bitinflow/accounts
1
0
Fork 0
mirror of https://github.com/bitinflow/accounts.git synced 2026-03-13 13:35:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

update jwt encode/decode

Browse Source 
Signed-off-by: envoyr <hello@envoyr.com>
This commit is contained in:
envoyr
2023-02-20 16:22:06 +01:00
parent aea65e0894
commit f17519743e
3 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Accounts/ApiTokenCookieFactory.php
View File

@@ -77,6 +77,6 @@ class ApiTokenCookieFactory
'sub' => $userId, 'sub' => $userId,
'csrf' => $csrfToken, 'csrf' => $csrfToken,
'expiry' => $expiration->getTimestamp(), 'expiry' => $expiration->getTimestamp(),
], $this->encrypter->getKey()); ], $this->encrypter->getKey(), 'RS256');
} }
} }

5
src/Accounts/Auth/TokenGuard.php
View File

@@ -7,6 +7,7 @@ use Bitinflow\Accounts\Helpers\JwtParser;
use Bitinflow\Accounts\Traits\HasBitinflowTokens; use Bitinflow\Accounts\Traits\HasBitinflowTokens;
use Exception; use Exception;
use Firebase\JWT\JWT; use Firebase\JWT\JWT;
use Firebase\JWT\Key;
use Illuminate\Auth\AuthenticationException; use Illuminate\Auth\AuthenticationException;
use Illuminate\Auth\GuardHelpers; use Illuminate\Auth\GuardHelpers;
use Illuminate\Container\Container; use Illuminate\Container\Container;
@@ -181,8 +182,10 @@ class TokenGuard
{ {
return (array)JWT::decode( return (array)JWT::decode(
CookieValuePrefix::remove($this->encrypter->decrypt($request->cookie(BitinflowAccounts::cookie()), BitinflowAccounts::$unserializesCookies)), CookieValuePrefix::remove($this->encrypter->decrypt($request->cookie(BitinflowAccounts::cookie()), BitinflowAccounts::$unserializesCookies)),
new Key(
$this->encrypter->getKey(), $this->encrypter->getKey(),
['HS256'] 'RS256'
)
); );
} }

6
src/Accounts/Helpers/JwtParser.php
View File

@@ -5,6 +5,7 @@ namespace Bitinflow\Accounts\Helpers;
use Firebase\JWT\JWT; use Firebase\JWT\JWT;
use Firebase\JWT\Key;
use Illuminate\Auth\AuthenticationException; use Illuminate\Auth\AuthenticationException;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use stdClass; use stdClass;
@@ -12,8 +13,6 @@ use Throwable;
class JwtParser class JwtParser
{ {
public const ALLOWED_ALGORITHMS = ['RS256'];
/** /**
* @param Request $request * @param Request $request
* @return stdClass * @return stdClass
@@ -26,8 +25,7 @@ class JwtParser
try { try {
return JWT::decode( return JWT::decode(
$request->bearerToken(), $request->bearerToken(),
$this->getOauthPublicKey(), new Key($this->getOauthPublicKey(),'RS256')
self::ALLOWED_ALGORITHMS
); );
} catch (Throwable $exception) { } catch (Throwable $exception) {
throw (new AuthenticationException()); throw (new AuthenticationException());