Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update JWT.php #85

Closed
wants to merge 1 commit into from
Closed

Update JWT.php #85

wants to merge 1 commit into from
+3 −3

Conversation

cceconi
Copy link

@cceconi cceconi commented Feb 16, 2016

Hi,

The openssl_verify return is not well tested (see http://php.net/manual/fr/function.openssl-verify.php) and the return is not boolean as the phpdoc says.
So, I made a little update to allow control of bad signature to not be considered as an error.

@cceconi
Update JWT.php
a5a650a 
Hi,

The openssl_verify return is not well tested (see http://php.net/manual/fr/function.openssl-verify.php) and the return is not boolean as the phpdoc says.
So, I made a little update to allow control of bad signature to not be considered as an error.
@googlebot
Copy link

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed, please reply here (e.g. I signed it!) and we'll verify. Thanks.

  • If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
  • If you signed the CLA as a corporation, please let us know the company's name.

@cceconi
Copy link
Author

cceconi commented Feb 16, 2016

I signed it!

Le mar. 16 févr. 2016 17:32, googlebot [email protected] a écrit :

Thanks for your pull request. It looks like this may be your first
contribution to a Google open source project. Before we can look at your
pull request, you'll need to sign a Contributor License Agreement (CLA).

[image: 📝] Please visit https://cla.developers.google.com/
https://cla.developers.google.com/ to sign.

Once you've signed, please reply here (e.g. I signed it!) and we'll

verify. Thanks.


Reply to this email directly or view it on GitHub
#85 (comment).

bshaffer
bshaffer reviewed Dec 8, 2016
View reviewed changes
src/JWT.php
@@ -212,10 +212,10 @@ private static function verify($msg, $signature, $key, $alg)
switch($function) {
case 'openssl':
$success = openssl_verify($msg, $signature, $key, $algorithm);
if (!$success) {
throw new DomainException("OpenSSL unable to verify data: " . openssl_error_string());
if(in_array($success, array(0, 1))) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would love to see this in a switch statement. Also, I would love to see tests.

@bshaffer
Copy link
Collaborator

closing in favor of #159

@bshaffer bshaffer closed this Jun 21, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bshaffer bshaffer

Assignees
No one assigned
Labels
cla: no
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@cceconi @googlebot @bshaffer