diff --git a/README.md b/README.md index 87f14f0..b8424d8 100644 --- a/README.md +++ b/README.md @@ -121,6 +121,21 @@ mutation RefreshAuthToken { } ``` +## Filters + +The plugin offers some filters to hook into. + +### Change Auth Token expiration + +**Note: For security, we highly recommend, that the Auth Token is short lived. So do not set this higher than 300 seconds unless you know what you are doing.** + +```php +add_filter('graphql_jwt_auth_expire', 60); +``` + +- Argument: Expiration in seconds +- Default: 300 + ## Example using GraphiQL ![Example using GraphiQL](https://github.com/wp-graphql/wp-graphql-jwt-authentication/blob/master/img/jwt-auth-example.gif?raw=true) diff --git a/composer.json b/composer.json index 2a716ae..83e8414 100644 --- a/composer.json +++ b/composer.json @@ -17,7 +17,7 @@ "wpunit-test": "vendor/bin/codecept run wpunit" }, "require": { - "firebase/php-jwt": "^4.0" + "firebase/php-jwt": "^5.0" }, "require-dev": { "lucatume/wp-browser": ">=2.2.1 <2.2.8" diff --git a/src/Auth.php b/src/Auth.php index ec0ea38..d8afa2b 100644 --- a/src/Auth.php +++ b/src/Auth.php @@ -23,7 +23,7 @@ class Auth { public static function get_secret_key() { // Use the defined secret key, if it exists - $secret_key = defined( 'GRAPHQL_JWT_AUTH_SECRET_KEY' ) && ! empty( GRAPHQL_JWT_AUTH_SECRET_KEY ) ? GRAPHQL_JWT_AUTH_SECRET_KEY : 'graphql-jwt-auth'; + $secret_key = defined( 'GRAPHQL_JWT_AUTH_SECRET_KEY' ) && ! empty( GRAPHQL_JWT_AUTH_SECRET_KEY ) ? GRAPHQL_JWT_AUTH_SECRET_KEY : null; return apply_filters( 'graphql_jwt_auth_secret_key', $secret_key ); } @@ -105,19 +105,17 @@ public static function get_token_expiration() { /** * Set the expiration time, default is 300 seconds. */ - $expiration = self::get_token_issued() + 300; + $expiration = 300; /** - * Determine the expiration value. Default is 7 days, but is filterable to be configured as needed + * Determine the expiration value. Default is 5 minutes, but is filterable to be configured as needed * * @param string $expiration The timestamp for when the token should expire */ - self::$expiration = apply_filters( 'graphql_jwt_auth_expire', $expiration ); - + self::$expiration = self::get_token_issued() + apply_filters( 'graphql_jwt_auth_expire', $expiration ); } return ! empty( self::$expiration ) ? self::$expiration : null; - } /** diff --git a/vendor/autoload.php b/vendor/autoload.php index 68e172e..4641934 100644 --- a/vendor/autoload.php +++ b/vendor/autoload.php @@ -4,4 +4,4 @@ require_once __DIR__ . '/composer/autoload_real.php'; -return ComposerAutoloaderInit2bca884894f5dad38a04fb4589efa493::getLoader(); +return ComposerAutoloaderInitb81212723df6ec6a4125604686c14dbf::getLoader(); diff --git a/vendor/composer/autoload_real.php b/vendor/composer/autoload_real.php index 456cf78..97fa063 100644 --- a/vendor/composer/autoload_real.php +++ b/vendor/composer/autoload_real.php @@ -2,7 +2,7 @@ // autoload_real.php @generated by Composer -class ComposerAutoloaderInit2bca884894f5dad38a04fb4589efa493 +class ComposerAutoloaderInitb81212723df6ec6a4125604686c14dbf { private static $loader; @@ -19,15 +19,15 @@ public static function getLoader() return self::$loader; } - spl_autoload_register(array('ComposerAutoloaderInit2bca884894f5dad38a04fb4589efa493', 'loadClassLoader'), true, true); + spl_autoload_register(array('ComposerAutoloaderInitb81212723df6ec6a4125604686c14dbf', 'loadClassLoader'), true, true); self::$loader = $loader = new \Composer\Autoload\ClassLoader(); - spl_autoload_unregister(array('ComposerAutoloaderInit2bca884894f5dad38a04fb4589efa493', 'loadClassLoader')); + spl_autoload_unregister(array('ComposerAutoloaderInitb81212723df6ec6a4125604686c14dbf', 'loadClassLoader')); $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded()); if ($useStaticLoader) { require_once __DIR__ . '/autoload_static.php'; - call_user_func(\Composer\Autoload\ComposerStaticInit2bca884894f5dad38a04fb4589efa493::getInitializer($loader)); + call_user_func(\Composer\Autoload\ComposerStaticInitb81212723df6ec6a4125604686c14dbf::getInitializer($loader)); } else { $map = require __DIR__ . '/autoload_namespaces.php'; foreach ($map as $namespace => $path) { diff --git a/vendor/composer/autoload_static.php b/vendor/composer/autoload_static.php index b5786ee..ccc36a0 100644 --- a/vendor/composer/autoload_static.php +++ b/vendor/composer/autoload_static.php @@ -4,7 +4,7 @@ namespace Composer\Autoload; -class ComposerStaticInit2bca884894f5dad38a04fb4589efa493 +class ComposerStaticInitb81212723df6ec6a4125604686c14dbf { public static $prefixLengthsPsr4 = array ( 'W' => @@ -42,9 +42,9 @@ class ComposerStaticInit2bca884894f5dad38a04fb4589efa493 public static function getInitializer(ClassLoader $loader) { return \Closure::bind(function () use ($loader) { - $loader->prefixLengthsPsr4 = ComposerStaticInit2bca884894f5dad38a04fb4589efa493::$prefixLengthsPsr4; - $loader->prefixDirsPsr4 = ComposerStaticInit2bca884894f5dad38a04fb4589efa493::$prefixDirsPsr4; - $loader->classMap = ComposerStaticInit2bca884894f5dad38a04fb4589efa493::$classMap; + $loader->prefixLengthsPsr4 = ComposerStaticInitb81212723df6ec6a4125604686c14dbf::$prefixLengthsPsr4; + $loader->prefixDirsPsr4 = ComposerStaticInitb81212723df6ec6a4125604686c14dbf::$prefixDirsPsr4; + $loader->classMap = ComposerStaticInitb81212723df6ec6a4125604686c14dbf::$classMap; }, null, ClassLoader::class); } diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json index 7a72f15..a0b0f80 100644 --- a/vendor/composer/installed.json +++ b/vendor/composer/installed.json @@ -1,23 +1,26 @@ [ { "name": "firebase/php-jwt", - "version": "v4.0.0", - "version_normalized": "4.0.0.0", + "version": "v5.1.0", + "version_normalized": "5.1.0.0", "source": { "type": "git", "url": "https://github.com/firebase/php-jwt.git", - "reference": "dccf163dc8ed7ed6a00afc06c51ee5186a428d35" + "reference": "4566062c68f76f43d44f1643f4970fe89757d4c6" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/firebase/php-jwt/zipball/dccf163dc8ed7ed6a00afc06c51ee5186a428d35", - "reference": "dccf163dc8ed7ed6a00afc06c51ee5186a428d35", + "url": "https://api.github.com/repos/firebase/php-jwt/zipball/4566062c68f76f43d44f1643f4970fe89757d4c6", + "reference": "4566062c68f76f43d44f1643f4970fe89757d4c6", "shasum": "" }, "require": { "php": ">=5.3.0" }, - "time": "2016-07-18T04:51:16+00:00", + "require-dev": { + "phpunit/phpunit": "^4.8|^5" + }, + "time": "2020-02-24T23:15:03+00:00", "type": "library", "installation-source": "dist", "autoload": { diff --git a/vendor/firebase/php-jwt/README.md b/vendor/firebase/php-jwt/README.md index d4589b1..9c8b545 100644 --- a/vendor/firebase/php-jwt/README.md +++ b/vendor/firebase/php-jwt/README.md @@ -23,7 +23,7 @@ Example use \Firebase\JWT\JWT; $key = "example_key"; -$token = array( +$payload = array( "iss" => "http://example.org", "aud" => "http://example.com", "iat" => 1356999524, @@ -36,7 +36,7 @@ $token = array( * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40 * for a list of spec-compliant algorithms. */ -$jwt = JWT::encode($token, $key); +$jwt = JWT::encode($payload, $key); $decoded = JWT::decode($jwt, $key, array('HS256')); print_r($decoded); @@ -58,12 +58,87 @@ $decoded_array = (array) $decoded; JWT::$leeway = 60; // $leeway in seconds $decoded = JWT::decode($jwt, $key, array('HS256')); +?