cdoco / php-jwt Goto Github PK

View Code? Open in Web Editor NEW

230.0 14.0 49.0 102 KB

:cyclone: A PHP extension for JSON Web Token (JWT)

Home Page: https://jwt.io

License: Other

M4 2.45% JavaScript 0.44% C 66.90% PHP 29.49% Shell 0.72%

c php7-extension jwt php php-jwt

php-jwt's Introduction

Hey, nice to see you.

🍓 一个爱写代码的旅游爱好者。

php-jwt's People

Contributors

Stargazers

Watchers

Forkers

qhxin mtgnorton xiaohuilam kamiorz feidou adaamz dkriese zhaoyun666 greatxj lilianjin intekhabrizvi zhangzheng521 twomiao stch12132324 debvarta xiaoguai66 mio-next cepeus arslan-irshad zks888 lokamaya opensmarty ace411 renguifeng nacholee748 aizxin phpclub ivanbarayev pagsli tsys45gh gunesahmet 767061485 huizhang-php sergiy-petrov frivas0708 tdx113 krisell jabaruben ryus2002 mhf-ir swdreams gilbertomg montreep deapinnov sunqiu wordgege ajunlonglive houweifeng ademkizmaz leonardocxavier

php-jwt's Issues

Uncaught Error: Call to undefined function jwt_encode()

Well, this weird but I have compiled and installed the module but I am still getting Uncaught Error: Call to undefined function jwt_encode() .

I have verified from phpinfo() that jwt.ini is loading.

I am using PHP 7.3 on runcloud.

I installed module using:

/RunCloud/Packages/php73rc/bin/phpize && ./configure --with-openssl=/usr/bin/openssl --with-php-config=/RunCloud/Packages/php73rc/bin/php-config
make
sudo make install

Am I missing something here?

如何静态编译？

在特殊换下需要静态编译php（例如docker环境)。

一般其他库是放在php的ext目录下，删除configure, 运行 ./buildconf --force 。

再次执行configure --help就有了 --enable-jwt类似的选项。

php-jwt库里就没有 --enable-jwt，在静态编译的时候无法启用。

phpize: command not found

I just cloned the repo and ran the command. Now what do I do?

php reflection problem for phpstan

phpstan/phpstan#1052 (comment)

Segmentation fault of php-fpm instance on jwt_decode

php-fpm instance faults with SIGSEGV on invalid token on jwt_decode.
gdb backtrace is below:

Program received signal SIGSEGV, Segmentation fault.
0x00000000005a36ca in zend_hash_str_find ()
(gdb) bt
#0  0x00000000005a36ca in zend_hash_str_find ()
#1  0x000000080603a24a in jwt_verify_body (body=<value optimized out>,
    return_value=0x802a1e1c0) at jwt.c:274
#2  0x000000080603af34 in php_jwt_decode (execute_data=<value optimized out>,
    return_value=0x802a1e1c0) at jwt.c:605
#3  0x00000000006352ad in ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_USED_HANDLER ()
#4  0x00000000005d4048 in execute_ex ()
#5  0x00000000005d4221 in zend_execute ()
#6  0x000000000058e085 in zend_execute_scripts ()
#7  0x0000000000528802 in php_execute_script ()
#8  0x0000000000670673 in main ()
#9  0x0000000000421885 in _start ()
#10 0x00000008009d8000 in ?? ()
#11 0x0000000000000000 in ?? ()

The following diff:

moves jwt_verify_body after jwt_verify function. No need to check body if signature verification is already failed.
Add checks in jwt_verify_body for base64 decode and json decode failures.

diff --git a/jwt.c b/jwt.c
index c4dd9b3..2bdce22 100644
--- a/jwt.c
+++ b/jwt.c
@@ -331,10 +331,6 @@ int jwt_verify_body(char *body, zval *return_value)
     time_t curr_time = time((time_t*)NULL);
     zend_string *vs = jwt_b64_url_decode(body);

-    /* decode json to array */
-    php_json_decode_ex(return_value, ZSTR_VAL(vs), ZSTR_LEN(vs), PHP_JSON_OBJECT_AS_ARRAY, 512);
-    zend_string_free(vs);
-
 #define FORMAT_CEX_TIME(t, cex) do {                                                            \
        struct tm *timeinfo;                                                                     \
        char buf[128];                                                                           \
@@ -349,55 +345,68 @@ int jwt_verify_body(char *body, zval *return_value)
         err_msg = msg;                  \
     } while(0);

