preventing changes to payload

tymondesigns · Sep 15, 2014 · 0946b84 · 0946b84
1 parent 845620f
commit 0946b84
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 21 deletions.
diff --git a/spec/Tymon/JWTAuth/JWTProviderSpec.php b/spec/Tymon/JWTAuth/JWTProviderSpec.php
@@ -4,8 +4,7 @@
 use Illuminate\Http\Request;
 use Mockery;
 
-class JWTProviderSpec extends ObjectBehavior
-{
+class JWTProviderSpec extends ObjectBehavior {
 
     function it_is_initializable()
     {

diff --git a/spec/Tymon/JWTAuth/PayloadSpec.php b/spec/Tymon/JWTAuth/PayloadSpec.php
@@ -4,8 +4,7 @@
 
 use PhpSpec\ObjectBehavior;
 
-class PayloadSpec extends ObjectBehavior
-{
+class PayloadSpec extends ObjectBehavior {
 
 	function it_creates_the_object_when_passing_a_valid_payload()
 	{
@@ -25,8 +24,22 @@ function it_creates_the_object_when_passing_a_valid_payload()
 		$this->get('custom')->shouldBe('data');
 		$this['sub']->shouldBe(1);
 
-		$this['extra'] = 'something';
-		$this->get('extra')->shouldBe('something');
+		$this->get('custom')->shouldBe('data');
+	}
+
+	function it_should_throw_an_exception_when_attempting_to_change_the_payload()
+	{
+		$payload = [
+			'iat' => time(),
+			'exp' => time() + (60 * 60), // plus 1 hour
+			'sub' => 1,
+			'iss' => 'http://example.com'
+		];
+
+		$this->beConstructedWith($payload);
+
+		$this->shouldThrow('Tymon\JWTAuth\Exceptions\PayloadException')->during('offsetSet', ['extra', 'something']);
+		$this->shouldThrow('Tymon\JWTAuth\Exceptions\PayloadException')->during('offsetUnset', ['extra']);
 	}
 
 	function it_should_throw_an_exception_when_payload_does_not_contain_required_claims()

diff --git a/spec/Tymon/JWTAuth/TokenSpec.php b/spec/Tymon/JWTAuth/TokenSpec.php
@@ -4,8 +4,7 @@
 
 use PhpSpec\ObjectBehavior;
 
-class TokenSpec extends ObjectBehavior
-{
+class TokenSpec extends ObjectBehavior {
 
 	function it_creates_the_object_when_passing_a_well_formed_token()
 	{

diff --git a/src/Tymon/JWTAuth/Payload.php b/src/Tymon/JWTAuth/Payload.php
@@ -84,7 +84,7 @@ protected function validateExpiry($value)
 	 */
 	public function get($property = null)
 	{
-		if (! is_null($property) )
+		if ( ! is_null($property) )
 		{
 			return $this->value[$property];
 		}
@@ -125,33 +125,26 @@ public function offsetGet($key)
 	}
 
 	/**
-	 * Set the item at a given offset.
+	 * Don't allow changing the payload as it should be immutable
 	 *
 	 * @param  mixed  $key
 	 * @param  mixed  $value
 	 * @return void
 	 */
 	public function offsetSet($key, $value)
 	{
-		if (is_null($key))
-		{
-			$this->value[] = $value;
-		}
-		else
-		{
-			$this->value[$key] = $value;
-		}
+		throw new PayloadException('You cannot change the payload');
 	}
 
 	/**
-	 * Unset the item at a given offset.
+	 * Don't allow changing the payload as it should be immutable
 	 *
 	 * @param  string  $key
 	 * @return void
 	 */
 	public function offsetUnset($key)
 	{
-		unset($this->value[$key]);
+		throw new PayloadException('You cannot change the payload');
 	}
 
 }
diff --git a/src/Tymon/JWTAuth/Token.php b/src/Tymon/JWTAuth/Token.php
@@ -28,7 +28,7 @@ public function __construct($value)
 	 */
 	protected function validateToken($value)
 	{
-		if( count(explode('.', $value)) !== 3 )
+		if ( count(explode('.', $value)) !== 3 )
 		{
 			throw new JWTException('Invalid JWT - Wrong number of segments');
 		}