> +``` +Example with RS256 (openssl) +---------------------------- +```php + "example.org", + "aud" => "example.com", + "iat" => 1356999524, + "nbf" => 1357000000 +); + +$jwt = JWT::encode($payload, $privateKey, 'RS256'); +echo "Encode:\n" . print_r($jwt, true) . "\n"; + +$decoded = JWT::decode($jwt, $publicKey, array('RS256')); + +/* + NOTE: This will now be an object instead of an associative array. To get + an associative array, you will need to cast it as such: +*/ + +$decoded_array = (array) $decoded; +echo "Decode:\n" . print_r($decoded_array, true) . "\n"; ?> ``` Changelog --------- +#### 5.0.0 / 2017-06-26 +- Support RS384 and RS512. + See [#117](https://github.com/firebase/php-jwt/pull/117). Thanks [@joostfaassen](https://github.com/joostfaassen)! +- Add an example for RS256 openssl. + See [#125](https://github.com/firebase/php-jwt/pull/125). Thanks [@akeeman](https://github.com/akeeman)! +- Detect invalid Base64 encoding in signature. + See [#162](https://github.com/firebase/php-jwt/pull/162). Thanks [@psignoret](https://github.com/psignoret)! +- Update `JWT::verify` to handle OpenSSL errors. + See [#159](https://github.com/firebase/php-jwt/pull/159). Thanks [@bshaffer](https://github.com/bshaffer)! +- Add `array` type hinting to `decode` method + See [#101](https://github.com/firebase/php-jwt/pull/101). Thanks [@hywak](https://github.com/hywak)! +- Add all JSON error types. + See [#110](https://github.com/firebase/php-jwt/pull/110). Thanks [@gbalduzzi](https://github.com/gbalduzzi)! +- Bugfix 'kid' not in given key list. + See [#129](https://github.com/firebase/php-jwt/pull/129). Thanks [@stampycode](https://github.com/stampycode)! +- Miscellaneous cleanup, documentation and test fixes. + See [#107](https://github.com/firebase/php-jwt/pull/107), [#115](https://github.com/firebase/php-jwt/pull/115), + [#160](https://github.com/firebase/php-jwt/pull/160), [#161](https://github.com/firebase/php-jwt/pull/161), and + [#165](https://github.com/firebase/php-jwt/pull/165). Thanks [@akeeman](https://github.com/akeeman), + [@chinedufn](https://github.com/chinedufn), and [@bshaffer](https://github.com/bshaffer)! + #### 4.0.0 / 2016-07-17 - Add support for late static binding. See [#88](https://github.com/firebase/php-jwt/pull/88) for details. Thanks to [@chappy84](https://github.com/chappy84)! - Use static `$timestamp` instead of `time()` to improve unit testing. See [#93](https://github.com/firebase/php-jwt/pull/93) for details. Thanks to [@josephmcdermott](https://github.com/josephmcdermott)! @@ -114,6 +189,12 @@ Time: 0 seconds, Memory: 2.50Mb OK (5 tests, 5 assertions) ``` +New Lines in private keys +----- + +If your private key contains `\n` characters, be sure to wrap it in double quotes `""` +and not single quotes `''` in order to properly interpret the escaped characters. + License ------- [3-Clause BSD](http://opensource.org/licenses/BSD-3-Clause). diff --git a/vendor/firebase/php-jwt/composer.json b/vendor/firebase/php-jwt/composer.json index 1a5e93b..9f1a42c 100644 --- a/vendor/firebase/php-jwt/composer.json +++ b/vendor/firebase/php-jwt/composer.json @@ -23,5 +23,7 @@ "Firebase\\JWT\\": "src" } }, - "minimum-stability": "dev" + "require-dev": { + "phpunit/phpunit": "^4.8|^5" + } } diff --git a/vendor/firebase/php-jwt/composer.lock b/vendor/firebase/php-jwt/composer.lock deleted file mode 100644 index 5518ae4..0000000 --- a/vendor/firebase/php-jwt/composer.lock +++ /dev/null @@ -1,19 +0,0 @@ -{ - "_readme": [ - "This file locks the dependencies of your project to a known state", - "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", - "This file is @generated automatically" - ], - "hash": "60a5df5d283a7ae9000173248eba8909", - "packages": [], - "packages-dev": [], - "aliases": [], - "minimum-stability": "dev", - "stability-flags": [], - "prefer-stable": false, - "prefer-lowest": false, - "platform": { - "php": ">=5.2.0" - }, - "platform-dev": [] -} diff --git a/vendor/firebase/php-jwt/package.xml b/vendor/firebase/php-jwt/package.xml deleted file mode 100644 index a95b056..0000000 --- a/vendor/firebase/php-jwt/package.xml +++ /dev/null @@ -1,77 +0,0 @@ - - - JWT - pear.php.net - A JWT encoder/decoder. - A JWT encoder/decoder library for PHP. - - Neuman Vong - lcfrs - neuman+pear@twilio.com - yes - - - Firebase Operations - firebase - operations@firebase.com - yes - - 2015-07-22 - - 3.0.0 - 3.0.0 - - - beta - beta - - BSD 3-Clause License - -Initial release with basic support for JWT encoding, decoding and signature verification. - - - - - - - - - - - - - 5.1 - - - 1.7.0 - - - json - - - hash - - - - - - - - 0.1.0 - 0.1.0 - - - beta - beta - - 2015-04-01 - BSD 3-Clause License - -Initial release with basic support for JWT encoding, decoding and signature verification. - - - - diff --git a/vendor/firebase/php-jwt/src/JWT.php b/vendor/firebase/php-jwt/src/JWT.php index 6d30e94..af20661 100644 --- a/vendor/firebase/php-jwt/src/JWT.php +++ b/vendor/firebase/php-jwt/src/JWT.php @@ -1,6 +1,7 @@ array('openssl', 'SHA256'), 'HS256' => array('hash_hmac', 'SHA256'), - 'HS512' => array('hash_hmac', 'SHA512'), 'HS384' => array('hash_hmac', 'SHA384'), + 'HS512' => array('hash_hmac', 'SHA512'), 'RS256' => array('openssl', 'SHA256'), + 'RS384' => array('openssl', 'SHA384'), + 'RS512' => array('openssl', 'SHA512'), ); /** * Decodes a JWT string into a PHP object. * - * @param string $jwt The JWT - * @param string|array $key The key, or map of keys. - * If the algorithm used is asymmetric, this is the public key - * @param array $allowed_algs List of supported verification algorithms - * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' + * @param string $jwt The JWT + * @param string|array|resource $key The key, or map of keys. + * If the algorithm used is asymmetric, this is the public key + * @param array $allowed_algs List of supported verification algorithms + * Supported algorithms are 'ES256', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', and 'RS512' * * @return object The JWT's payload as a PHP object * @@ -64,16 +71,13 @@ class JWT * @uses jsonDecode * @uses urlsafeB64Decode */ - public static function decode($jwt, $key, $allowed_algs = array()) + public static function decode($jwt, $key, array $allowed_algs = array()) { $timestamp = is_null(static::$timestamp) ? time() : static::$timestamp; if (empty($key)) { throw new InvalidArgumentException('Key may not be empty'); } - if (!is_array($allowed_algs)) { - throw new InvalidArgumentException('Algorithm not allowed'); - } $tks = explode('.', $jwt); if (count($tks) != 