update JSON::WebToken to 0.10 and add args to "load" method with back…

…ward compatibility
ritou · Jun 5, 2015 · 705638a · 705638a
1 parent 7517b28
commit 705638a
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 12 deletions.
diff --git a/META.json b/META.json
@@ -4,7 +4,7 @@
       "Ryo Ito <ritou.06@gmail.com>"
    ],
    "dynamic_config" : 0,
-   "generated_by" : "Minilla/v2.3.0, CPAN::Meta::Converter version 2.143240",
+   "generated_by" : "Minilla/v2.4.1, CPAN::Meta::Converter version 2.150001",
    "license" : [
       "perl_5"
    ],
@@ -53,7 +53,7 @@
          "requires" : {
             "Class::Accessor::Fast" : "0.34",
             "Data::Dump" : "1.17",
-            "JSON::WebToken" : "0.09",
+            "JSON::WebToken" : "0.10",
             "JSON::XS" : "0",
             "MIME::Base64" : "3.11",
             "OAuth::Lite2" : "0.10",

diff --git a/cpanfile b/cpanfile
@@ -1,7 +1,7 @@
 requires 'Class::Accessor::Fast', '0.34';
 requires 'Data::Dump', '1.17';
 requires 'JSON::XS';
-requires 'JSON::WebToken', '0.09';
+requires 'JSON::WebToken', '0.10';
 requires 'MIME::Base64', '3.11';
 requires 'OAuth::Lite2', '0.10';
 requires 'Params::Validate', '0.95';

diff --git a/lib/OIDC/Lite/Model/IDToken.pm b/lib/OIDC/Lite/Model/IDToken.pm
@@ -39,6 +39,7 @@ __PACKAGE__->mk_accessors(qw(
     payload
     key
     token_string
+    alg
 ));
 
 =head1 METHODS
@@ -53,6 +54,7 @@ Constructor
         header  => \%header,
         payload => \%payload,
         key     => $key,
+        alg     => $alg,
     );
 
 =cut
@@ -66,6 +68,7 @@ sub new {
             header      => { optional => 1 },
             payload     => { optional => 1 },
             key         => { optional => 1 },
+            alg         => { optional => 1 },
         },
         allow_extra => 0,
     );
@@ -157,7 +160,7 @@ load ID Token object from token string
 =cut
 
 sub load {
-    my ($self, $token_string) = @_;
+    my ($self, $token_string, $key, $alg) = @_;
         return unless($token_string);
 
     my $header  = OIDC::Lite::Util::JWT::header($token_string);
@@ -166,7 +169,9 @@ sub load {
 
     my $id_token =  OIDC::Lite::Model::IDToken->new(
                        header   => $header, 
-                       payload  => $payload, 
+                       payload  => $payload,
+                       key      => $key,
+                       alg      => $alg,
                     );
     $id_token->token_string($token_string);
     return $id_token;
@@ -177,10 +182,10 @@ sub load {
 verify token signature.
 
     my $token_string = '...';
-    my $id_token = OIDC::Lite::Model::IDToken->load($token_string);
-
+    my $alg = 'HS256';
     my $key = 'shared_secret_key';
-    $id_token->key($key);
+
+    my $id_token = OIDC::Lite::Model::IDToken->load($token_string, $key, $alg);
     unless($id_token->verify()){
         # validation failed
     }
@@ -195,9 +200,17 @@ sub verify {
     $self->key('')
         unless($self->key);
 
+    unless ($self->alg) {
+        if ($self->header->{alg}) {
+            $self->alg($self->header->{alg});
+        } else {
+            $self->alg('none');
+        }
+    }
+
     my $payload = undef;
     eval{
-        $payload = decode_jwt($self->token_string, $self->key, 1, 1);
+        $payload = decode_jwt($self->token_string, $self->key, 1, [$self->alg]);
     };
     if($@){
         return 0;

diff --git a/t/040_unit/model/id_token.t b/t/040_unit/model/id_token.t
@@ -239,6 +239,18 @@ TEST_VERIFY: {
     $id_token = OIDC::Lite::Model::IDToken->load($token_string);
     ok($id_token->verify());
 
+    $token_string = 'eyJhbGciOiJub25lIiwidHlwIjoiSldTIn0.eyJmb28iOiJiYXIifQ.';
+    $id_token = OIDC::Lite::Model::IDToken->load($token_string, '', 'none');
+    ok($id_token->verify());
+
+    $token_string = 'eyJhbGciOiJub25lIiwidHlwIjoiSldTIn0.eyJmb28iOiJiYXIifQ.';
+    $id_token = OIDC::Lite::Model::IDToken->load($token_string, 'should be ignored', 'none');
+    ok($id_token->verify());
+
+    $token_string = 'eyJhbGciOiJub25lIiwidHlwIjoiSldTIn0.eyJmb28iOiJiYXIifQ.';
+    $id_token = OIDC::Lite::Model::IDToken->load($token_string, '', 'HS256');
+    ok(!$id_token->verify());
+
     $token_string = 'eyJhbGciOiJub25lIiwidHlwIjoiSldTIn0.eyJmb28iOiJiYXIifQ.INVALID';
     $id_token = OIDC::Lite::Model::IDToken->load($token_string);
     ok(!$id_token->verify());
@@ -250,28 +262,66 @@ TEST_VERIFY: {
     $id_token->key($key);
     ok($id_token->verify());
 
