From 7e538f01b28968bfcfe9e1689d06aba55d35b899 Mon Sep 17 00:00:00 2001
From: Maks3w <github.maks3w@virtualplanets.net>
Date: Sun, 17 Jan 2016 19:05:06 +0100
Subject: [PATCH 1/2] Use InvalidArgumentException when $allowed_algs is not
 array

> Exception thrown if an argument is not of the expected type.
http://php.net/manual/en/class.invalidargumentexception.php
---
 src/JWT.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/JWT.php b/src/JWT.php
index b3532df7..ae88af7e 100644
--- a/src/JWT.php
+++ b/src/JWT.php
@@ -47,7 +47,6 @@ class JWT
      *
      * @return object The JWT's payload as a PHP object
      *
-     * @throws DomainException              Algorithm was not provided
      * @throws UnexpectedValueException     Provided JWT was invalid
      * @throws SignatureInvalidException    Provided JWT was invalid because the signature verification failed
      * @throws BeforeValidException         Provided JWT is trying to be used before it's eligible as defined by 'nbf'
@@ -62,6 +61,9 @@ public static function decode($jwt, $key, $allowed_algs = array())
         if (empty($key)) {
             throw new InvalidArgumentException('Key may not be empty');
         }
+        if (!is_array($allowed_algs)) {
+            throw new InvalidArgumentException('Algorithm not allowed');
+        }
         $tks = explode('.', $jwt);
         if (count($tks) != 3) {
             throw new UnexpectedValueException('Wrong number of segments');
@@ -81,7 +83,7 @@ public static function decode($jwt, $key, $allowed_algs = array())
         if (empty(self::$supported_algs[$header->alg])) {
             throw new DomainException('Algorithm not supported');
         }
-        if (!is_array($allowed_algs) || !in_array($header->alg, $allowed_algs)) {
+        if (!in_array($header->alg, $allowed_algs)) {
             throw new DomainException('Algorithm not allowed');
         }
         if (is_array($key) || $key instanceof \ArrayAccess) {

From 1a0dc7966947419d6fb7a5ee20db8fe1d4f310b0 Mon Sep 17 00:00:00 2001
From: Maks3w <github.maks3w@virtualplanets.net>
Date: Sun, 17 Jan 2016 19:14:37 +0100
Subject: [PATCH 2/2] Use RuntimeExceptions for exceptions related with
 unencoded data.

RuntimeExceptions is the correct exception error source is the decoded data.

Note LogicExceptions as defined in PHP documentation implies a modification in the code by the developer.

> Exception that represents error in the program logic. This kind of exception should lead directly to a fix in your code.
http://php.net/manual/en/class.logicexception.php

But the token is a data provided by an external source which is out side of the control of the developer so there is no way of prevent malformed tokens.
---
 src/JWT.php       | 8 ++++----
 tests/JWTTest.php | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/JWT.php b/src/JWT.php
index ae88af7e..0a8c0633 100644
--- a/src/JWT.php
+++ b/src/JWT.php
@@ -78,19 +78,19 @@ public static function decode($jwt, $key, $allowed_algs = array())
         $sig = JWT::urlsafeB64Decode($cryptob64);
         
         if (empty($header->alg)) {
-            throw new DomainException('Empty algorithm');
+            throw new UnexpectedValueException('Empty algorithm');
         }
         if (empty(self::$supported_algs[$header->alg])) {
-            throw new DomainException('Algorithm not supported');
+            throw new UnexpectedValueException('Algorithm not supported');
         }
         if (!in_array($header->alg, $allowed_algs)) {
-            throw new DomainException('Algorithm not allowed');
+            throw new UnexpectedValueException('Algorithm not allowed');
         }
         if (is_array($key) || $key instanceof \ArrayAccess) {
             if (isset($header->kid)) {
                 $key = $key[$header->kid];
             } else {
-                throw new DomainException('"kid" empty, unable to lookup correct key');
+                throw new UnexpectedValueException('"kid" empty, unable to lookup correct key');
             }
         }
 
diff --git a/tests/JWTTest.php b/tests/JWTTest.php
index 89de8d28..e99ea03a 100644
--- a/tests/JWTTest.php
+++ b/tests/JWTTest.php
@@ -232,21 +232,21 @@ public function testArrayAccessKIDChooser()
     public function testNoneAlgorithm()
     {
         $msg = JWT::encode('abc', 'my_key');
-        $this->setExpectedException('DomainException');
+        $this->setExpectedException('UnexpectedValueException');
         JWT::decode($msg, 'my_key', array('none'));
     }
 
     public function testIncorrectAlgorithm()
     {
         $msg = JWT::encode('abc', 'my_key');
-        $this->setExpectedException('DomainException');
+        $this->setExpectedException('UnexpectedValueException');
         JWT::decode($msg, 'my_key', array('RS256'));
     }
 
     public function testMissingAlgorithm()
     {
         $msg = JWT::encode('abc', 'my_key');
-        $this->setExpectedException('DomainException');
+        $this->setExpectedException('UnexpectedValueException');
         JWT::decode($msg, 'my_key');
     }