Merge pull request #501 from cakephp/jwt-auth-algos

Overwrite "algorithms" config instead of merging.
cakephp · Nov 25, 2021 · 9dc2d73 · 9dc2d73
2 parents 1623daf + e8af975
commit 9dc2d73
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/src/Authenticator/JwtAuthenticator.php b/src/Authenticator/JwtAuthenticator.php
@@ -54,6 +54,10 @@ public function __construct(IdentifierInterface $identifier, array $config = [])
     {
         parent::__construct($identifier, $config);
 
+        if (isset($config['algorithms'])) {
+            $this->setConfig('algorithms', $config['algorithms'], false);
+        }
+
         if (empty($this->_config['secretKey'])) {
             if (!class_exists(Security::class)) {
                 throw new RuntimeException('You must set the `secretKey` config key for JWT authentication.');

diff --git a/tests/TestCase/Authenticator/JwtAuthenticatorTest.php b/tests/TestCase/Authenticator/JwtAuthenticatorTest.php
@@ -70,6 +70,20 @@ public function setUp(): void
         $this->identifiers = new IdentifierCollection([]);
     }
 
+    /**
+     * Test that "algorithms" config overwrites the default value instead of merging.
+     *
+     * @return void
+     */
+    public function testAlgorithmsOverwrite()
+    {
+        $authenticator = new JwtAuthenticator($this->identifiers, [
+            'algorithms' => ['RS256'],
+        ]);
+
+        $this->assertSame(['RS256'], $authenticator->getConfig('algorithms'));
+    }
+
     /**
      * testAuthenticateViaHeaderToken
      *