Fix exceptions classes (#81)

Maks3w · robertdimarco · commit d6186e0519e6 · 2016-06-16T13:01:28.000-07:00
* Use InvalidArgumentException when $allowed_algs is not array > Exception thrown if an argument is not of the expected type. http://php.net/manual/en/class.invalidargumentexception.php * Use RuntimeExceptions for exceptions related with unencoded data. RuntimeExceptions is the correct exception error source is the decoded data. Note LogicExceptions as defined in PHP documentation implies a modification in the code by the developer. > Exception that represents error in the program logic. This kind of exception should lead directly to a fix in your code. http://php.net/manual/en/class.logicexception.php But the token is a data provided by an external source which is out side of the control of the developer so there is no way of prevent malformed tokens.
diff --git a/src/JWT.php b/src/JWT.php
@@ -55,7 +55,6 @@ class JWT
      *
      * @return object The JWT's payload as a PHP object
      *
-     * @throws DomainException              Algorithm was not provided
      * @throws UnexpectedValueException     Provided JWT was invalid
      * @throws SignatureInvalidException    Provided JWT was invalid because the signature verification failed
      * @throws BeforeValidException         Provided JWT is trying to be used before it's eligible as defined by 'nbf'
@@ -72,6 +71,9 @@ public static function decode($jwt, $key, $allowed_algs = array())
         if (empty($key)) {
             throw new InvalidArgumentException('Key may not be empty');
         }
+        if (!is_array($allowed_algs)) {
+            throw new InvalidArgumentException('Algorithm not allowed');
+        }
         $tks = explode('.', $jwt);
         if (count($tks) != 3) {
             throw new UnexpectedValueException('Wrong number of segments');
@@ -86,19 +88,19 @@ public static function decode($jwt, $key, $allowed_algs = array())
         $sig = JWT::urlsafeB64Decode($cryptob64);
         
         if (empty($header->alg)) {
-            throw new DomainException('Empty algorithm');
+            throw new UnexpectedValueException('Empty algorithm');
         }
         if (empty(self::$supported_algs[$header->alg])) {
-            throw new DomainException('Algorithm not supported');
+            throw new UnexpectedValueException('Algorithm not supported');
         }
-        if (!is_array($allowed_algs) || !in_array($header->alg, $allowed_algs)) {
-            throw new DomainException('Algorithm not allowed');
+        if (!in_array($header->alg, $allowed_algs)) {
+            throw new UnexpectedValueException('Algorithm not allowed');
         }
         if (is_array($key) || $key instanceof \ArrayAccess) {
             if (isset($header->kid)) {
                 $key = $key[$header->kid];
             } else {
-                throw new DomainException('"kid" empty, unable to lookup correct key');
+                throw new UnexpectedValueException('"kid" empty, unable to lookup correct key');
             }
         }
 
diff --git a/tests/JWTTest.php b/tests/JWTTest.php
@@ -232,21 +232,21 @@ public function testArrayAccessKIDChooser()
     public function testNoneAlgorithm()
     {
         $msg = JWT::encode('abc', 'my_key');
-        $this->setExpectedException('DomainException');
+        $this->setExpectedException('UnexpectedValueException');
         JWT::decode($msg, 'my_key', array('none'));
     }
 
     public function testIncorrectAlgorithm()
     {
         $msg = JWT::encode('abc', 'my_key');
-        $this->setExpectedException('DomainException');
+        $this->setExpectedException('UnexpectedValueException');
         JWT::decode($msg, 'my_key', array('RS256'));
     }
 
     public function testMissingAlgorithm()
     {
         $msg = JWT::encode('abc', 'my_key');
-        $this->setExpectedException('DomainException');
+        $this->setExpectedException('UnexpectedValueException');
         JWT::decode($msg, 'my_key');
     }
 

Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,6 @@ class JWT`
`55`	`55`	`*`
`56`	`56`	`* @return object The JWT's payload as a PHP object`
`57`	`57`	`*`
`58`		`- * @throws DomainException Algorithm was not provided`
`59`	`58`	`* @throws UnexpectedValueException Provided JWT was invalid`
`60`	`59`	`* @throws SignatureInvalidException Provided JWT was invalid because the signature verification failed`
`61`	`60`	`* @throws BeforeValidException Provided JWT is trying to be used before it's eligible as defined by 'nbf'`
`@@ -72,6 +71,9 @@ public static function decode($jwt, $key, $allowed_algs = array())`
`72`	`71`	`if (empty($key)) {`
`73`	`72`	`throw new InvalidArgumentException('Key may not be empty');`
`74`	`73`	`}`
	`74`	`+ if (!is_array($allowed_algs)) {`
	`75`	`+ throw new InvalidArgumentException('Algorithm not allowed');`
	`76`	`+ }`
`75`	`77`	`$tks = explode('.', $jwt);`
`76`	`78`	`if (count($tks) != 3) {`
`77`	`79`	`throw new UnexpectedValueException('Wrong number of segments');`
`@@ -86,19 +88,19 @@ public static function decode($jwt, $key, $allowed_algs = array())`
`86`	`88`	`$sig = JWT::urlsafeB64Decode($cryptob64);`
`87`	`89`
`88`	`90`	`if (empty($header->alg)) {`
`89`		`- throw new DomainException('Empty algorithm');`
	`91`	`+ throw new UnexpectedValueException('Empty algorithm');`
`90`	`92`	`}`
`91`	`93`	`if (empty(self::$supported_algs[$header->alg])) {`
`92`		`- throw new DomainException('Algorithm not supported');`
	`94`	`+ throw new UnexpectedValueException('Algorithm not supported');`
`93`	`95`	`}`
`94`		`- if (!is_array($allowed_algs) \|\| !in_array($header->alg, $allowed_algs)) {`
`95`		`- throw new DomainException('Algorithm not allowed');`
	`96`	`+ if (!in_array($header->alg, $allowed_algs)) {`
	`97`	`+ throw new UnexpectedValueException('Algorithm not allowed');`
`96`	`98`	`}`
`97`	`99`	`if (is_array($key) \|\| $key instanceof \ArrayAccess) {`
`98`	`100`	`if (isset($header->kid)) {`
`99`	`101`	`$key = $key[$header->kid];`
`100`	`102`	`} else {`
`101`		`- throw new DomainException('"kid" empty, unable to lookup correct key');`
	`103`	`+ throw new UnexpectedValueException('"kid" empty, unable to lookup correct key');`
`102`	`104`	`}`
`103`	`105`	`}`
`104`	`106`
Original file line number	Diff line number	Diff line change
`@@ -232,21 +232,21 @@ public function testArrayAccessKIDChooser()`
`232`	`232`	`public function testNoneAlgorithm()`
`233`	`233`	`{`
`234`	`234`	`$msg = JWT::encode('abc', 'my_key');`
`235`		`- $this->setExpectedException('DomainException');`
	`235`	`+ $this->setExpectedException('UnexpectedValueException');`
`236`	`236`	`JWT::decode($msg, 'my_key', array('none'));`
`237`	`237`	`}`
`238`	`238`
`239`	`239`	`public function testIncorrectAlgorithm()`
`240`	`240`	`{`
`241`	`241`	`$msg = JWT::encode('abc', 'my_key');`
`242`		`- $this->setExpectedException('DomainException');`
	`242`	`+ $this->setExpectedException('UnexpectedValueException');`
`243`	`243`	`JWT::decode($msg, 'my_key', array('RS256'));`
`244`	`244`	`}`
`245`	`245`
`246`	`246`	`public function testMissingAlgorithm()`
`247`	`247`	`{`
`248`	`248`	`$msg = JWT::encode('abc', 'my_key');`
`249`		`- $this->setExpectedException('DomainException');`
	`249`	`+ $this->setExpectedException('UnexpectedValueException');`
`250`	`250`	`JWT::decode($msg, 'my_key');`
`251`	`251`	`}`
`252`	`252`