3) { throw new UnexpectedValueException('Wrong number of segments'); @@ -85,8 +89,9 @@ public static function decode($jwt, $key, $allowed_algs = array()) if (null === $payload = static::jsonDecode(static::urlsafeB64Decode($bodyb64))) { throw new UnexpectedValueException('Invalid claims encoding'); } - $sig = static::urlsafeB64Decode($cryptob64); - + if (false === ($sig = static::urlsafeB64Decode($cryptob64))) { + throw new UnexpectedValueException('Invalid signature encoding'); + } if (empty($header->alg)) { throw new UnexpectedValueException('Empty algorithm'); } @@ -96,8 +101,16 @@ public static function decode($jwt, $key, $allowed_algs = array()) if (!in_array($header->alg, $allowed_algs)) { throw new UnexpectedValueException('Algorithm not allowed'); } + if ($header->alg === 'ES256') { + // OpenSSL expects an ASN.1 DER sequence for ES256 signatures + $sig = self::signatureToDER($sig); + } + if (is_array($key) || $key instanceof \ArrayAccess) { if (isset($header->kid)) { + if (!isset($key[$header->kid])) { + throw new UnexpectedValueException('"kid" invalid, unable to lookup correct key'); + } $key = $key[$header->kid]; } else { throw new UnexpectedValueException('"kid" empty, unable to lookup correct key'); @@ -109,7 +122,7 @@ public static function decode($jwt, $key, $allowed_algs = array()) throw new SignatureInvalidException('Signature verification failed'); } - // Check if the nbf if it is defined. This is the time that the + // Check the nbf if it is defined. This is the time that the // token can actually be used. If it's not yet that time, abort. if (isset($payload->nbf) && $payload->nbf > ($timestamp + static::$leeway)) { throw new BeforeValidException( @@ -141,7 +154,7 @@ public static function decode($jwt, $key, $allowed_algs = array()) * @param string $key The secret key. * If the algorithm used is asymmetric, this is the private key * @param string $alg The signing algorithm. - * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' + * Supported algorithms are 'ES256', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', and 'RS512' * @param mixed $keyId * @param array $head An array with header elements to attach * @@ -156,7 +169,7 @@ public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $he if ($keyId !== null) { $header['kid'] = $keyId; } - if ( isset($head) && is_array($head) ) { + if (isset($head) && is_array($head)) { $header = array_merge($head, $header); } $segments = array(); @@ -176,7 +189,7 @@ public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $he * @param string $msg The message to sign * @param string|resource $key The secret key * @param string $alg The signing algorithm. - * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' + * Supported algorithms are 'ES256', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', and 'RS512' * * @return string An encrypted message * @@ -188,7 +201,7 @@ public static function sign($msg, $key, $alg = 'HS256') throw new DomainException('Algorithm not supported'); } list($function, $algorithm) = static::$supported_algs[$alg]; - switch($function) { + switch ($function) { case 'hash_hmac': return hash_hmac($algorithm, $msg, $key, true); case 'openssl': @@ -197,6 +210,9 @@ public static function sign($msg, $key, $alg = 'HS256') if (!