-    $token_string = 'eyJ0eXAiOiJKV1MiLCJhbGciOiJIUzI1NiJ9.eyJmb28iOiJiYXIifQ.Q3cQIgBthdlPPhP5elxuD58iB-Vw2AtxPDPlXng3YaM';
-    $id_token = OIDC::Lite::Model::IDToken->load($token_string);
+    $id_token = OIDC::Lite::Model::IDToken->load($token_string, $key);
+    ok($id_token->verify());
+
+    $id_token = OIDC::Lite::Model::IDToken->load($token_string, $key, 'HS256');
+    ok($id_token->verify());
+
+    $id_token = OIDC::Lite::Model::IDToken->load($token_string, '', 'HS256');
+    ok(!$id_token->verify());
+
+    $id_token = OIDC::Lite::Model::IDToken->load($token_string, $key, 'HS384');
+    ok(!$id_token->verify());
+
     $key = q{this_is_invalid_shared_secret_key};
+    $id_token = OIDC::Lite::Model::IDToken->load($token_string);
     $id_token->key($key);
     ok(!$id_token->verify());
 
+    $id_token = OIDC::Lite::Model::IDToken->load($token_string, $key);
+    ok(!$id_token->verify());
+
+    $id_token = OIDC::Lite::Model::IDToken->load($token_string, $key, 'HS256');
+    ok(!$id_token->verify());
+
     $token_string = 'eyJ0eXAiOiJKV1MiLCJhbGciOiJIUzI1NiJ9.eyJmb28iOiJiYXIifQ.INVALIDSIGNATURE';
-    $id_token = OIDC::Lite::Model::IDToken->load($token_string);
     $key = q{this_is_shared_secret_key};
+    $id_token = OIDC::Lite::Model::IDToken->load($token_string);
     $id_token->key($key);
     ok(!$id_token->verify());
 
+    $id_token = OIDC::Lite::Model::IDToken->load($token_string, $key);
+    ok(!$id_token->verify());
+
+    $id_token = OIDC::Lite::Model::IDToken->load($token_string, $key, 'HS256');
+    ok(!$id_token->verify());
+
     # alg : RS256
     $token_string = 'eyJ0eXAiOiJKV1MiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ.M3bzN8GKhPxFyENIwcnLb7S_ofOHOjJDh1LXfK5X8No60PGCVa5JIgDeHKLC4_g-mnUqq-JEmxVc8so3FpPWea8c4zHWU1tr1n-GLFO4TSAnsIfuPFcvJB8rNVe4iHA4ePKqUE8Z7jb_d0pcg4NpXr0GYPIg_NQbQIPwjpNz789dpNH3_OClJxeY_ELMkWoZAWHO6uTymPnmlg2KK0PlRp60yWhHi9JlgObYrUEItnjfOyOOqL37oL-S4GyENYFbzcdkCicPIFnnK4oFIY-NmO5Fh6g-NaSPSmgcSiJzbOOdaWNeG6HDQINAEcwT18vUHRVwzGqU1AATztDGpF3mVQ';
     $id_token = OIDC::Lite::Model::IDToken->load($token_string);
     $id_token->key($pubkey);
     ok($id_token->verify());
 
+    $id_token = OIDC::Lite::Model::IDToken->load($token_string, $pubkey);
+    ok($id_token->verify());
+
+    $id_token = OIDC::Lite::Model::IDToken->load($token_string, $pubkey, 'RS256');
+    ok($id_token->verify());
+
+    $id_token = OIDC::Lite::Model::IDToken->load($token_string, $pubkey, 'RS512');
+    ok(!$id_token->verify());
+
     $token_string = 'eyJ0eXAiOiJKV1MiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ.INVALID';
     $id_token = OIDC::Lite::Model::IDToken->load($token_string);
     $id_token->key($pubkey);
     ok(!$id_token->verify());
+
+    $id_token = OIDC::Lite::Model::IDToken->load($token_string, $pubkey);
+    ok(!$id_token->verify());
+
+    $id_token = OIDC::Lite::Model::IDToken->load($token_string, $pubkey, 'RS256');
+    ok(!$id_token->verify());
 };
 
 done_testing;