diff --git a/composer.json b/composer.json index ead53491..d5102432 100644 --- a/composer.json +++ b/composer.json @@ -24,7 +24,7 @@ "php": "~8.1.0 || ~8.2.0", "ext-json": "*", "dflydev/fig-cookies": "^3.0.0", - "lcobucci/jwt": "^4.3.0", + "lcobucci/jwt": "^4.3.0 || ^5.0.0", "lcobucci/clock": "^3.0.0", "psr/http-message": "^1.0.1", "psr/http-server-handler": "^1.0.1", diff --git a/composer.lock b/composer.lock index 54d5b009..43b89b52 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "bf59eb15fbee29cc5188a1a1925ab850", + "content-hash": "013055131e07072b184bccb3be327a31", "packages": [ { "name": "dflydev/fig-cookies", @@ -134,39 +134,40 @@ }, { "name": "lcobucci/jwt", - "version": "4.3.0", + "version": "5.0.0", "source": { "type": "git", "url": "https://github.com/lcobucci/jwt.git", - "reference": "4d7de2fe0d51a96418c0d04004986e410e87f6b4" + "reference": "47bdb0e0b5d00c2f89ebe33e7e384c77e84e7c34" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/lcobucci/jwt/zipball/4d7de2fe0d51a96418c0d04004986e410e87f6b4", - "reference": "4d7de2fe0d51a96418c0d04004986e410e87f6b4", + "url": "https://api.github.com/repos/lcobucci/jwt/zipball/47bdb0e0b5d00c2f89ebe33e7e384c77e84e7c34", + "reference": "47bdb0e0b5d00c2f89ebe33e7e384c77e84e7c34", "shasum": "" }, "require": { "ext-hash": "*", "ext-json": "*", - "ext-mbstring": "*", "ext-openssl": "*", "ext-sodium": "*", - "lcobucci/clock": "^2.0 || ^3.0", - "php": "^7.4 || ^8.0" + "php": "~8.1.0 || ~8.2.0", + "psr/clock": "^1.0" }, "require-dev": { - "infection/infection": "^0.21", - "lcobucci/coding-standard": "^6.0", - "mikey179/vfsstream": "^1.6.7", - "phpbench/phpbench": "^1.2", - "phpstan/extension-installer": "^1.0", - "phpstan/phpstan": "^1.4", - "phpstan/phpstan-deprecation-rules": "^1.0", - "phpstan/phpstan-phpunit": "^1.0", - "phpstan/phpstan-strict-rules": "^1.0", - "phpunit/php-invoker": "^3.1", - "phpunit/phpunit": "^9.5" + "infection/infection": "^0.26.19", + "lcobucci/clock": "^3.0", + "lcobucci/coding-standard": "^9.0", + "phpbench/phpbench": "^1.2.8", + "phpstan/extension-installer": "^1.2", + "phpstan/phpstan": "^1.10.3", + "phpstan/phpstan-deprecation-rules": "^1.1.2", + "phpstan/phpstan-phpunit": "^1.3.8", + "phpstan/phpstan-strict-rules": "^1.5.0", + "phpunit/phpunit": "^10.0.12" + }, + "suggest": { + "lcobucci/clock": ">= 3.0" }, "type": "library", "autoload": { @@ -192,7 +193,7 @@ ], "support": { "issues": "https://github.com/lcobucci/jwt/issues", - "source": "https://github.com/lcobucci/jwt/tree/4.3.0" + "source": "https://github.com/lcobucci/jwt/tree/5.0.0" }, "funding": [ { @@ -204,7 +205,7 @@ "type": "patreon" } ], - "time": "2023-01-02T13:28:00+00:00" + "time": "2023-02-25T21:35:16+00:00" }, { "name": "psr/clock", @@ -2469,23 +2470,23 @@ }, { "name": "phpunit/php-code-coverage", - "version": "9.2.24", + "version": "9.2.25", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/php-code-coverage.git", - "reference": "2cf940ebc6355a9d430462811b5aaa308b174bed" + "reference": "0e2b40518197a8c0d4b08bc34dfff1c99c508954" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/2cf940ebc6355a9d430462811b5aaa308b174bed", - "reference": "2cf940ebc6355a9d430462811b5aaa308b174bed", + "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/0e2b40518197a8c0d4b08bc34dfff1c99c508954", + "reference": "0e2b40518197a8c0d4b08bc34dfff1c99c508954", "shasum": "" }, "require": { "ext-dom": "*", "ext-libxml": "*", "ext-xmlwriter": "*", - "nikic/php-parser": "^4.14", + "nikic/php-parser": "^4.15", "php": ">=7.3", "phpunit/php-file-iterator": "^3.0.3", "phpunit/php-text-template": "^2.0.2", @@ -2534,7 +2535,7 @@ ], "support": { "issues": "https://github.com/sebastianbergmann/php-code-coverage/issues", - "source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.24" + "source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.25" }, "funding": [ { @@ -2542,7 +2543,7 @@ "type": "github" } ], - "time": "2023-01-26T08:26:55+00:00" + "time": "2023-02-25T05:32:00+00:00" }, { "name": "phpunit/php-file-iterator", diff --git a/src/Storageless/Http/SessionMiddleware.php b/src/Storageless/Http/SessionMiddleware.php index 7609afaa..7b8fb2f9 100644 --- a/src/Storageless/Http/SessionMiddleware.php +++ b/src/Storageless/Http/SessionMiddleware.php @@ -148,8 +148,13 @@ private function parseToken(Request $request): UnencryptedToken|null return null; } + $cookie = $cookies[$cookieName]; + if ($cookie === '') { + return null; + } + try { - $token = $this->config->parser()->parse($cookies[$cookieName]); + $token = $this->config->parser()->parse($cookie); } catch (InvalidArgumentException) { return null; } diff --git a/test/StoragelessTest/Http/SessionMiddlewareTest.php b/test/StoragelessTest/Http/SessionMiddlewareTest.php index 7f23a5e9..2a3a4cc6 100644 --- a/test/StoragelessTest/Http/SessionMiddlewareTest.php +++ b/test/StoragelessTest/Http/SessionMiddlewareTest.php @@ -124,6 +124,7 @@ public function testInjectsSessionInResponseCookies(callable $middlewareFactory) $token = $this->getCookie($response)->getValue(); self::assertIsString($token); + self::assertTrue($token !== ''); $parsedToken = (new Parser(new JoseEncoder()))->parse($token); self::assertInstanceOf(Plain::class, $parsedToken); self::assertEquals(['foo' => 'bar'], $parsedToken->claims()->get('session-data')); @@ -328,6 +329,20 @@ public function testWillIgnoreSignedTokensWithoutIssuedAt(callable $middlewareFa $this->ensureSameResponse($middleware, $unsignedToken, $this->emptyValidationMiddleware()); } + /** + * @param callable(): SessionMiddleware $middlewareFactory + * + * @dataProvider validMiddlewaresProvider + */ + public function testWillIgnoreRequestsWithEmptyStringCookie(callable $middlewareFactory): void + { + $middleware = $middlewareFactory(); + $expiredToken = (new ServerRequest()) + ->withCookieParams([SessionMiddleware::DEFAULT_COOKIE => '']); + + $this->ensureSameResponse($middleware, $expiredToken, $this->emptyValidationMiddleware()); + } + public function testWillRefreshTokenWithIssuedAtExactlyAtTokenRefreshTimeThreshold(): void { // forcing ourselves to think of time as a mutable value: @@ -367,7 +382,7 @@ public function testWillRefreshTokenWithIssuedAtExactlyAtTokenRefreshTimeThresho ->getValue(); self::assertIsString($tokenString); - + self::assertTrue($tokenString !== ''); $token = (new Parser(new JoseEncoder()))->parse($tokenString); self::assertInstanceOf(Plain::class, $token); self::assertEquals($now, $token->claims()->get(RegisteredClaims::ISSUED_AT), 'Token was refreshed');