Merge branch 'feature/allow-multiple-audiences-and-issuers'

README.md

@@ -61,6 +61,25 @@ echo $token->getClaim('uid'); // will print "1"
 echo $token; // The string representation of the object is a JWT string (pretty easy, right?)
 ```
 
+If we have multiple possible members in the audience of a given token, we can set multiple audience members like so:
+
+```php
+use Lcobucci\JWT\Configuration;
+
+$config = new Configuration(); // This object helps to simplify the creation of the dependencies
+                               // instead of using "?:" on constructors.
+
+$token = $config->createBuilder()
+                ->setIssuer('http://example.com')
+                ->setAudience(['http://example.org', 'http://example.com', 'http://example.io']) // Sets all three as audience members of this token.
+                ->setId('4f1g23a12aa', true)
+                ->setIssuedAt(time())
+                ->setNotBefore(time() + 60)
+                ->setExpiration(time() + 3600)
+                ->set('uid', 1)
+                ->getToken();
+```
+
 ### Parsing from strings
 
 Use the parser to create a new token from a JWT string (using the previous token as example):
@@ -75,6 +94,7 @@ $token->getClaims(); // Retrieves the token claims
 
 echo $token->getHeader('jti'); // will print "4f1g23a12aa"
 echo $token->getClaim('iss'); // will print "http://example.com"
+echo $token->getClaim('aud')[0]; // will print "http://example.org"
 echo $token->getClaim('uid'); // will print "1"
 ```
 
@@ -101,6 +121,14 @@ $data->setCurrentTime(time() + 4000); // changing the validation time to future
 var_dump($token->validate($data)); // false, because token is expired since current time is greater than exp
 ```
 
+If we have multiple possible issuers of an equivalent token, then it is possible to set multiple issuers to the ```ValidationData``` object:
+
+```php
+$data = new ValidationData();
+$data->setIssuer(['http://example.com', 'http://example.io']);
+$data->setAudience('http://example.org');
+```
+
 #### Important
 
 - You have to configure ```ValidationData``` informing all claims you want to validate the token.

src/Builder.php

@@ -76,14 +76,22 @@ public function __construct(
     /**
      * Configures the audience
      *
-     * @param string $audience
+     * @param string|array $audience
      * @param bool $replicateAsHeader
      *
      * @return Builder
      */
-    public function setAudience(string $audience, bool $replicateAsHeader = false): Builder
+    public function setAudience($audience, bool $replicateAsHeader = false): Builder
     {
-        return $this->setRegisteredClaim('aud', $audience, $replicateAsHeader);
+        if (!is_array($audience)) {
+            $audience = [$audience];
+        }
+
+        return $this->setRegisteredClaim(
+            'aud',
+            array_values(array_map('strval', $audience)),
+            $replicateAsHeader
+        );
     }
 
     /**

src/Claim/ContainedEqualsTo.php

@@ -0,0 +1,34 @@
+<?php
+/**
+ * This file is part of Lcobucci\JWT, a simple library to handle JWT and JWS
+ *
+ * @license http://opensource.org/licenses/BSD-3-Clause BSD-3-Clause
+ */
+
+declare(strict_types=1);
+
+namespace Lcobucci\JWT\Claim;
+
+use Lcobucci\JWT\Claim;
+use Lcobucci\JWT\ValidationData;
+
+/**
+ * Validatable claim that checks if claim value is strictly equal to an item in the given validation data set.
+ *
+ * @author Matthew John Marshall <matthew.marshall96@yahoo.co.uk>
+ * @since 4.0.0
+ */
+class ContainedEqualsTo extends Basic implements Claim, Validatable
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function validate(ValidationData $data) : bool
+    {
+        if ($data->has($this->getName())) {
+            return in_array($this->getValue(), $data->get($this->getName()));
+        }
+
+        return true;
+    }
+}

src/Claim/ContainsEqualsTo.php

@@ -0,0 +1,34 @@
+<?php
+/**
+ * This file is part of Lcobucci\JWT, a simple library to handle JWT and JWS
+ *
+ * @license http://opensource.org/licenses/BSD-3-Clause BSD-3-Clause
+ */
+
+declare(strict_types=1);
+
+namespace Lcobucci\JWT\Claim;
+
+use Lcobucci\JWT\Claim;
+use Lcobucci\JWT\ValidationData;
+
+/**
+ * Validatable claim that checks if the claim value set contains a value strictly equal to the validation item value.
+ *
+ * @author Matthew John Marshall <matthew.marshall96@yahoo.co.uk>
+ * @since 4.0.0
+ */
+class ContainsEqualsTo extends Basic implements Claim, Validatable
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function validate(ValidationData $data) : bool
+    {
+        if ($data->has($this->getName())) {
+            return in_array($data->get($this->getName()), $this->getValue());
+        }
+
+        return true;
+    }
+}

src/Claim/Factory.php

@@ -38,8 +38,8 @@ public function __construct(array $callbacks = [])
                 'iat' => [$this, 'createLesserOrEqualsTo'],
                 'nbf' => [$this, 'createLesserOrEqualsTo'],
                 'exp' => [$this, 'createGreaterOrEqualsTo'],
-                'iss' => [$this, 'createEqualsTo'],
-                'aud' => [$this, 'createEqualsTo'],
+                'iss' => [$this, 'createContainedEqualsTo'],
+                'aud' => [$this, 'createContainsEqualsTo'],
                 'sub' => [$this, 'createEqualsTo'],
                 'jti' => [$this, 'createEqualsTo']
             ],
@@ -103,6 +103,32 @@ private function createEqualsTo(string $name, $value): EqualsTo
         return new EqualsTo($name, $value);
     }
 
+    /**
+     * Creates a claim that can be compared (contained equals).
+     *
+     * @param string $name
+     * @param mixed $value
+     *
+     * @return ContainedEqualsTo
+     */
+    protected function createContainedEqualsTo(string $name, $value): ContainedEqualsTo
+    {
+        return new ContainedEqualsTo($name, $value);
+    }
+
+    /**
+     * Creates a claim that can be compared (contains equals).
+     *
+     * @param string $name
+     * @param mixed $value
+     *
+     * @return ContainsEqualsTo
+     */
+    protected function createContainsEqualsTo(string $name, $value): ContainsEqualsTo
+    {
+        return new ContainsEqualsTo($name, $value);
+    }
+
     /**
      * Creates a basic claim
      *

src/ValidationData.php

@@ -57,11 +57,15 @@ public function setId(string $id)
     /**
      * Configures the issuer
      *
-     * @param string $issuer
+     * @param string|array $issuer
      */
-    public function setIssuer(string $issuer)
+    public function setIssuer($issuer)
     {
-        $this->items['iss'] = $issuer;
+        if (!is_array($issuer)) {
+            $issuer = [$issuer];
+        }
+
+        $this->items['iss'] = array_values(array_map('strval', $issuer));
     }
 
     /**

test/functional/EcdsaTokenTest.php

@@ -133,7 +133,7 @@ public function builderCanGenerateAToken()
 
         $this->assertAttributeInstanceOf(Signature::class, 'signature', $token);
         $this->assertEquals('1234', $token->getHeader('jki'));
-        $this->assertEquals('http://client.abc.com', $token->getClaim('aud'));
+        $this->assertEquals(['http://client.abc.com'], $token->getClaim('aud'));
         $this->assertEquals('http://api.abc.com', $token->getClaim('iss'));
         $this->assertEquals($user, $token->getClaim('user'));
 

test/functional/HmacTokenTest.php

@@ -62,7 +62,7 @@ public function builderCanGenerateAToken()
 
         $this->assertAttributeInstanceOf(Signature::class, 'signature', $token);
         $this->assertEquals('1234', $token->getHeader('jki'));
-        $this->assertEquals('http://client.abc.com', $token->getClaim('aud'));
+        $this->assertEquals(['http://client.abc.com'], $token->getClaim('aud'));
         $this->assertEquals('http://api.abc.com', $token->getClaim('iss'));
         $this->assertEquals($user, $token->getClaim('user'));
 

test/functional/RsaTokenTest.php

@@ -122,7 +122,7 @@ public function builderCanGenerateAToken()
 
         $this->assertAttributeInstanceOf(Signature::class, 'signature', $token);