-    /* set expiration and not before */
-    JWT_G(expiration) = jwt_hash_str_find_long(return_value, "exp");
-    JWT_G(not_before) = jwt_hash_str_find_long(return_value, "nbf");
-    JWT_G(iat) = jwt_hash_str_find_long(return_value, "iat");
-
-    /* expiration */
-    if (JWT_G(expiration) && (curr_time - JWT_G(leeway)) >= JWT_G(expiration))
-        FORMAT_CEX_MSG("Expired token", jwt_expired_signature_cex);
-
-    /* not before */
-    if (JWT_G(not_before) && JWT_G(not_before) > (curr_time + JWT_G(leeway)))
-        FORMAT_CEX_TIME(JWT_G(not_before), jwt_before_valid_cex);
-
-    /* iat */
-    if (JWT_G(iat) && JWT_G(iat) > (curr_time + JWT_G(leeway)))
-        FORMAT_CEX_TIME(JWT_G(iat), jwt_invalid_iat_cex);
-
-    /* iss */
-    if (jwt_verify_claims_str(return_value, "iss", JWT_G(iss)))
-        FORMAT_CEX_MSG("Invalid Issuer", jwt_invalid_issuer_cex);
+    if (!vs) {
+        FORMAT_CEX_MSG("Invalid body", spl_ce_UnexpectedValueException);
+        goto done;
+    }

-    /* jti */
-    if (jwt_verify_claims_str(return_value, "jti", JWT_G(jti)))
-        FORMAT_CEX_MSG("Invalid Jti", jwt_invalid_jti_cex);
+    /* decode json to array */
+    php_json_decode_ex(return_value, ZSTR_VAL(vs), ZSTR_LEN(vs), PHP_JSON_OBJECT_AS_ARRAY, 512);
+    zend_string_free(vs);

-    /* aud */
-    size_t flag = 0;
-    zval *zv_aud = zend_hash_str_find(Z_ARRVAL_P(return_value), "aud", strlen("aud"));
+    if (Z_TYPE(*return_value) == IS_ARRAY) {
+        /* set expiration and not before */
+        JWT_G(expiration) = jwt_hash_str_find_long(return_value, "exp");
+        JWT_G(not_before) = jwt_hash_str_find_long(return_value, "nbf");
+        JWT_G(iat) = jwt_hash_str_find_long(return_value, "iat");
+        /* expiration */
+        if (JWT_G(expiration) && (curr_time - JWT_G(leeway)) >= JWT_G(expiration))
+            FORMAT_CEX_MSG("Expired token", jwt_expired_signature_cex);
+
+        /* not before */
+        if (JWT_G(not_before) && JWT_G(not_before) > (curr_time + JWT_G(leeway)))
+            FORMAT_CEX_TIME(JWT_G(not_before), jwt_before_valid_cex);
+
+        /* iat */
+        if (JWT_G(iat) && JWT_G(iat) > (curr_time + JWT_G(leeway)))
+            FORMAT_CEX_TIME(JWT_G(iat), jwt_invalid_iat_cex);
+
+        /* iss */
+        if (jwt_verify_claims_str(return_value, "iss", JWT_G(iss)))
+            FORMAT_CEX_MSG("Invalid Issuer", jwt_invalid_issuer_cex);
+
+        /* jti */
+        if (jwt_verify_claims_str(return_value, "jti", JWT_G(jti)))
+            FORMAT_CEX_MSG("Invalid Jti", jwt_invalid_jti_cex);
+
+        /* aud */
+        size_t flag = 0;
+        zval *zv_aud = zend_hash_str_find(Z_ARRVAL_P(return_value), "aud", strlen("aud"));
+
+        if (zv_aud && JWT_G(aud)) {
+            switch(Z_TYPE_P(zv_aud)) {
+            case IS_ARRAY:
+                if (jwt_array_equals(Z_ARRVAL_P(JWT_G(aud)), Z_ARRVAL_P(zv_aud))) flag = 1;
+                break;
+            case IS_STRING:
+                if (strcmp(Z_STRVAL_P(JWT_G(aud)), Z_STRVAL_P(zv_aud))) flag = 1;
+                break;
+            default:
+                php_error_docref(NULL, E_WARNING, "Aud type must be string or array");
+                break;
+            }

