OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	08/12/2024 10:36:29 AM	rwxr-xr-x
📁 Cache	-	08/12/2024 10:36:42 AM	rwxr-xr-x
📄 GeneratorTest.php	1.87 KB	08/12/2024 10:36:30 AM	rw-r--r--
📄 HttpKeyStoreTest.php	1.66 KB	08/12/2024 10:36:30 AM	rw-r--r--
📄 TenantAwareGeneratorTest.php	2.33 KB	08/12/2024 10:36:30 AM	rw-r--r--
📄 TenantAwareVerifierTest.php	2.46 KB	08/12/2024 10:36:30 AM	rw-r--r--
📄 TestCase.php	1010 bytes	08/12/2024 10:36:30 AM	rw-r--r--
📁 Util	-	08/12/2024 10:36:42 AM	rwxr-xr-x
📄 VerifierTest.php	5.32 KB	08/12/2024 10:36:30 AM	rw-r--r--

Editing: VerifierTest.php

<?php

declare(strict_types=1);

namespace Firebase\Auth\Token\Tests;

use DateInterval;
use DateTimeImmutable;
use Firebase\Auth\Token\Exception\ExpiredToken;
use Firebase\Auth\Token\Exception\InvalidSignature;
use Firebase\Auth\Token\Exception\InvalidToken;
use Firebase\Auth\Token\Exception\IssuedInTheFuture;
use Firebase\Auth\Token\Exception\UnknownKey;
use Firebase\Auth\Token\Tests\Util\TestHelperClock;
use Firebase\Auth\Token\Verifier;
use Kreait\Clock\SystemClock;
use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Configuration;
use Lcobucci\JWT\Signer\Key\LocalFileReference;

/**
 * @internal
 */
class VerifierTest extends TestCase
{
    private Verifier $verifier;

private string $projectId;

private Builder $builder;

private Configuration $config;

protected function setUp(): void
    {
        $this->config = $this->createJwtConfiguration();
        $this->projectId = 'project-id';

$clock = new TestHelperClock(new SystemClock());

$this->builder = $this->config->builder()
            ->expiresAt($clock->minutesLater(30))
            ->withClaim('auth_time', $clock->minutesEarlier(30)->getTimestamp())
            ->issuedAt($clock->secondsEarlier(10))
            ->issuedBy('https://securetoken.google.com/'.$this->projectId)
            ->permittedFor($this->projectId)
            ->withHeader('kid', 'valid_key_id')
        ;

$this->verifier = new Verifier($this->projectId, $this->createKeyStore(), $this->config->signer());
    }

public function testItVerifiesAValidToken(): void
    {
        $token = $this->builder->getToken($this->config->signer(), $this->config->signingKey());

$this->verifier->verifyIdToken($token);
        $this->addToAssertionCount(1);
    }

public function testItVerifiesAValidTokenString(): void
    {
        $token = $this->builder->getToken($this->config->signer(), $this->config->signingKey())->toString();

$this->verifier->verifyIdToken($token);
        $this->addToAssertionCount(1);
    }

public function testItAppliesALeewayOf5MinutesWhenCheckingTheIssueTime(): void
    {
        $token = $this->builder
            ->issuedAt((new DateTimeImmutable())->add(new DateInterval('PT295S')))
            ->getToken($this->config->signer(), $this->config->signingKey())
        ;

$this->verifier->verifyIdToken($token);
        $this->addToAssertionCount(1);
    }

public function testItAppliesALeewayOf5MinutesWhenCheckingTheAuthTime(): void
    {
        $token = $this->builder
            ->withClaim('auth_time', (new DateTimeImmutable())->add(new DateInterval('PT295S')))
            ->getToken($this->config->signer(), $this->config->signingKey())
        ;

$this->verifier->verifyIdToken($token);
        $this->addToAssertionCount(1);
    }

public function testItRejectsATokenOfAUserThatHasNotYetAuthenticated(): void
    {
        $token = $this->builder
            ->withClaim('auth_time', (new DateTimeImmutable())->add(new DateInterval('PT2H')))
            ->getToken($this->config->signer(), $this->config->signingKey())
        ;

$this->expectException(InvalidToken::class);
        $this->verifier->verifyIdToken($token);
    }

public function testItRejectsATokenWithNoAuthTime(): void
    {
        $token = $this->builder
            ->withClaim('auth_time', null)
            ->getToken($this->config->signer(), $this->config->signingKey())
        ;

$this->expectException(InvalidToken::class);
        $this->verifier->verifyIdToken($token);
    }

public function testItNeedsToFindAPublicKey(): void
    {
        $token = $this->builder
            ->withHeader('kid', 'other')
            ->getToken($this->config->signer(), $this->config->signingKey())
        ;

$this->expectException(UnknownKey::class);
        $this->verifier->verifyIdToken($token);
    }

public function testItRejectsAnUnknownSignature(): void
    {
        $other = LocalFileReference::file(__DIR__.'/../../../_fixtures/other.key');
        $token = $this->builder->getToken($this->config->signer(), $other);

$this->expectException(InvalidSignature::class);
        $this->verifier->verifyIdToken($token);
    }

public function testItRejectsAnExpiredToken(): void
    {
        $token = $this->builder
            ->expiresAt((new DateTimeImmutable())->modify('-10 minutes'))
            ->getToken($this->config->signer(), $this->config->signingKey())
        ;

$this->expectException(ExpiredToken::class);
        $this->verifier->verifyIdToken($token);
    }

public function testItRejectsANotYetIssuedToken(): void
    {
        $token = $this->builder
            ->issuedAt((new DateTimeImmutable())->modify('+10 minutes'))
            ->getToken($this->config->signer(), $this->config->signingKey())
        ;

$this->expectException(IssuedInTheFuture::class);
        $this->verifier->verifyIdToken($token);
    }

public function testItRejectsAnUnknownIssuer(): void
    {
        $token = $this->builder
            ->issuedBy('unknown')
            ->getToken($this->config->signer(), $this->config->signingKey())
        ;

$this->expectException(InvalidToken::class);
        $this->verifier->verifyIdToken($token);
    }
}