$success) { throw new DomainException("OpenSSL unable to sign data"); } else { + if ($alg === 'ES256') { + $signature = self::signatureFromDER($signature, 256); + } return $signature; } } @@ -222,14 +238,18 @@ private static function verify($msg, $signature, $key, $alg) } list($function, $algorithm) = static::$supported_algs[$alg]; - switch($function) { + switch ($function) { case 'openssl': $success = openssl_verify($msg, $signature, $key, $algorithm); - if (!$success) { - throw new DomainException("OpenSSL unable to verify data: " . openssl_error_string()); - } else { - return $signature; + if ($success === 1) { + return true; + } elseif ($success === 0) { + return false; } + // returns 1 on success, 0 on failure, -1 on error. + throw new DomainException( + 'OpenSSL error: ' . openssl_error_string() + ); case 'hash_hmac': default: $hash = hash_hmac($algorithm, $msg, $key, true); @@ -275,7 +295,7 @@ public static function jsonDecode($input) $obj = json_decode($json_without_bigints); } - if (function_exists('json_last_error') && $errno = json_last_error()) { + if ($errno = json_last_error()) { static::handleJsonError($errno); } elseif ($obj === null && $input !== 'null') { throw new DomainException('Null result with non-null input'); @@ -295,7 +315,7 @@ public static function jsonDecode($input) public static function jsonEncode($input) { $json = json_encode($input); - if (function_exists('json_last_error') && $errno = json_last_error()) { + if ($errno = json_last_error()) { static::handleJsonError($errno); } elseif ($json === 'null' && $input !== null) { throw new DomainException('Null result with non-null input'); @@ -343,8 +363,10 @@ private static function handleJsonError($errno) { $messages = array( JSON_ERROR_DEPTH => 'Maximum stack depth exceeded', + JSON_ERROR_STATE_MISMATCH => 'Invalid or malformed JSON', JSON_ERROR_CTRL_CHAR => 'Unexpected control character found', - JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON' + JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON', + JSON_ERROR_UTF8 => 'Malformed UTF-8 characters' //PHP >= 5.3.3 ); throw new DomainException( isset($messages[$errno]) @@ -356,7 +378,7 @@ private static function handleJsonError($errno) /** * Get the number of bytes in cryptographic strings. * - * @param string + * @param string $str * * @return int */ @@ -367,4 +389,126 @@ private static function safeStrlen($str) } return strlen($str); } + + /** + * Convert an ECDSA signature to an ASN.1 DER sequence + * + * @param string $sig The ECDSA signature to convert + * @return string The encoded DER object + */ + private static function signatureToDER($sig) + { + // Separate the signature into r-value and s-value + list($r, $s) = str_split($sig, (int) (strlen($sig) / 2)); + + // Trim leading zeros + $r = ltrim($r, "\x00"); + $s = ltrim($s, "\x00"); + + // Convert r-value and s-value from unsigned big-endian integers to + // signed two's complement + if (ord($r[0]) > 0x7f) { + $r = "\x00" . $r; + } + if (ord($s[0]) > 0x7f) { + $s = "\x00" . $s; + } + + return self::encodeDER( + self::ASN1_SEQUENCE, + self::encodeDER(self::ASN1_INTEGER, $r) . + self::encodeDER(self::ASN1_INTEGER, $s) + ); + } + + /** + * Encodes a value into a DER object. + * + * @param int $type DER tag + * @param string $value the value to encode + * @return string the encoded object + */ + private static function encodeDER($type, $value) + { + $tag_header = 0; + if ($type === self::ASN1_SEQUENCE) { + $tag_header |= 0x20; + } + + // Type + $der = chr($tag_header | $type); + + // Length + $der .