptyOnlyValidation is an option to only validate secret is empty or not. */ - private function validSecret(string $secret, bool $nonEmptyOnlyValidation = false): bool + private function validSecret(string $secret, bool $fixedSecretLengthEnabled = true): bool { - if ($nonEmptyOnlyValidation) { + if (!$fixedSecretLengthEnabled) { return !empty($secret); } diff --git a/src/Token.php b/src/Token.php index f7dcd15..905f7ae 100644 --- a/src/Token.php +++ b/src/Token.php @@ -25,7 +25,7 @@ class Token * * @see Tokens::create() */ - public static function create(string|int $userId, string $secret, int $expiration, string $issuer): string + public static function create(string|int $userId, string $secret, int $expiration, string $issuer, object $options = []): string { $tokens = new Tokens(); return $tokens->create( @@ -33,7 +33,8 @@ public static function create(string|int $userId, string $secret, int $expiratio $userId, $secret, $expiration, - $issuer + $issuer, + $options )->getToken(); } diff --git a/src/Tokens.php b/src/Tokens.php index 456ce66..10744bd 100644 --- a/src/Tokens.php +++ b/src/Tokens.php @@ -21,12 +21,12 @@ class Tokens * Factory method to return an instance of the Build class for creating new * JSON Web Tokens. */ - public function builder(string $secret): Build + public function builder(string $secret, object $options): Build { return new Build( 'JWT', new Validator(), - new EncodeHS256Strong($secret) + new EncodeHS256Strong($secret, $options) ); } @@ -91,9 +91,9 @@ public function getPayload(string $token): array * * @param string|int $userId */ - public function create(string $userKey, string|int $userId, string $secret, int $expiration, string $issuer): Jwt + public function create(string $userKey, string|int $userId, string $secret, int $expiration, string $issuer, object $options): Jwt { - $builder = $this->builder($secret); + $builder = $this->builder($secret, $options); return $builder->setPayloadClaim($userKey, $userId) ->setExpiration($expiration) From 1ed2ceea71f5f6e1cd50b634a901755e896453cf Mon Sep 17 00:00:00 2001 From: Maspri Date: Thu, 3 Aug 2023 11:04:32 +0700 Subject: [PATCH 3/4] fix: params type of object, should be array --- src/Encoders/EncodeHS256Strong.php | 2 +- src/Token.php | 2 +- src/Tokens.php | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Encoders/EncodeHS256Strong.php b/src/Encoders/EncodeHS256Strong.php index c9070af..6f3d940 100644 --- a/src/Encoders/EncodeHS256Strong.php +++ b/src/Encoders/EncodeHS256Strong.php @@ -15,7 +15,7 @@ class EncodeHS256Strong extends EncodeHS256 /** * This class only instantiates if the secret provided is strong enough. */ - public function __construct(string $secret, object $options) + public function __construct(string $secret, array $options) { if (!$this->validSecret($secret, !!$$options['fixed_secret_length_enabled'])) { throw new EncodeException('Invalid secret.', 9); diff --git a/src/Token.php b/src/Token.php index 905f7ae..df78633 100644 --- a/src/Token.php +++ b/src/Token.php @@ -25,7 +25,7 @@ class Token * * @see Tokens::create() */ - public static function create(string|int $userId, string $secret, int $expiration, string $issuer, object $options = []): string + public static function create(string|int $userId, string $secret, int $expiration, string $issuer, array $options = []): string { $tokens = new Tokens(); return $tokens->create( diff --git a/src/Tokens.php b/src/Tokens.php index 10744bd..36c6501 100644 --- a/src/Tokens.php +++ b/src/Tokens.php @@ -21,7 +21,7 @@ class Tokens * Factory method to return an instance of the Build class for creating new * JSON Web Tokens. */ - public function builder(string $secret, object $options): Build + public function builder(string $secret, array $options): Build { return new Build( 'JWT', @@ -91,7 +91,7 @@ public function getPayload(string $token): array * * @param string|int $userId */ - public function create(string $userKey, string|int $userId, string $secret, int $expiration, string $issuer, object $options): Jwt + public function create(string $userKey, string|int $userId, string $secret, int $expiration, string $issuer, array $options): Jwt { $builder = $this->builder($secret, $options); From 87ce57fcb13e0663966451952e36e1122cd06e1b Mon Sep 17 00:00:00 2001 From: Maspri Date: Thu, 3 Aug 2023 11:27:38 +0700 Subject: [PATCH 4/4] fix: params typo --- src/Encoders/EncodeHS256Strong.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Encoders/EncodeHS256Strong.php b/src/Encoders/EncodeHS256Strong.php index 6f3d940..09eb0e5 100644 --- a/src/Encoders/EncodeHS256Strong.php +++ b/src/Encoders/EncodeHS256Strong.php @@ -17,7 +17,7 @@ class EncodeHS256Strong extends EncodeHS256 */ public function __construct(string $secret, array $options) { - if (!$this->validSecret($secret, !!$$options['fixed_secret_length_enabled'])) { + if (!$this->validSecret($secret, !!$options['fixed_secret_length_enabled'])) { throw new EncodeException('Invalid secret.', 9); }