-    if (zv_aud && JWT_G(aud)) {
-        switch(Z_TYPE_P(zv_aud)) {
-        case IS_ARRAY:
-            if (jwt_array_equals(Z_ARRVAL_P(JWT_G(aud)), Z_ARRVAL_P(zv_aud))) flag = 1;
-            break;
-        case IS_STRING:
-            if (strcmp(Z_STRVAL_P(JWT_G(aud)), Z_STRVAL_P(zv_aud))) flag = 1;
-            break;
-        default:
-            php_error_docref(NULL, E_WARNING, "Aud type must be string or array");
-            break;
+            if (flag) FORMAT_CEX_MSG("Invalid Aud", jwt_invalid_aud_cex);
         }

-        if (flag) FORMAT_CEX_MSG("Invalid Aud", jwt_invalid_aud_cex);
+        /* sub */
+        if (jwt_verify_claims_str(return_value, "sub", JWT_G(sub)))
+            FORMAT_CEX_MSG("Invalid Sub", jwt_invalid_sub_cex);
     }
+    else
+        FORMAT_CEX_MSG("Json decode error", spl_ce_UnexpectedValueException);

-    /* sub */
-    if (jwt_verify_claims_str(return_value, "sub", JWT_G(sub)))
-        FORMAT_CEX_MSG("Invalid Sub", jwt_invalid_sub_cex);
-
+done:
     if (err_msg) {
         zend_throw_exception(ce, err_msg, 0);
         return FAILURE;
@@ -601,11 +610,6 @@ static void php_jwt_decode(INTERNAL_FUNCTION_PARAMETERS) {
         goto decode_done;
     }

-    /* parse body */
-    if (jwt_verify_body(body, return_value) == FAILURE) {
-        goto decode_done;
-    }
-
     /* verify */
     if (jwt->alg == JWT_ALG_NONE) {
         /* done */
@@ -624,6 +628,11 @@ static void php_jwt_decode(INTERNAL_FUNCTION_PARAMETERS) {
         }
     }

+    /* parse body */
+    if (jwt_verify_body(body, return_value) == FAILURE) {
+        goto decode_done;
+    }
+
     smart_str_free(&segments);

 decode_done:

能不能弄个windows的扩展编译

目前很多pecl上的扩展很多都有windows下编译的DLL.能不能弄个windows的扩展编译

make test faild

# make test

Build complete.
Don't forget to run 'make test'.


=====================================================================
PHP         : /usr/bin/php7.2 
PHP_SAPI    : cli
PHP_VERSION : 7.2.5-0ubuntu0.18.04.1
ZEND_VERSION: 3.2.0
PHP_OS      : Linux - Linux aasaam-swoole 4.15.0-22-generic #24-Ubuntu SMP Wed May 16 12:15:17 UTC 2018 x86_64
INI actual  : /tmp/php-jwt/tmp-php.ini
More .INIs  :   
---------------------------------------------------------------------
PHP         : /usr/bin/phpdbg7.2 
PHP_SAPI    : phpdbg
PHP_VERSION : 7.2.5-0ubuntu0.18.04.1
ZEND_VERSION: 3.2.0
PHP_OS      : Linux - Linux aasaam-swoole 4.15.0-22-generic #24-Ubuntu SMP Wed May 16 12:15:17 UTC 2018 x86_64
INI actual  : /tmp/php-jwt/tmp-php.ini
More .INIs  : 
---------------------------------------------------------------------
CWD         : /tmp/php-jwt
Extra dirs  : 
VALGRIND    : Not used
=====================================================================
TIME START 2018-05-30 10:42:01
=====================================================================
PASS Check for jwt presence [tests/001.phpt] 
FAIL Check for jwt HMAC algorithm (HS256) [tests/002.phpt] 
FAIL Check for jwt RSA algorithm (RS256) [tests/003.phpt] 
FAIL Check for jwt ECDSA algorithm (ES256) [tests/004.phpt] 
=====================================================================
TIME END 2018-05-30 10:42:01

=====================================================================
TEST RESULT SUMMARY
---------------------------------------------------------------------
Exts skipped    :    0
Exts tested     :   15
---------------------------------------------------------------------

