feat: upgrade php-jwt version (#1049)

Author: bshaffer

.github/workflows/tests.yml

@@ -35,7 +35,7 @@ jobs:
         options: --health-cmd="pg_isready -h localhost" --health-interval=10s --health-timeout=5s --health-retries=5
     strategy:
       matrix:
-        php: [ 7.1, 7.2, 7.3, 7.4, "8.0", 8.1, 8.2 ]
+        php: [ 7.2, 7.3, 7.4, "8.0", 8.1, 8.2 ]
     name: "PHP ${{ matrix.php }} Unit Test"
     steps:
       - uses: actions/checkout@v2

composer.json

@@ -16,22 +16,21 @@
         "psr-0": { "OAuth2": "src/" }
     },
     "require":{
-        "php":">=7.1"
+        "php":">=7.2"
     },
     "require-dev": {
         "phpunit/phpunit": "^7.5||^8.0",
         "aws/aws-sdk-php": "^2.8",
-        "firebase/php-jwt": "^2.2",
+        "firebase/php-jwt": "^6.4",
         "predis/predis": "^1.1",
         "thobbs/phpcassa": "dev-master",
-        "mongodb/mongodb": "^1.1",
         "yoast/phpunit-polyfills": "^1.0"
     },
     "suggest": {
         "predis/predis": "Required to use Redis storage",
         "thobbs/phpcassa": "Required to use Cassandra storage",
         "aws/aws-sdk-php": "~2.8 is required to use DynamoDB storage",
-        "firebase/php-jwt": "~2.2 is required to use JWT features",
+        "firebase/php-jwt": "~v6.4 is required to use JWT features",
         "mongodb/mongodb": "^1.1 is required to use MongoDB storage"
     }
 }

phpunit.xml

@@ -8,7 +8,6 @@
          convertWarningsToExceptions="true"
          processIsolation="false"
          stopOnFailure="false"
-         syntaxCheck="false"
          bootstrap="test/bootstrap.php"
 >
   <testsuites>

src/OAuth2/Encryption/FirebaseJwt.php

@@ -2,6 +2,9 @@
 
 namespace OAuth2\Encryption;
 
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+
 /**
  * Bridge file to use the firebase/php-jwt package for JWT encoding and decoding.
  * @author Francis Chuang <francis.chuang@gmail.com>
@@ -10,38 +13,48 @@ class FirebaseJwt implements EncryptionInterface
 {
     public function __construct()
     {
-        if (!class_exists('\JWT')) {
+        if (!class_exists(JWT::class)) {
             throw new \ErrorException('firebase/php-jwt must be installed to use this feature. You can do this by running "composer require firebase/php-jwt"');
         }
     }
 
     public function encode($payload, $key, $alg = 'HS256', $keyId = null)
     {
-        return \JWT::encode($payload, $key, $alg, $keyId);
+        return JWT::encode($payload, $key, $alg, $keyId);
     }
 
     public function decode($jwt, $key = null, $allowedAlgorithms = null)
     {
         try {
-
             //Maintain BC: Do not verify if no algorithms are passed in.
             if (!$allowedAlgorithms) {
-                $key = null;
+                $tks = \explode('.', $jwt);
+                if (\count($tks) === 3) {
+                    [$headb64] = $tks;
+                    $headerRaw = JWT::urlsafeB64Decode($headb64);
+                    if (($header = JWT::jsonDecode($headerRaw))) {
+                        $key = new Key($key, $header->alg);
+                    }
+                }
+            } elseif(is_array($allowedAlgorithms)) {
+                $key = new Key($key, $allowedAlgorithms[0]);
+            } else {
+                $key = new Key($key, $allowedAlgorithms);
             }
 
-            return (array)\JWT::decode($jwt, $key, $allowedAlgorithms);
+            return (array) JWT::decode($jwt, $key);
         } catch (\Exception $e) {
             return false;
         }
     }
 
     public function urlSafeB64Encode($data)
     {
-        return \JWT::urlsafeB64Encode($data);
+        return JWT::urlsafeB64Encode($data);
     }
 
     public function urlSafeB64Decode($b64)
     {
-        return \JWT::urlsafeB64Decode($b64);
+        return JWT::urlsafeB64Decode($b64);
     }
 }

src/OAuth2/Storage/CouchbaseDB.php

@@ -28,7 +28,7 @@ class CouchbaseDB implements AuthorizationCodeInterface,
 
     public function __construct($connection, $config = array())
     {
-        if (! class_exists(Couchbase::class)) {
+        if (!class_exists(Couchbase::class)) {
             throw new \RuntimeException('Missing Couchbase');
         }
 

src/OAuth2/Storage/JwtAccessToken.php

@@ -84,4 +84,4 @@ protected function convertJwtToOAuth2($tokenData)
 
         return $tokenData;
     }
-}
+}

src/OAuth2/Storage/MongoDB.php

@@ -32,6 +32,9 @@ class MongoDB implements AuthorizationCodeInterface,
 
     public function __construct($connection, $config = array())
     {
+        if (!class_exists(Database::class) || !class_exists(Client::class)) {
+            throw new \LogicException('Missing MongoDB php extension. Please install mongodb.so');
+        }
         if ($connection instanceof Database) {
             $this->db = $connection;
         } else {

test/OAuth2/ResponseType/JwtAccessTokenTest.php

@@ -40,20 +40,20 @@ public function testCreateAccessToken()
         $this->assertEquals(3600, $delta);
         $this->assertEquals($decodedAccessToken['id'], $decodedAccessToken['jti']);
     }
-    
+
     public function testExtraPayloadCallback()
     {
         $jwtconfig = array('jwt_extra_payload_callable' => function() {
             return array('custom_param' => 'custom_value');
         });
-        
+
         $server = $this->getTestServer($jwtconfig);
         $jwtResponseType = $server->getResponseType('token');
-        
+
         $accessToken = $jwtResponseType->createAccessToken('Test Client ID', 123, 'test', false);
         $jwt = new Jwt;
         $decodedAccessToken = $jwt->decode($accessToken['access_token'], null, false);
-        
+
         $this->assertArrayHasKey('custom_param', $decodedAccessToken);
         $this->assertEquals('custom_value', $decodedAccessToken['custom_param']);
     }
@@ -162,7 +162,7 @@ private function getTestServer($jwtconfig = array())
         $memoryStorage = Bootstrap::getInstance()->getMemoryStorage();
 
         $storage = array(
-            'access_token' => new JwtAccessTokenStorage($memoryStorage),
+            'access_token' => new JwtAccessTokenStorage($memoryStorage, $memoryStorage),
             'client' => $memoryStorage,
             'client_credentials' => $memoryStorage,
         );