Manipulating algorithm in hydrator

When only one algorithm is passed into the configuration but multiple secrets are provided the algorithm array then needs to be manipulated into a key value store, using the key from the secrets list and the algorithm being used for the value. for example: ``` [ 'secret' => [ 'foo' => 'keepItSecret', 'bar' => 'tooManySecrets', ], 'algorithm' => [ 'HS256', ], ] ``` will become ``` [ 'secret' => [ 'foo' => 'keepItSecret', 'bar' => 'tooManySecrets', ], 'algorithm' => [ 'foo' => 'HS256', 'bar' => 'HS256', ], ] ```
tuupola · Feb 25, 2023 · 931275a · 931275a
1 parent d162841
commit 931275a
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 69 deletions.
diff --git a/src/JwtAuthentication.php b/src/JwtAuthentication.php
@@ -54,6 +54,11 @@
 use Tuupola\Middleware\JwtAuthentication\RequestPathRule;
 use Tuupola\Middleware\JwtAuthentication\RuleInterface;
 
+use function array_fill_keys;
+use function array_keys;
+use function count;
+use function is_array;
+
 final class JwtAuthentication implements MiddlewareInterface
 {
     use DoublePassTrait;
@@ -338,6 +343,16 @@ private function decodeToken(string $token): array
      */
     private function hydrate(array $data = []): void
     {
+        $data['algorithm'] = $data['algorithm'] ?? $this->options['algorithm'];
+        if ((is_array($data['secret']) || $data['secret'] instanceof ArrayAccess)
+            && is_array($data['algorithm'])
+            && count($data['algorithm']) === 1
+            && count($data['secret']) > count($data['algorithm'])
+        ) {
+            $secretIndex = array_keys((array) $data['secret']);
+            $data['algorithm'] = array_fill_keys($secretIndex, $data['algorithm'][0]);
+        }
+
         foreach ($data as $key => $value) {
             /* https://github.com/facebook/hhvm/issues/6368 */
             $key = str_replace(".", " ", $key);

diff --git a/tests/ArrayAccessImpl.php b/tests/ArrayAccessImpl.php
diff --git a/tests/JwtAuthenticationTest.php b/tests/JwtAuthenticationTest.php
@@ -32,9 +32,8 @@
 
 namespace Tuupola\Middleware;
 
+use ArrayObject;
 use Equip\Dispatch\MiddlewareCollection;
-use Firebase\JWT\JWT;
-use Firebase\JWT\Key;
 use PHPUnit\Framework\TestCase;
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Message\ResponseInterface;
@@ -108,7 +107,6 @@ public function testShouldReturn200WithTokenFromHeader()
         $collection = new MiddlewareCollection([
             new JwtAuthentication([
                 "secret" => "supersecretkeyyoushouldnotcommittogithub",
-                "algorithm" => ['HS256'],
                 "header" => "X-Token"
             ])
         ]);
@@ -134,7 +132,6 @@ public function testShouldReturn200WithTokenFromHeaderWithCustomRegexp()
         $collection = new MiddlewareCollection([
             new JwtAuthentication([
                 "secret" => "supersecretkeyyoushouldnotcommittogithub",
-                "algorithm" => ['HS256'],
                 "header" => "X-Token",
                 "regexp" => "/(.*)/"
             ])
@@ -161,7 +158,6 @@ public function testShouldReturn200WithTokenFromCookie()
         $collection = new MiddlewareCollection([
             new JwtAuthentication([
                 "secret" => "supersecretkeyyoushouldnotcommittogithub",
-                "algorithm" => ['HS256'],
                 "cookie" => "nekot",
             ])
         ]);
@@ -187,7 +183,6 @@ public function testShouldReturn200WithTokenFromBearerCookie()
         $collection = new MiddlewareCollection([
             new JwtAuthentication([
                 "secret" => "supersecretkeyyoushouldnotcommittogithub",
-                "algorithm" => ['HS256'],
                 "cookie" => "nekot",
             ])
         ]);
@@ -217,7 +212,6 @@ public function testShouldReturn200WithSecretArray()
                     "acme" =>"supersecretkeyyoushouldnotcommittogithub",
                     "beta" =>"anothersecretkeyfornevertocommittogithub"
                 ],
-                "algorithm" => ['acme' => 'HS256', 'beta' => 'HS256'],
             ])
         ]);
 
@@ -264,14 +258,13 @@ public function testShouldReturn200WithSecretArrayAccess()
             return $response;
         };
 
-        $secret = new ArrayAccessImpl();
+        $secret = new ArrayObject();
         $secret["acme"] = "supersecretkeyyoushouldnotcommittogithub";
         $secret["beta"] ="anothersecretkeyfornevertocommittogithub";
 
         $collection = new MiddlewareCollection([
             new JwtAuthentication([
                 "secret" => $secret,
-                "algorithm" => ['acme' => 'HS256', 'beta' => 'HS256'],
             ])
         ]);
 
@@ -292,14 +285,13 @@ public function testShouldReturn401WithSecretArrayAccess()
             return $response;
         };
 
-        $secret = new ArrayAccessImpl();
+        $secret = new ArrayObject();
         $secret["xxxx"] = "supersecretkeyyoushouldnotcommittogithub";
         $secret["yyyy"] = "anothersecretkeyfornevertocommittogithub";
 
         $collection = new MiddlewareCollection([
             new JwtAuthentication([
                 "secret" => $secret,
-                "algorithm" => ['xxxx' => 'HS256', 'yyyy' => 'HS256',],
             ])
         ]);