Fix for JWT bug

mevdschee · mevdschee · commit 6900de010e12 · 2018-10-12T01:47:32.000+02:00
diff --git a/src/Tqdev/PhpCrudApi/Middleware/JwtAuthMiddleware.php b/src/Tqdev/PhpCrudApi/Middleware/JwtAuthMiddleware.php
@@ -38,8 +38,14 @@ private function getVerifiedClaims(String $token, int $time, int $leeway, int $t
         }
         foreach ($requirements as $field => $values) {
             if (!empty($values)) {
-                if (!isset($claims[$field]) || !in_array($claims[$field], $values)) {
-                    return array();
+                if ($field == 'alg') {
+                    if (!isset($header[$field]) || !in_array($header[$field], $values)) {
+                        return array();
+                    }
+                } else {
+                    if (!isset($claims[$field]) || !in_array($claims[$field], $values)) {
+                        return array();
+                    }
                 }
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -38,8 +38,14 @@ private function getVerifiedClaims(String $token, int $time, int $leeway, int $t`
`38`	`38`	`}`
`39`	`39`	`foreach ($requirements as $field => $values) {`
`40`	`40`	`if (!empty($values)) {`
`41`		`- if (!isset($claims[$field]) \|\| !in_array($claims[$field], $values)) {`
`42`		`- return array();`
	`41`	`+ if ($field == 'alg') {`
	`42`	`+ if (!isset($header[$field]) \|\| !in_array($header[$field], $values)) {`
	`43`	`+ return array();`
	`44`	`+ }`
	`45`	`+ } else {`
	`46`	`+ if (!isset($claims[$field]) \|\| !in_array($claims[$field], $values)) {`
	`47`	`+ return array();`
	`48`	`+ }`
`43`	`49`	`}`
`44`	`50`	`}`
`45`	`51`	`}`