7805057844

Committed 06 Feb 2024 07:28PM UTC coverage: 45.675% (-0.2%) from 45.913%

Build # 7805057844

Build Type

push

github

Committed by

web-flow

Commit Message

Housekeeping (#162)

Run Details

11 of 35 new or added lines in 14 files covered. (31.43%)

9 existing lines in 7 files now uncovered.

264 of 578 relevant lines covered (45.67%)

14.07 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/Auth/OAuth2/AzureTokenVerifier.php

<?php

namespace Northwestern\SysDev\SOA\Auth\OAuth2;

use Firebase\JWT\JWK;
use GuzzleHttp\Client;
use Illuminate\Support\Facades\Cache;
use Laravel\Socialite\Two\InvalidStateException;
use Lcobucci\Clock\SystemClock;
use Lcobucci\JWT\Configuration;
use Lcobucci\JWT\Signer\Key\InMemory;
use Lcobucci\JWT\Signer\Rsa\Sha256;
use Lcobucci\JWT\UnencryptedToken;
use Lcobucci\JWT\Validation\Constraint\IssuedBy;
use Lcobucci\JWT\Validation\Constraint\LooseValidAt;
use Lcobucci\JWT\Validation\Constraint\SignedWith;
use Lcobucci\JWT\Validation\RequiredConstraintsViolated;

class AzureTokenVerifier
{
    public const KEYS_URL = 'https://login.microsoftonline.com/common/discovery/v2.0/keys';

    public const ISSUER = 'https://login.microsoftonline.com/7d76d361-8277-4708-a477-64e8366cd1bc/v2.0'; // UUID is our tenant ID

    /**
     * Parses the ID token, validates it with Microsoft's signing keys, and returns it.
     *
     * This method will download Microsoft's signing keys and cache them briefly.
     *
     * @throws InvalidStateException
     */
    public static function parseAndVerify(string $jwt): UnencryptedToken
    {
        $jwtContainer = Configuration::forUnsecuredSigner();
        $token = $jwtContainer->parser()->parse($jwt);

        $data = self::loadKeys();

        $publicKeys = JWK::parseKeySet($data);
        $kid = $token->headers()->get('kid');

        if (isset($publicKeys[$kid])) {
            $publicKey = openssl_pkey_get_details($publicKeys[$kid]);
            $constraints = [
                new SignedWith(new Sha256(), InMemory::plainText($publicKey['key'])),
                new IssuedBy(self::ISSUER),
                new LooseValidAt(SystemClock::fromSystemTimezone()),
            ];

            try {
                $jwtContainer->validator()->assert($token, ...$constraints);

                if (! ($token instanceof UnencryptedToken)) {
                    $type = get_class($token);
                    throw new InvalidStateException("Expected an UnencryptedToken, got {$type} instead.");
                }

                return $token;
            } catch (RequiredConstraintsViolated $e) {
                throw new InvalidStateException($e->getMessage());
            }
        }

        throw new InvalidStateException('Invalid JWT Signature');
    }

    protected static function loadKeys()
    {
        return Cache::remember('socialite:Azure-JWKSet', 5 * 60, function () {
            $response = (new Client())->get(self::KEYS_URL);

            return json_decode($response->getBody()->getContents(), true);
        });
    }
}

1	<?php
2
3	namespace Northwestern\SysDev\SOA\Auth\OAuth2;
4
5	use Firebase\JWT\JWK;
6	use GuzzleHttp\Client;
7	use Illuminate\Support\Facades\Cache;
8	use Laravel\Socialite\Two\InvalidStateException;
9	use Lcobucci\Clock\SystemClock;
10	use Lcobucci\JWT\Configuration;
11	use Lcobucci\JWT\Signer\Key\InMemory;
12	use Lcobucci\JWT\Signer\Rsa\Sha256;
13	use Lcobucci\JWT\UnencryptedToken;
14	use Lcobucci\JWT\Validation\Constraint\IssuedBy;
15	use Lcobucci\JWT\Validation\Constraint\LooseValidAt;
16	use Lcobucci\JWT\Validation\Constraint\SignedWith;
17	use Lcobucci\JWT\Validation\RequiredConstraintsViolated;
18
19	class AzureTokenVerifier
20	{
21	public const KEYS_URL = 'https://login.microsoftonline.com/common/discovery/v2.0/keys';
22
23	public const ISSUER = 'https://login.microsoftonline.com/7d76d361-8277-4708-a477-64e8366cd1bc/v2.0'; // UUID is our tenant ID
24
25	/**
26	* Parses the ID token, validates it with Microsoft's signing keys, and returns it.
27	*
28	* This method will download Microsoft's signing keys and cache them briefly.
29	*
30	* @throws InvalidStateException
31	*/
32	public static function parseAndVerify(string $jwt): UnencryptedToken
33	{
34	$jwtContainer = Configuration::forUnsecuredSigner();	×
35	$token = $jwtContainer->parser()->parse($jwt);	×
36
37	$data = self::loadKeys();	×
38
39	$publicKeys = JWK::parseKeySet($data);	×
40	$kid = $token->headers()->get('kid');	×
41
42	if (isset($publicKeys[$kid])) {	×
43	$publicKey = openssl_pkey_get_details($publicKeys[$kid]);	×
44	$constraints = [	×
45	new SignedWith(new Sha256(), InMemory::plainText($publicKey['key'])),	×
46	new IssuedBy(self::ISSUER),	×
47	new LooseValidAt(SystemClock::fromSystemTimezone()),	×
48	];	×
49
50	try {
51	$jwtContainer->validator()->assert($token, ...$constraints);	×
52
NEW 53	if (! ($token instanceof UnencryptedToken)) {	×
NEW 54	$type = get_class($token);	×
NEW 55	throw new InvalidStateException("Expected an UnencryptedToken, got {$type} instead.");	×
56	}
57
58	return $token;	×
59	} catch (RequiredConstraintsViolated $e) {	×
60	throw new InvalidStateException($e->getMessage());	×
61	}
62	}
63
64	throw new InvalidStateException('Invalid JWT Signature');	×
65	}
66
67	protected static function loadKeys()
68	{
69	return Cache::remember('socialite:Azure-JWKSet', 5 * 60, function () {	×
70	$response = (new Client())->get(self::KEYS_URL);	×
71
72	return json_decode($response->getBody()->getContents(), true);	×
73	});	×
74	}
75	}

NIT-Administrative-Systems / SysDev-laravel-soa / 7805057844

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous