From 5adf78eead6fe9bc39b7e001e8a74b28fa8dca56 Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Thu, 21 Apr 2022 07:18:59 -0700 Subject: [PATCH 1/9] Revert "fix: add flag to force object (#416)" This reverts commit e67638d067a537731e3f9c03e097c7c1b1f31fe8. --- src/JWT.php | 2 +- tests/JWTTest.php | 9 --------- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/src/JWT.php b/src/JWT.php index 67514b29..bf064e34 100644 --- a/src/JWT.php +++ b/src/JWT.php @@ -355,7 +355,7 @@ public static function jsonDecode(string $input) public static function jsonEncode(array $input): string { if (PHP_VERSION_ID >= 50400) { - $json = \json_encode($input, \JSON_UNESCAPED_SLASHES|\JSON_FORCE_OBJECT); + $json = \json_encode($input, \JSON_UNESCAPED_SLASHES); } else { // PHP 5.3 only $json = \json_encode($input); diff --git a/tests/JWTTest.php b/tests/JWTTest.php index e1984b34..8b23ad6b 100644 --- a/tests/JWTTest.php +++ b/tests/JWTTest.php @@ -321,15 +321,6 @@ public function testRSEncodeDecodeWithPassphrase() $this->assertEquals($decoded, $expected); } - public function testDecodesEmptyArrayAsObject() - { - $key = 'yma6Hq4XQegCVND8ef23OYgxSrC3IKqk'; - $payload = []; - $jwt = JWT::encode($payload, $key, 'HS256'); - $decoded = JWT::decode($jwt, new Key($key, 'HS256')); - $this->assertEquals((object) $payload, $decoded); - } - /** * @runInSeparateProcess * @dataProvider provideEncodeDecode From b6f82948381a0f36005a84f84de277372fd5f50c Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Thu, 21 Apr 2022 07:19:59 -0700 Subject: [PATCH 2/9] Update JWTTest.php --- tests/JWTTest.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/JWTTest.php b/tests/JWTTest.php index 8b23ad6b..dc4c357d 100644 --- a/tests/JWTTest.php +++ b/tests/JWTTest.php @@ -263,6 +263,15 @@ public function testHSEncodeDecode() $this->assertEquals(JWT::decode($msg, new Key('my_key', 'HS256')), $expected); } + public function testDecodesEmptyArrayAsObject() + { + $key = 'yma6Hq4XQegCVND8ef23OYgxSrC3IKqk'; + $payload = []; + $jwt = JWT::encode($payload, $key, 'HS256'); + $decoded = JWT::decode($jwt, new Key($key, 'HS256')); + $this->assertEquals((object) $payload, $decoded); + } + public function testRSEncodeDecode() { $privKey = openssl_pkey_new(['digest_alg' => 'sha256', From b078f416fdfedfaae57c0f30aff440fcb761c6a2 Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Thu, 21 Apr 2022 07:20:45 -0700 Subject: [PATCH 3/9] Update JWTTest.php --- tests/JWTTest.php | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/JWTTest.php b/tests/JWTTest.php index dc4c357d..1e74ecab 100644 --- a/tests/JWTTest.php +++ b/tests/JWTTest.php @@ -37,7 +37,7 @@ public function testExpiredToken() $this->expectException(ExpiredException::class); $payload = [ "message" => "abc", - "exp" => time() - 20]; // time in the past + "exp" => time() -E 20]; // time in the past $encoded = JWT::encode($payload, 'my_key', 'HS256'); JWT::decode($encoded, new Key('my_key', 'HS256')); } @@ -263,15 +263,6 @@ public function testHSEncodeDecode() $this->assertEquals(JWT::decode($msg, new Key('my_key', 'HS256')), $expected); } - public function testDecodesEmptyArrayAsObject() - { - $key = 'yma6Hq4XQegCVND8ef23OYgxSrC3IKqk'; - $payload = []; - $jwt = JWT::encode($payload, $key, 'HS256'); - $decoded = JWT::decode($jwt, new Key($key, 'HS256')); - $this->assertEquals((object) $payload, $decoded); - } - public function testRSEncodeDecode() { $privKey = openssl_pkey_new(['digest_alg' => 'sha256', @@ -330,6 +321,15 @@ public function testRSEncodeDecodeWithPassphrase() $this->assertEquals($decoded, $expected); } + public function testDecodesEmptyArrayAsObject() + { + $key = 'yma6Hq4XQegCVND8ef23OYgxSrC3IKqk'; + $payload = []; + $jwt = JWT::encode($payload, $key, 'HS256'); + $decoded = JWT::decode($jwt, new Key($key, 'HS256')); + $this->assertEquals((object) $payload, $decoded); + } + /** * @runInSeparateProcess * @dataProvider provideEncodeDecode From 2c4257cd40d691972b6a790abe7a17fe80e2754c Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Thu, 21 Apr 2022 07:21:11 -0700 Subject: [PATCH 4/9] Update JWTTest.php --- tests/JWTTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/JWTTest.php