From 195434fc283e2b60cd849bcff6b74421e3d6f06a Mon Sep 17 00:00:00 2001 From: Joachim Bauch Date: Fri, 17 Jun 2022 14:35:44 +0200 Subject: [PATCH] Update to php-jwt 6.2.0 --- 3rdparty/php-jwt | 2 +- appinfo/app.php | 17 +++++++++++++---- lib/Controller/ApiController.php | 4 +++- lib/Controller/ViewerController.php | 8 +++++--- 4 files changed, 22 insertions(+), 9 deletions(-) diff --git a/3rdparty/php-jwt b/3rdparty/php-jwt index bac0422..d28e6df 160000 --- a/3rdparty/php-jwt +++ b/3rdparty/php-jwt @@ -1 +1 @@ -Subproject commit bac0422822b92fe7a0ed1fc7b1b633d9efa37bae +Subproject commit d28e6df83830252650da4623c78aaaf98fb385f3 diff --git a/appinfo/app.php b/appinfo/app.php index 378e655..1c085ba 100644 --- a/appinfo/app.php +++ b/appinfo/app.php @@ -41,9 +41,18 @@ if (class_exists('\\OCP\\AppFramework\\Http\\EmptyContentSecurityPolicy')) { return new Capabilities(); }); -if (!class_exists('\\Firebase\\JWT\\JWT')) { +if (!class_exists('\\Firebase\\JWT\\BeforeValidException')) { require_once __DIR__ . "/../3rdparty/php-jwt/src/BeforeValidException.php"; - require_once __DIR__ . "/../3rdparty/php-jwt/src/ExpiredException.php"; - require_once __DIR__ . "/../3rdparty/php-jwt/src/SignatureInvalidException.php"; - require_once __DIR__ . "/../3rdparty/php-jwt/src/JWT.php"; +} +if (!class_exists('\\Firebase\\JWT\\ExpiredException')) { + require_once __DIR__ . "/../3rdparty/php-jwt/src/ExpiredException.php"; +} +if (!class_exists('\\Firebase\\JWT\\SignatureInvalidException')) { + require_once __DIR__ . "/../3rdparty/php-jwt/src/SignatureInvalidException.php"; +} +if (!class_exists('\\Firebase\\JWT\\JWT')) { + require_once __DIR__ . "/../3rdparty/php-jwt/src/JWT.php"; +} +if (!class_exists('\\Firebase\\JWT\\Key')) { + require_once __DIR__ . "/../3rdparty/php-jwt/src/Key.php"; } diff --git a/lib/Controller/ApiController.php b/lib/Controller/ApiController.php index d0f66a9..8df09fe 100644 --- a/lib/Controller/ApiController.php +++ b/lib/Controller/ApiController.php @@ -25,6 +25,7 @@ namespace OCA\Pdfdraw\Controller; use Doctrine\DBAL\Exception\UniqueConstraintViolationException; use \Firebase\JWT\JWT; +use \Firebase\JWT\Key; use OC\Files\Filesystem; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataDownloadResponse; @@ -100,7 +101,8 @@ class ApiController extends OCSController { } try { - $decoded = JWT::decode($token, $secret, array('HS256')); + $key = new Key($secret, 'HS256'); + $decoded = JWT::decode($token, $key); } catch (\Exception $e) { return null; } diff --git a/lib/Controller/ViewerController.php b/lib/Controller/ViewerController.php index aec7219..312daaa 100644 --- a/lib/Controller/ViewerController.php +++ b/lib/Controller/ViewerController.php @@ -24,6 +24,7 @@ declare(strict_types=1); namespace OCA\Pdfdraw\Controller; use \Firebase\JWT\JWT; +use \Firebase\JWT\Key; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\ContentSecurityPolicy; @@ -259,7 +260,7 @@ class ViewerController extends Controller { 'fileId' => $fileId, 'token' => $token, ]; - $jwt = JWT::encode($data, $secret); + $jwt = JWT::encode($data, $secret, 'HS256'); $fileUrl = $this->urlGenerator->linkToRouteAbsolute($this->appName . ".viewer.downloadFile", ["token" => $jwt]); @@ -404,7 +405,7 @@ class ViewerController extends Controller { 'displayname' => $displayName, 'permissions' => $permissions, ]; - $jwt = JWT::encode($token, $secret); + $jwt = JWT::encode($token, $secret, 'HS256'); } $params = [ 'urlGenerator' => $this->urlGenerator, @@ -447,7 +448,8 @@ class ViewerController extends Controller { public function downloadFile(string $token) { $secret = $this->getDownloadSecret(); try { - $data = JWT::decode($token, $secret, ['HS256']); + $key = new Key($secret, 'HS256'); + $data = JWT::decode($token, $key); } catch (\Exception $e) { $this->logger->logException($e, [ 'message' => 'download: ' . $token,