Normalize dashes in JWT permissions/scopes (#184)

mkilmanas · evansims · web-flow · commit 218c64d07a57 · 2024-06-24T14:40:39.000-05:00
### Changes When converting permissions/scopes to Symfony roles, apply replacement not only for colon (`:`) character, but also for dash (`-`) character, as some resources/permissions consist of multiple words and dash is a recommended separator in such cases. ### Testing - Have a permission/scope in Auth0 token that contains a dash (e.g. `read:licence-plates`) - Convert it to Symfony roles (by getting the roles of the JWT authenticated user/m2m): - before: it would return `ROLE_READ_LICENCE-PLATES` - after: it returns `ROLE_READ_LICENCE_PLATES` [ ] This change adds test coverage [ ] This change has been tested on the latest version of Symfony ### Checklist [x] I have read the [Auth0 general contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md) [x] I have read the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md) [x] All existing and new tests complete without errors Co-authored-by: Evan Sims <hello@evansims.com>
diff --git a/src/Models/User.php b/src/Models/User.php
@@ -258,21 +258,21 @@ public function getRoles(): array
         }
 
         foreach ($roles as $role) {
-            $response[] = implode('_', explode(':', strtoupper($role)));
+            $response[] = str_replace([':', '-'], '_', strtoupper($role));
         }
 
         if (is_array($permissions)) {
             foreach ($permissions as $permission) {
                 if (is_string($permission)) {
-                    $response[] = 'ROLE_' . implode('_', explode(':', strtoupper($permission)));
+                    $response[] = 'ROLE_' . str_replace([':', '-'], '_', strtoupper($permission));
                 }
             }
         }
 
         if (is_array($scopes)) {
             foreach ($scopes as $scope) {
                 if (is_string($scope)) {
-                    $response[] = 'ROLE_' . implode('_', explode(':', strtoupper($scope)));
+                    $response[] = 'ROLE_' . str_replace([':', '-'], '_', strtoupper($scope));
                 }
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -258,21 +258,21 @@ public function getRoles(): array`
`258`	`258`	`}`
`259`	`259`
`260`	`260`	`foreach ($roles as $role) {`
`261`		`- $response[] = implode('_', explode(':', strtoupper($role)));`
	`261`	`+ $response[] = str_replace([':', '-'], '_', strtoupper($role));`
`262`	`262`	`}`
`263`	`263`
`264`	`264`	`if (is_array($permissions)) {`
`265`	`265`	`foreach ($permissions as $permission) {`
`266`	`266`	`if (is_string($permission)) {`
`267`		`- $response[] = 'ROLE_' . implode('_', explode(':', strtoupper($permission)));`
	`267`	`+ $response[] = 'ROLE_' . str_replace([':', '-'], '_', strtoupper($permission));`
`268`	`268`	`}`
`269`	`269`	`}`
`270`	`270`	`}`
`271`	`271`
`272`	`272`	`if (is_array($scopes)) {`
`273`	`273`	`foreach ($scopes as $scope) {`
`274`	`274`	`if (is_string($scope)) {`
`275`		`- $response[] = 'ROLE_' . implode('_', explode(':', strtoupper($scope)));`
	`275`	`+ $response[] = 'ROLE_' . str_replace([':', '-'], '_', strtoupper($scope));`
`276`	`276`	`}`
`277`	`277`	`}`
`278`	`278`	`}`