b/tests/JWTTest.php index 1e74ecab..e1984b34 100644 --- a/tests/JWTTest.php +++ b/tests/JWTTest.php @@ -37,7 +37,7 @@ public function testExpiredToken() $this->expectException(ExpiredException::class); $payload = [ "message" => "abc", - "exp" => time() -E 20]; // time in the past + "exp" => time() - 20]; // time in the past $encoded = JWT::encode($payload, 'my_key', 'HS256'); JWT::decode($encoded, new Key('my_key', 'HS256')); } From 86e1bae13fbb4205b64bc9c076ccd337e32d0bfe Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Thu, 21 Apr 2022 07:22:34 -0700 Subject: [PATCH 5/9] Update JWT.php --- src/JWT.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/JWT.php b/src/JWT.php index bf064e34..bd048417 100644 --- a/src/JWT.php +++ b/src/JWT.php @@ -158,6 +158,11 @@ public static function decode( if (isset($payload->exp) && ($timestamp - static::$leeway) >= $payload->exp) { throw new ExpiredException('Expired token'); } + + if (is_array($payload)) { + // prevent PHP Fatal Error in edge-cases when payload is empty array + return (object) $payload; + } return $payload; } From cd402e32553fb3182a803509a8c262549b75643d Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Thu, 21 Apr 2022 07:25:07 -0700 Subject: [PATCH 6/9] Update JWT.php --- src/JWT.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/JWT.php b/src/JWT.php index bd048417..23998bc2 100644 --- a/src/JWT.php +++ b/src/JWT.php @@ -111,6 +111,10 @@ public static function decode( if (null === ($payload = static::jsonDecode($payloadRaw))) { throw new UnexpectedValueException('Invalid claims encoding'); } + if (is_array($payload)) { + // prevent PHP Fatal Error in edge-cases when payload is empty array + $payload = (object) $payload; + } if (!$payload instanceof stdClass) { throw new UnexpectedValueException('Payload must be a JSON object'); } @@ -159,11 +163,6 @@ public static function decode( throw new ExpiredException('Expired token'); } - if (is_array($payload)) { - // prevent PHP Fatal Error in edge-cases when payload is empty array - return (object) $payload; - } - return $payload; } From e9c373682dbe3b7d437881cda1fcb7abd4f75b72 Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Thu, 21 Apr 2022 07:25:30 -0700 Subject: [PATCH 7/9] Update JWT.php --- src/JWT.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/JWT.php b/src/JWT.php index 23998bc2..57d92ba8 100644 --- a/src/JWT.php +++ b/src/JWT.php @@ -162,7 +162,7 @@ public static function decode( if (isset($payload->exp) && ($timestamp - static::$leeway) >= $payload->exp) { throw new ExpiredException('Expired token'); } - + return $payload; } From ca29d22135beec47eec667fa07610c0d592991bf Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Thu, 21 Apr 2022 07:35:08 -0700 Subject: [PATCH 8/9] Update JWTTest.php --- tests/JWTTest.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/JWTTest.php b/tests/JWTTest.php index e1984b34..b1599b98 100644 --- a/tests/JWTTest.php +++ b/tests/JWTTest.php @@ -330,6 +330,15 @@ public function testDecodesEmptyArrayAsObject() $this->assertEquals((object) $payload, $decoded); } + public function testDecodesArraysInJWTAsArray() + { + $key = 'yma6Hq4XQegCVND8ef23OYgxSrC3IKqk'; + $payload = ['foo' => [1,2,3]]; + $jwt = JWT::encode($payload, $key, 'HS256'); + $decoded = JWT::decode($jwt, new Key($key, 'HS256')); + $this->assertEquals($payload['foo'], $decoded['foo']); + } + /** * @runInSeparateProcess * @dataProvider provideEncodeDecode From b70800e7d150e9025286923a3e5fbfeb1337da82 Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Thu, 21 Apr 2022 07:36:24 -0700 Subject: [PATCH 9/9] Update JWTTest.php --- tests/JWTTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/JWTTest.php b/tests/JWTTest.php index b1599b98..191e3d2c 100644 --- a/tests/JWTTest.php +++ b/tests/JWTTest.php @@ -336,7 +336,7 @@ public function testDecodesArraysInJWTAsArray() $payload = ['foo' => [1,2,3]]; $jwt = JWT::encode($payload, $key, 'HS256'); $decoded = JWT::decode($jwt, new Key($key, 'HS256')); - $this->assertEquals($payload['foo'], $decoded['foo']); + $this->assertEquals($payload['foo'], $decoded->foo); } /**