Merge pull request #39 from bizley/3.3.0

3.3.0
bizley · Jul 20, 2022 · e346ef8 · e346ef8
2 parents f68d484 + 1c806dd
commit e346ef8
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -9,7 +9,8 @@ This extension provides the [JWT](https://github.com/lcobucci/jwt) integration f
 
 > This is a fork of [sizeg/yii2-jwt](https://github.com/sizeg/yii2-jwt) package
 
-**Version 3.x of this package uses `lcobucci/jwt` [v4](https://github.com/lcobucci/jwt/releases/tag/4.0.0) and introduces critical BC changes, [see v4 lcobucci/jwt Upgrade Guide](https://lcobucci-jwt.readthedocs.io/en/latest/upgrading/).  
+**Version 3.x of this package uses `lcobucci/jwt` [v4](https://github.com/lcobucci/jwt/releases/tag/4.0.0) 
+and introduces critical BC changes, [see v4 lcobucci/jwt Upgrade Guide](https://lcobucci-jwt.readthedocs.io/en/latest/upgrading/).  
 For 2.x (and `lcobucci/jwt` v3) install `^2.0`.** 
 
 ## Installation
@@ -218,6 +219,9 @@ There are special options available:
 - auth - callable or `null` (default) - anonymous function with signature `function (\Lcobucci\JWT\Token $token)` that 
   should return identity of user authenticated with the JWT payload information. If $auth is not provided method 
   `yii\web\User::loginByAccessToken()` will be called instead.
+- throwException - _bool_ (default `true`) - whether the filter should throw an exception i.e. if the token has 
+  an invalid format. If there are multiple auth filters (CompositeAuth) it can make sense to "silent fail" and pass 
+  the validation process to the next filter on the composite auth list.
 
 For other configuration options refer to the [Yii 2 Guide](https://www.yiiframework.com/doc/guide/2.0/en/rest-authentication).
 

diff --git a/infection.json.dist b/infection.json.dist
@@ -15,7 +15,7 @@
         "MethodCallRemoval": {
             "ignore": [
                 "bizley\\jwt\\Jwt::init::190",
-                "bizley\\jwt\\JwtHttpBearerAuth::init::69"
+                "bizley\\jwt\\JwtHttpBearerAuth::init::77"
             ]
         }
     },

diff --git a/src/JwtHttpBearerAuth.php b/src/JwtHttpBearerAuth.php
@@ -24,7 +24,7 @@
 /**
  * JwtHttpBearerAuth is an action filter that supports the authentication method based on HTTP Bearer JSON Web Token.
  *
- * You may use JwtHttpBearerAuth by attaching it as a behavior to a controller or module, like the following:
+ * You can use JwtHttpBearerAuth by attaching it as a behavior to a controller or a module, like in the following:
  *
  * ```php
  * public function behaviors()
@@ -43,31 +43,31 @@
 class JwtHttpBearerAuth extends HttpBearerAuth
 {
     /**
-     * @var string|array<string, mixed>|Jwt application component ID of the JWT handler, configuration array, or
-     * JWT handler object itself. By default, it assumes that component of ID "jwt" has been configured.
+     * @var string|array<string, mixed>|Jwt application component ID of the JWT handler, configuration array,
+     * or JWT handler object itself. By default, it assumes that component of ID "jwt" has been configured.
      */
     public $jwt = 'jwt';
 
     /**
-     * @var (callable(): mixed)|null anonymous function that should return identity of user authenticated with the JWT
-     * payload information. It should have the following signature:
+     * @var (callable(): mixed)|null anonymous function that should return identity of the user authenticated with
+     * the JWT payload information. It should have the following signature:
      *
      * ```php
      * function (Token $token)
      * ```
      *
-     * where $token is JSON Web Token provided in the HTTP header.
-     * If $auth is not provided method User::loginByAccessToken() will be called instead.
+     * where $token is the JSON Web Token provided in the HTTP header.
+     * If $auth is not provided, method User::loginByAccessToken() will be called instead.
      */
     public $auth;
 
     /**
-     * @var boolean Whether the filter should throw an exception i.e. if the token has an invalid format. If there are
-     * multiple auth filters (CompositeAuth) it can make sense to "silent fail" and pass the validation process to the next
-     * filter in the composite auth list. Default is true.
+     * @var bool Whether the filter should throw an exception i.e. if the token has an invalid format. If there are
+     * multiple auth filters (CompositeAuth) it can make sense to "silent fail" and pass the validation process to
+     * the next filter on the composite auth list. Default is true.
      * @since 3.3.0
      */
-    public $throwException = true;
+    public bool $throwException = true;
 
     /**
      * @throws InvalidConfigException

diff --git a/tests/BearerTest.php b/tests/BearerTest.php
@@ -278,4 +278,18 @@ public function testFailedToken(): void
         $controller->run('test');
         self::assertSame(14, $controller->flag);
     }
+
+    public function testSilentException(): void
+    {
+        $this->expectException(UnauthorizedHttpException::class);
+        $this->expectExceptionMessage('Your request was made with invalid or expired JSON Web Token.');
+        // instead of 'The JWT string must have two dots'
+
+        Yii::$app->request->headers->set('Authorization', 'Bearer InvalidToken');
+
+        /* @var $controller Controller */
+        $controller = Yii::$app->createController('test-auth')[0];
+        $controller->filterConfig['throwException'] = false;
+        $controller->run('filtered');
+    }
 }