fixed hmac verify

lcobucci · Jun 11, 2015 · 91df685 · 91df685
1 parent 1e709f2
commit 91df685
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/src/Signer/Hmac.php b/src/Signer/Hmac.php
@@ -28,6 +28,10 @@ public function createHash($payload, $key)
      */
     public function verify($expected, $payload, $key)
     {
+        if (!is_string($expected)) {
+            return false;
+        }
+
         $callback = function_exists('hash_equals') ? 'hash_equals' : [$this, 'hashEquals'];
 
         return call_user_func($callback, $expected, $this->createHash($payload, $key));

diff --git a/test/Signer/HmacTest.php b/test/Signer/HmacTest.php
@@ -76,6 +76,16 @@ public function verifyShouldReturnFalseWhenExpectedHashWasNotCreatedWithSameInfo
         $this->assertFalse($this->signer->verify($expected, 'test', '1234'));
     }
 
+    /**
+     * @test
+     *
+     * @covers Lcobucci\JWT\Signer\Hmac::verify
+     */
+    public function verifyShouldReturnFalseWhenExpectedHashIsNotString()
+    {
+        $this->assertFalse($this->signer->verify(false, 'test', '1234'));
+    }
+
     /**
      * @test
      *