#194: Move generatedId from arg to inner variable

Author: arthurkushman

src/Extension/BaseJwt.php

@@ -34,7 +34,7 @@ public function handle($request, Closure $next)
                 die('JWT token required.');
             }
             $token = (new Parser())->parse((string)$request->jwt);
-            if(Jwt::verify($token, $token->getHeader('jti')) === false) {
+            if(Jwt::verify($token) === false) {
                 header('HTTP/1.1 403 Forbidden');
                 die('Access forbidden.');
             }

src/Extension/JWTTrait.php

@@ -30,10 +30,9 @@ protected function createJwtUser()
             );
         }
 
-        $uniqId          = uniqid();
         /** @var \Illuminate\Database\Eloquent\Model $model */
         $model           = $this->getEntity($this->model->id);
-        $model->jwt      = Jwt::create($this->model->id, $uniqId);
+        $model->jwt      = Jwt::create($this->model->id);
         $model->password = password_hash($this->model->password, PASSWORD_DEFAULT);
         $model->save();
         $this->model = $model;
@@ -56,8 +55,8 @@ private function updateJwtUser(&$model, $jsonApiAttributes)
                 ]
             );
         }
-        $uniqId     = uniqid();
-        $model->jwt = Jwt::create($model->id, $uniqId);
+
+        $model->jwt = Jwt::create($model->id);
         unset($model->password);
     }
 }

src/Helpers/Jwt.php

@@ -20,15 +20,15 @@ class Jwt
      * Fulfills the token with data and signs it with key
      *
      * @param int $uid
-     * @param string $generatedId
      *
      * @return string
      * @throws \BadMethodCallException
      */
-    public static function create(int $uid, string $generatedId) : string
+    public static function create(int $uid) : string
     {
         $signer = new Sha256();
 
+        $generatedId = uniqid('', true);
         return (new Builder())->setIssuer($_SERVER['HTTP_HOST'])// Configures the issuer (iss claim)
         ->setAudience($_SERVER['HTTP_HOST'])// Configures the audience (aud claim)
         ->setId($generatedId, true)// Configures the id (jti claim), replicating as a header item
@@ -50,12 +50,15 @@ public static function create(int $uid, string $generatedId) : string
      * @throws \BadMethodCallException
      * @throws \OutOfBoundsException
      */
-    public static function verify(Token $token, string $generatedId)
+    public static function verify(Token $token): bool
     {
+        $generatedId = $token->getHeader('jti');
+
         $data = new ValidationData(); // It will use the current time to validate (iat, nbf and exp)
         $data->setIssuer($_SERVER['HTTP_HOST']);
         $data->setAudience($_SERVER['HTTP_HOST']);
         $data->setId($generatedId);
+
         $signer = new Sha256();
         $uid    = $token->getClaim('uid');
         return $token->validate($data) && $token->verify($signer, $generatedId . config(self::JWT_SECRETE_KEY) . $uid);

tests/Unit/Helpers/JwtTest.php

@@ -6,8 +6,6 @@
 use Lcobucci\JWT\Parser;
 use Lcobucci\JWT\Token;
 use SoliDry\Extension\BaseJwt;
-use SoliDry\Extension\BaseModel;
-use SoliDry\Extension\JWTTrait;
 use SoliDry\Helpers\Jwt;
 use SoliDryTest\Unit\TestCase;
 
@@ -23,40 +21,31 @@ public function setUp(): void
     /**
      * @test
      */
-    public function it_creates_jwt_token() : array
+    public function it_creates_and_verifies_jwt_token(): string
     {
         /** @var Token $token */
         $id        = random_int(1, 1000);
-        $uniqueId  = uniqid('', true);
-        $jwtString = Jwt::create($id, $uniqueId);
+        $jwtString = Jwt::create($id);
         $token     = (new Parser())->parse($jwtString);
+
         $this->assertInstanceOf(Token::class, $token);
         $this->assertEquals($token->getClaim('uid'), $id);
-        return [$token, $uniqueId];
-    }
+        $this->assertTrue(Jwt::verify($token));
 
-    /**
-     * @test
-     * @depends it_creates_jwt_token
-     * @param array $data
-     * @return array
-     */
-    public function it_verifies_jwt_token(array $data) : array
-    {
-        $this->assertTrue(Jwt::verify($data[0], $data[1]));
-        return $data;
+        return $jwtString;
     }
 
     /**
      * @test
-     * @depends it_verifies_jwt_token
-     * @param array $data
+     * @depends it_creates_and_verifies_jwt_token
+     * @param string $jwt
      */
-    public function it_handles_jwt(array $data)
+    public function it_handles_jwt(string $jwt): void
     {
         $baseJwt      = new BaseJwt();
         $request      = new Request();
-        $request->jwt = $data[0];
+        $request->jwt = $jwt;
+
         $baseJwt->handle($request, function ($request) {
             $this->assertInstanceOf(Request::class, $request);
         });