aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests/api
diff options
context:
space:
mode:
authorVirtualTam <virtualtam+github@flibidi.net>2017-01-05 12:39:17 +0100
committerGitHub <noreply@github.com>2017-01-05 12:39:17 +0100
commit383cbaf2c5a49f5fa54e635ed437d18784830afe (patch)
treeb92c37792e7af48e1da36686f1d722aaffb90a06 /tests/api
parentfc11ab2f290a3712b766d78fdbcd354625a35d0a (diff)
parent7a9daac56dc64ec1ddb12adece3e1a8f71778cc7 (diff)
downloadShaarli-383cbaf2c5a49f5fa54e635ed437d18784830afe.tar.gz
Shaarli-383cbaf2c5a49f5fa54e635ed437d18784830afe.tar.zst
Shaarli-383cbaf2c5a49f5fa54e635ed437d18784830afe.zip
Merge pull request #739 from virtualtam/fix/api/jwt-signature
API: fix JWT signature verification
Diffstat (limited to 'tests/api')
-rw-r--r--tests/api/ApiUtilsTest.php15
1 files changed, 9 insertions, 6 deletions
diff --git a/tests/api/ApiUtilsTest.php b/tests/api/ApiUtilsTest.php
index 10da1459..4b2fa3b2 100644
--- a/tests/api/ApiUtilsTest.php
+++ b/tests/api/ApiUtilsTest.php
@@ -2,6 +2,9 @@
2 2
3namespace Shaarli\Api; 3namespace Shaarli\Api;
4 4
5use Shaarli\Base64Url;
6
7
5/** 8/**
6 * Class ApiUtilsTest 9 * Class ApiUtilsTest
7 */ 10 */
@@ -24,14 +27,14 @@ class ApiUtilsTest extends \PHPUnit_Framework_TestCase
24 */ 27 */
25 public static function generateValidJwtToken($secret) 28 public static function generateValidJwtToken($secret)
26 { 29 {
27 $header = base64_encode('{ 30 $header = Base64Url::encode('{
28 "typ": "JWT", 31 "typ": "JWT",
29 "alg": "HS512" 32 "alg": "HS512"
30 }'); 33 }');
31 $payload = base64_encode('{ 34 $payload = Base64Url::encode('{
32 "iat": '. time() .' 35 "iat": '. time() .'
33 }'); 36 }');
34 $signature = hash_hmac('sha512', $header .'.'. $payload , $secret); 37 $signature = Base64Url::encode(hash_hmac('sha512', $header .'.'. $payload , $secret, true));
35 return $header .'.'. $payload .'.'. $signature; 38 return $header .'.'. $payload .'.'. $signature;
36 } 39 }
37 40
@@ -46,9 +49,9 @@ class ApiUtilsTest extends \PHPUnit_Framework_TestCase
46 */ 49 */
47 public static function generateCustomJwtToken($header, $payload, $secret) 50 public static function generateCustomJwtToken($header, $payload, $secret)
48 { 51 {
49 $header = base64_encode($header); 52 $header = Base64Url::encode($header);
50 $payload = base64_encode($payload); 53 $payload = Base64Url::encode($payload);
51 $signature = hash_hmac('sha512', $header . '.' . $payload, $secret); 54 $signature = Base64Url::encode(hash_hmac('sha512', $header . '.' . $payload, $secret, true));
52 return $header . '.' . $payload . '.' . $signature; 55 return $header . '.' . $payload . '.' . $signature;
53 } 56 }
54 57