Number of tests :    4                 4
Tests skipped   :    0 (  0.0%) --------
Tests warned    :    0 (  0.0%) (  0.0%)
Tests failed    :    3 ( 75.0%) ( 75.0%)
Expected fail   :    0 (  0.0%) (  0.0%)
Tests passed    :    1 ( 25.0%) ( 25.0%)
---------------------------------------------------------------------
Time taken      :    0 seconds
=====================================================================

=====================================================================
FAILED TEST SUMMARY
---------------------------------------------------------------------
Check for jwt HMAC algorithm (HS256) [tests/002.phpt]
Check for jwt RSA algorithm (RS256) [tests/003.phpt]
Check for jwt ECDSA algorithm (ES256) [tests/004.phpt]
=====================================================================

Add JWT object

I'd like to see introduced also the JWT object

DomainException with message 'OpenSSL unable to sign data'

I'm trying to use the jwt_encode() function to create a jwt ... I have supplied the payload, a private key and specified the algorithm to use as 'RS256' ... but I keep getting the above exception. I have spent hours googling what the issue could be but I'm getting nowhere. Please help

json.so的问题

jwt 要求json.so 但是 extension=json.so 之后会报错： core_warning: Module 'json' already loaded Unknown(0) php 7.0默认已经编译json支持了，再在配置文件中设置扩展会导致重复载入扩展。你们有遇到这个问题吗？

Provide optional headers

I'm trying to use this extension to generate tokens for the Apple Push Notification service (APNs), however Apple requires a custom header with a 'kid' parameter, for an authorisation identifier code for the user's developer account. Unless I'm missing something (and I've looked at the c code) I can't see an ability to customise the headers.

Any chance of adding an optional additional_headers parameter to the encode function?

Algorith PS256 Support

Can we get support for PS256 algorithm

exp time bug

I find a bug in php-cli mode. if code run in php-cli mode, the exp time can't valid. I think may be the C function to get time have problem . example: I use swoft framework and I have add middleware to valid token , and I set exp is time() + 10 . but 30 second after .it also can use

mac can't compile

my mac can‘t complie. configure: error: Please reinstall the OpenSSL library . how can I fix it?

Key with passphrase

How to use passphrase for key access?

Segfault with multiple jwt_decode using RSA

Getting segmentation fault error on latest master:

segfault at 10 ip 00007f0f7535ba94 sp 00007ffcb6cd3d80 error 4 in jwt.so[7f0f75357000+6000]

Code to reproduce:

<?php

function generateKeyPair()
{
  $key = openssl_pkey_new([
    'digest_alg' => 'sha512',
    'private_key_bits' => 1024,
    'private_key_type' => OPENSSL_KEYTYPE_RSA,
  ]);
  openssl_pkey_export($key, $private);
  $public = openssl_pkey_get_details($key)['key'];
  openssl_pkey_free($key);
  return [$public, $private];
}

list($apub, $apriv) = generateKeyPair();
list($bpub, $bpriv) = generateKeyPair();

$payload = ['message' => 'hello world'];
$token = jwt_encode($payload, $apriv, 'RS512');
$decoded = jwt_decode($token, $apub, ['algorithm' => 'RS512']);

$payload = ['message' => 'hello world 2'];
$token = jwt_encode($payload, $bpriv, 'RS512');
$decoded = jwt_decode($token, $bpub, ['algorithm' => 'RS512']); // segfault

RS256 segmentation fault

Greetings! I am trying to use RSA but SF (segmentation fault) is occurring.

I am creating a private key with this command:
"openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits: 1024"

and a public key with this command:
"openssl rsa -pubout -in private_key.pem -out public_key.pem"

and I'm using these functions:

$privateKey = file_get_contents ('private_key.pem');
$publicKey = file_get_contents ('public_key');
$retVal['Bearer'] = jwt_encode($payload, $privateKey, 'RS256');
$open_token = jwt_decode ($token, $publicKey, ['algorithm' => 'RS256']);

I walked step-by-step in the code, the values are generated, but further ahead in the code happens the segmentation failure. Am I doing something wrong?
I'm using CentOS 7, PHP 7.3 and mariaDB through the mysqli module.
When I use HS256 it runs ok.

Mac configure: error: Please reinstall the OpenSSL library

openssl version
OpenSSL 1.0.2q 20 Nov 2018