Change from Storage to ReplayDetection logic.

Potherca · Potherca · commit a1fa9bed44c9 · 2022-09-21T16:00:59.000+02:00
diff --git a/src/JtiStorageInterface.php b/src/JtiStorageInterface.php
diff --git a/src/ReplayDetectorInterface.php b/src/ReplayDetectorInterface.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Pdsinterop\Solid\Auth;
+
+interface ReplayDetectorInterface
+{
+    public function detect(string $jti, string $targetUri): bool;
+}
diff --git a/src/Utils/JtiValidator.php b/src/Utils/JtiValidator.php
@@ -3,8 +3,7 @@
 namespace Pdsinterop\Solid\Auth\Utils;
 
 use DateInterval;
-use Lcobucci\JWT\Token\InvalidTokenStructure;
-use Pdsinterop\Solid\Auth\JtiStorageInterface;
+use Pdsinterop\Solid\Auth\ReplayDetectorInterface;
 
 /**
  * Validates whether a provided JTI (JWT ID) is valid.
@@ -13,40 +12,7 @@
  */
 class JtiValidator
 {
-    ////////////////////////////// CLASS PROPERTIES \\\\\\\\\\\\\\\\\\\\\\\\\\\\
-
-    /**
-     * Maximum allowed amount of seconds a JTI is valid
-     */
-    private int $maxIntervalSeconds = 600; // @TODO: Time::MINUTES_10
-
-    //////////////////////////////// PUBLIC API \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-
-    /**
-     * @param JtiStorageInterface $jtiStorage
-     * @param DateInterval $interval
-     *
-     * @throw \InvalidArgumentException When the provided Interval is not valid
-     */
-    final public function __construct(private JtiStorageInterface $jtiStorage, private DateInterval $interval)
-    {
-        $intervalSeconds = $this->interval->format('s');
-
-        // @CHECKME: Is there a maximum validity period? Does the spec say anything about this?
-        //           Or do we not need to check and should we just trust the user?
-        // @FIXME: Use DateTime / DateInterval objects rather than math to compare times
-        if ($intervalSeconds > $this->maxIntervalSeconds) {
-            $message = vsprintf(
-                'Given time interval (%s) is larger than the allowed maximum (%s)',
-                [
-                    'interval' => $intervalSeconds,
-                    'maximum' => $this->maxIntervalSeconds,
-                ]
-            );
-
-            throw new \InvalidArgumentException($message);
-        }
-    }
+    final public function __construct(private ReplayDetectorInterface $replayDetector) {}
 
     public function validate($jti, $targetUri): bool
     {
@@ -58,31 +24,10 @@ public function validate($jti, $targetUri): bool
          * The upper limit is chosen based on maximum field length in common database storage types (varchar)
          */
         if ($strlen > 12 && $strlen < 256) {
-            $isValid = $this->jtiStorage->retrieve($jti, $targetUri) === false;
-
-            if ($isValid === true) {
-                // @CHECKME: Should we catch exceptions here? Catch them in the DPOP calll? Allow them to bubble up?
-                $this->jtiStorage->store($jti, $targetUri);
-            }
-
-            // @CHECKME: Should rotation be checked before or after storing the JTI?
-            if ($this->shouldRotate()) {
-                $this->jtiStorage->rotateBuckets();
-            }
+            // @CHECKME: Should we fail silently (return false) or loudly (throw InvalidTokeException)?
+            $isValid = $this->replayDetector->detect($jti, $targetUri) === false;
         }
 
         return $isValid;
     }
-
-    ////////////////////////////// UTILITY METHODS \\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-
-    private function shouldRotate(): bool
-    {
-        $shouldRotate = false;
-
-        // @CHECKME: How to round of the interval? Count up from X:00 and add increments?
-        //           This would basically be modulo?
-
-        return $shouldRotate;
-    }
 }