         $this->assertEquals('1234', $token->getHeader('jki'));
-        $this->assertEquals('http://client.abc.com', $token->getClaim('aud'));
+        $this->assertEquals(['http://client.abc.com'], $token->getClaim('aud'));
         $this->assertEquals('http://api.abc.com', $token->getClaim('iss'));
         $this->assertEquals($user, $token->getClaim('user'));
 

test/functional/UnsignedTokenTest.php

@@ -56,7 +56,7 @@ public function builderCanGenerateAToken()
                          ->getToken();
 
         $this->assertAttributeEquals(null, 'signature', $token);
-        $this->assertEquals('http://client.abc.com', $token->getClaim('aud'));
+        $this->assertEquals(['http://client.abc.com'], $token->getClaim('aud'));
         $this->assertEquals('http://api.abc.com', $token->getClaim('iss'));
         $this->assertEquals(self::CURRENT_TIME + 3000, $token->getClaim('exp'));
         $this->assertEquals($user, $token->getClaim('user'));

test/unit/BuilderTest.php

@@ -89,6 +89,24 @@ public function setAudienceMustChangeTheAudClaim()
         $this->assertAttributeEquals(['aud' => $this->defaultClaim], 'claims', $builder);
     }
 
+    /**
+     * @test
+     *
+     * @uses Lcobucci\JWT\Builder::__construct
+     * @uses Lcobucci\JWT\Builder::set
+     *
+     * @covers Lcobucci\JWT\Builder::setAudience
+     * @covers Lcobucci\JWT\Builder::setRegisteredClaim
+     */
+    public function setAudienceMustAcceptArrayOfValues()
+    {
+        $builder = $this->createBuilder();
+        $builder->setAudience(['test', 'test2']);
+
+        $this->assertAttributeEquals(['alg' => 'none', 'typ' => 'JWT'], 'headers', $builder);
+        $this->assertAttributeEquals(['aud' => $this->defaultClaim], 'claims', $builder);
+    }
+
     /**
      * @test
      *

test/unit/Claim/ContainedEqualsToTest.php

@@ -0,0 +1,70 @@
+<?php
+/**
+ * This file is part of Lcobucci\JWT, a simple library to handle JWT and JWS
+ *
+ * @license http://opensource.org/licenses/BSD-3-Clause BSD-3-Clause
+ */
+
+declare(strict_types=1);
+
+namespace Lcobucci\JWT\Claim;
+
+use Lcobucci\JWT\ValidationData;
+
+/**
+ * @author Matthew John Marshall <matthew.marshall96@yahoo.co.uk>
+ * @since 4.0.0
+ */
+class ContainedEqualsToTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @test
+     *
+     * @uses Lcobucci\JWT\Claim\Basic
+     * @uses Lcobucci\JWT\ValidationData
+     *
+     * @covers Lcobucci\JWT\Claim\ContainedEqualsTo::validate
+     */
+    public function validateShouldReturnTrueWhenValidationDoesntHaveTheClaim()
+    {
+        $claim = new ContainedEqualsTo('iss', 'test');
+
+        $this->assertTrue($claim->validate(new ValidationData()));
+    }
+
+    /**
+     * @test
+     *
+     * @uses Lcobucci\JWT\Claim\Basic
+     * @uses Lcobucci\JWT\ValidationData
+     *
+     * @covers Lcobucci\JWT\Claim\ContainedEqualsTo::validate
+     */
+    public function validateShouldReturnTrueWhenClaimValueIsEqualToAtLeastOneItemInValidationData()
+    {
+        $claim = new ContainedEqualsTo('iss', 'test');
+
+        $data = new ValidationData();
+        $data->setIssuer(['test', 'test2']);
+
+        $this->assertTrue($claim->validate($data));
+    }
+
+    /**
+     * @test
+     *
+     * @uses Lcobucci\JWT\Claim\Basic
+     * @uses Lcobucci\JWT\ValidationData
+     *
+     * @covers Lcobucci\JWT\Claim\ContainedEqualsTo::validate
+     */
+    public function validateShouldReturnFalseWhenClaimValueIsNotEqualToAtLeastOneItemInValidationData()
+    {
+        $claim = new ContainedEqualsTo('iss', 'test');
+
+        $data = new ValidationData();
+        $data->setIssuer(['test2', 'test3']);
+
+        $this->assertFalse($claim->validate($data));
+    }
+}