add jwt_is_valid with fix

Author: milwad-dev

composer.json

@@ -19,7 +19,7 @@
       }
   ],
   "require": {
-    "laravel/framework": "^8.0|^9.0",
+    "laravel/framework": "^8.0|^9.0"
   },
   "require-dev": {
     "orchestra/testbench": "^5.0|^6.0|^7.0",

src/Rules/ValidJwt.php

@@ -12,29 +12,10 @@ class ValidJwt implements Rule
      * @param string $attribute
      * @param mixed $value
      * @return bool
-     * @throws \JsonException
      */
     public function passes($attribute, $value)
     {
-        $tokenParts = explode('.', $value);
-        $header = base64_decode($tokenParts[0]);
-        $payload = base64_decode($tokenParts[1]);
-        $signature_provided = $tokenParts[2];
-
-        // check the expiration time - note this will cause an error if there is no 'exp' claim in the jwt
-        $expiration = json_decode($payload, false, 512, JSON_THROW_ON_ERROR)->exp;
-        $is_token_expired = ($expiration - time()) < 0;
-
-        // build a signature based on the header and payload using the secret
-        $base64_url_header = $this->base64url_encode($header);
-        $base64_url_payload = $this->base64url_encode($payload);
-        $signature = hash_hmac('SHA256', $base64_url_header . "." . $base64_url_payload, 'secret', true);
-        $base64_url_signature = $this->base64url_encode($signature);
-
-        // verify it matches the signature provided in the jwt
-        $is_signature_valid = ($base64_url_signature === $signature_provided);
-
-        return !($is_token_expired || !$is_signature_valid);
+        return preg_match('/^[a-zA-Z0-9-_]+\.[a-zA-Z0-9-_]+\.[a-zA-Z0-9-_]+$/', $value);
     }
 
     /**

tests/ValidJwtTest.php

@@ -2,6 +2,8 @@
 
 namespace Milwad\LaravelValidate\Tests;
 
+use Milwad\LaravelValidate\Rules\ValidJwt;
+
 class ValidJwtTest extends BaseTest
 {
     /**
@@ -13,4 +15,19 @@ protected function setUp(): void
     {
         parent::setUp();
     }
+
+    /**
+     * Test jwt is valid.
+     *
+     * @test
+     * @return void
+     */
+    public function jwt_is_valid()
+    {
+        $rules = ['jwt' => [new ValidJwt()]];
+        $data = ['jwt' => 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjEyMzQ1Njc4OTAiLCJuYW1lIjoiSm9obiBEb2UiLCJhZG1pbiI6dHJ1ZSwiZXhwIjoxNTgyNjE2MDA1fQ.umEYVDP_kZJGCI3tkU9dmq7CIumEU8Zvftc-klp-334'];
+        $passes = $this->app['validator']->make($data, $rules)->passes();
+
+        $this->assertTrue($passes);
+    }
 }