Skip to content

Commit e94ff41

Browse files
feat: Allow firebase/php-jwt ^6.2 (#197)
* feat: Allow firebase/php-jwt ^6.2 * update min version to 5.5.1 * Update composer.json
1 parent d3b9735 commit e94ff41

File tree

2 files changed

+17
-2
lines changed

2 files changed

+17
-2
lines changed

composer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
"php": ">=7.3|~8.0.0|~8.1.0",
2020
"ext-curl": "*",
2121
"ext-json": "*",
22-
"firebase/php-jwt": "^5.4"
22+
"firebase/php-jwt": "^5.5.1|^6.2"
2323
},
2424
"require-dev": {
2525
"phpunit/phpunit": "^9.5.14",

src/MessageBird/RequestValidator.php

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
namespace MessageBird;
44

55
use Firebase\JWT\JWT;
6+
use Firebase\JWT\Key;
67
use Firebase\JWT\SignatureInvalidException;
78
use MessageBird\Exceptions\ValidationException;
89
use MessageBird\Objects\SignedRequest;
@@ -14,6 +15,7 @@
1415
use function http_build_query;
1516
use function implode;
1617
use function ksort;
18+
use function PHPUnit\Framework\throwException;
1719
use function time;
1820

1921
/**
@@ -139,7 +141,20 @@ public function validateSignature(string $signature, string $url, string $body)
139141

140142
JWT::$leeway = 1;
141143
try {
142-
$decoded = JWT::decode($signature, $this->signingKey, self::ALLOWED_ALGOS);
144+
$headb64 = \explode('.', $signature)[0];
145+
$headerRaw = JWT::urlsafeB64Decode($headb64);
146+
$header = JWT::jsonDecode($headerRaw);
147+
148+
$key = [];
149+
if ($header && property_exists($header, 'alg')) {
150+
if (!in_array(strtoupper($header->alg), self::ALLOWED_ALGOS, true)) {
151+
throw new ValidationException('Algorithm not supported');
152+
}
153+
154+
$key = new Key($this->signingKey, $header->alg);
155+
}
156+
157+
$decoded = JWT::decode($signature, $key);
143158
} catch (\InvalidArgumentException | \UnexpectedValueException | SignatureInvalidException $e) {
144159
throw new ValidationException($e->getMessage(), $e->getCode(), $e);
145160
}

0 commit comments

Comments
 (0)