= chr(strlen($value)); + + return $der . $value; + } + + /** + * Encodes signature from a DER object. + * + * @param string $der binary signature in DER format + * @param int $keySize the nubmer of bits in the key + * @return string the signature + */ + private static function signatureFromDER($der, $keySize) + { + // OpenSSL returns the ECDSA signatures as a binary ASN.1 DER SEQUENCE + list($offset, $_) = self::readDER($der); + list($offset, $r) = self::readDER($der, $offset); + list($offset, $s) = self::readDER($der, $offset); + + // Convert r-value and s-value from signed two's compliment to unsigned + // big-endian integers + $r = ltrim($r, "\x00"); + $s = ltrim($s, "\x00"); + + // Pad out r and s so that they are $keySize bits long + $r = str_pad($r, $keySize / 8, "\x00", STR_PAD_LEFT); + $s = str_pad($s, $keySize / 8, "\x00", STR_PAD_LEFT); + + return $r . $s; + } + + /** + * Reads binary DER-encoded data and decodes into a single object + * + * @param string $der the binary data in DER format + * @param int $offset the offset of the data stream containing the object + * to decode + * @return array [$offset, $data] the new offset and the decoded object + */ + private static function readDER($der, $offset = 0) + { + $pos = $offset; + $size = strlen($der); + $constructed = (ord($der[$pos]) >> 5) & 0x01; + $type = ord($der[$pos++]) & 0x1f; + + // Length + $len = ord($der[$pos++]); + if ($len & 0x80) { + $n = $len & 0x1f; + $len = 0; + while ($n-- && $pos < $size) { + $len = ($len << 8) | ord($der[$pos++]); + } + } + + // Value + if ($type == self::ASN1_BIT_STRING) { + $pos++; // Skip the first contents octet (padding indicator) + $data = substr($der, $pos, $len - 1); + if (!$ignore_bit_strings) { + $pos += $len - 1; + } + } elseif (!$constructed) { + $data = substr($der, $pos, $len); + $pos += $len; + } else { + $data = null; + } + + return array($pos, $data); + } } diff --git a/wp-graphql-jwt-authentication.php b/wp-graphql-jwt-authentication.php index 3575585..5c90901 100644 --- a/wp-graphql-jwt-authentication.php +++ b/wp-graphql-jwt-authentication.php @@ -7,7 +7,7 @@ * Author URI: https://www.wpgraphql.com * Text Domain: wp-graphql-jwt-authentication-jwt-authentication * Domain Path: /languages - * Version: 0.4.0 + * Version: 0.4.1 * Requires at least: 4.7.0 * Tested up to: 4.8.3 * Requires PHP: 5.5 @@ -113,7 +113,7 @@ public function __wakeup() { private function setup_constants() { // Plugin version. if ( ! defined( 'WPGRAPHQL_JWT_AUTHENTICATION_VERSION' ) ) { - define( 'WPGRAPHQL_JWT_AUTHENTICATION_VERSION', '0.4.0' ); + define( 'WPGRAPHQL_JWT_AUTHENTICATION_VERSION', '0.4.1' ); } // Plugin Folder Path. @@ -189,12 +189,20 @@ private static function init() { * response status to 403. */ add_action( 'init_graphql_request', function() { - $token = Auth::validate_token(); - if ( is_wp_error( $token ) ) { - add_action( 'graphql_before_resolve_field', function() use ( $token ) { - throw new \Exception( $token->get_error_code() . ' | ' . $token->get_error_message() ); - }, 1 ); + + $jwt_secret = Auth::get_secret_key(); + if ( empty( $jwt_secret ) || 'graphql-jwt-auth' === $jwt_secret ) { + throw new \Exception( __( 'You must define the GraphQL JWT Auth secret to use the WPGraphQL JWT Authentication plugin.', 'graphql-jwt-auth' ) ); + } else { + $token = Auth::validate_token(); + if ( is_wp_error( $token ) ) { + add_action( 'graphql_before_resolve_field', function() use ( $token ) { + throw new \Exception( $token->get_error_code() . ' | ' . $token->get_error_message() ); + }, 1 ); + } } + + } ); }