From 6721a390f3f8a4cf5dc8aeaa2b5ef6d5f92be58b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jan 2022 13:12:35 +0000 Subject: [PATCH 1/7] Update firebase/php-jwt requirement from ^5.2 to ^5.2 || ^6.0 Updates the requirements on [firebase/php-jwt](https://github.com/firebase/php-jwt) to permit the latest version. - [Release notes](https://github.com/firebase/php-jwt/releases) - [Commits](https://github.com/firebase/php-jwt/compare/v5.2.0...v6.0.0) --- updated-dependencies: - dependency-name: firebase/php-jwt dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index ef9007a1..6726eed3 100644 --- a/composer.json +++ b/composer.json @@ -20,7 +20,7 @@ } ], "require": { - "firebase/php-jwt": "^5.2", + "firebase/php-jwt": "^5.2 || ^6.0", "guzzlehttp/guzzle": "^7.0", "phpseclib/phpseclib": "^2.0" }, From c85a332181e88a5d1d8e07ffd56082afab2c65bf Mon Sep 17 00:00:00 2001 From: Davo Date: Thu, 27 Jan 2022 10:29:34 -0600 Subject: [PATCH 2/7] MGMT-51 Fix tests --- composer.json | 2 +- src/LtiMessageLaunch.php | 16 +++++++++------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/composer.json b/composer.json index 6726eed3..1805e0ca 100644 --- a/composer.json +++ b/composer.json @@ -20,7 +20,7 @@ } ], "require": { - "firebase/php-jwt": "^5.2 || ^6.0", + "firebase/php-jwt": "^6.0", "guzzlehttp/guzzle": "^7.0", "phpseclib/phpseclib": "^2.0" }, diff --git a/src/LtiMessageLaunch.php b/src/LtiMessageLaunch.php index 4a680dc4..91aa123a 100644 --- a/src/LtiMessageLaunch.php +++ b/src/LtiMessageLaunch.php @@ -286,13 +286,15 @@ private function getPublicKey() foreach ($publicKeySet['keys'] as $key) { if ($key['kid'] == $this->jwt['header']['kid']) { try { - return openssl_pkey_get_details( - JWK::parseKeySet([ - 'keys' => [$key], - ])[$key['kid']] - ); + $keySet = JWK::parseKeySet([ + 'keys' => [$key], + ]); } catch (\Exception $e) { - return false; + // Do nothing + } + + if (isset($keySet[$key['kid']])) { + return $keySet[$key['kid']]; } } } @@ -385,7 +387,7 @@ private function validateJwtSignature() // Validate JWT signature try { - JWT::decode($this->request['id_token'], $public_key['key'], ['RS256']); + JWT::decode($this->request['id_token'], $public_key); } catch (ExpiredException $e) { // Error validating signature. throw new LtiException(static::ERR_INVALID_SIGNATURE); From 35da39313a29f77c72a0836311cd1056f00d35a6 Mon Sep 17 00:00:00 2001 From: Davo Date: Wed, 6 Apr 2022 13:42:17 -0500 Subject: [PATCH 3/7] MGMT-60 either version --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index ea8f63f5..def257aa 100644 --- a/composer.json +++ b/composer.json @@ -21,7 +21,7 @@ } ], "require": { - "firebase/php-jwt": "^6.0", + "firebase/php-jwt": "^5.2||^6.0", "guzzlehttp/guzzle": "^7.0", "phpseclib/phpseclib": "^2.0" }, From f48c99ff82bf77305b355437a713da2d73480259 Mon Sep 17 00:00:00 2001 From: Davo Date: Wed, 6 Apr 2022 13:44:40 -0500 Subject: [PATCH 4/7] MGMT-60 update version --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index def257aa..97a1e7a3 100644 --- a/composer.json +++ b/composer.json @@ -21,7 +21,7 @@ } ], "require": { - "firebase/php-jwt": "^5.2||^6.0", + "firebase/php-jwt": "^5.5||^6.0", "guzzlehttp/guzzle": "^7.0", "phpseclib/phpseclib": "^2.0" }, From 90c20df65220b5469a95c5a9249dc2eff991ebde Mon Sep 17 00:00:00 2001 From: Davo Date: Wed, 6 Apr 2022 14:02:32 -0500 Subject: [PATCH 5/7] MGMT-60 just 5.5 --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 97a1e7a3..249db826 100644 --- a/composer.json +++ b/composer.json @@ -21,7 +21,7 @@ } ], "require": { - "firebase/php-jwt": "^5.5||^6.0", + "firebase/php-jwt": "^5.5", "guzzlehttp/guzzle": "^7.0", "phpseclib/phpseclib": "^2.0" }, From 12093a4ee11cf095c81ba30afe30f56bfc662ce8 Mon Sep 17 00:00:00 2001 From: Davo Date: Wed, 6 Apr 2022 14:19:33 -0500 Subject: [PATCH 6/7] MGMT-61 fix test --- composer.json | 2 +- src/LtiMessageLaunch.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/composer.json b/composer.json index 249db826..5a9bcc86 100644 --- a/composer.json +++ b/composer.json @@ -21,7 +21,7 @@ } ], "require": { - "firebase/php-jwt": "^5.5", + "firebase/php-jwt": "^5.5|^6.0", "guzzlehttp/guzzle": "^7.0", "phpseclib/phpseclib": "^2.0" }, diff --git a/src/LtiMessageLaunch.php b/src/LtiMessageLaunch.php index 91aa123a..38c0d6ef 100644 --- a/src/LtiMessageLaunch.php +++ b/src/LtiMessageLaunch.php @@ -387,7 +387,7 @@ private function validateJwtSignature() // Validate JWT signature try { - JWT::decode($this->request['id_token'], $public_key); + JWT::decode($this->request['id_token'], $public_key, ['RS256']); } catch (ExpiredException $e) { // Error validating signature. throw new LtiException(static::ERR_INVALID_SIGNATURE); From f5e59f72466ce0bd4117e4937775c7942edd8c45 Mon Sep 17 00:00:00 2001 From: Davo Date: Wed, 6 Apr 2022 14:25:34 -0500 Subject: [PATCH 7/7] MGMT-61 update old packages --- .php-cs-fixer.php | 2 +- composer.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.php-cs-fixer.php b/.php-cs-fixer.php index 5d8afeaf..b3c8d618 100644 --- a/.php-cs-fixer.php +++ b/.php-cs-fixer.php @@ -2,7 +2,7 @@ require __DIR__.'/vendor/autoload.php'; -return (new \MattAllan\LaravelCodeStyle\Config()) +return (new \Jubeki\LaravelCodeStyle\Config()) ->setFinder( \PhpCsFixer\Finder::create() ->exclude(['bootstrap', 'docker', 'public', 'resources', 'storage']) diff --git a/composer.json b/composer.json index 5a9bcc86..eb8f94d4 100644 --- a/composer.json +++ b/composer.json @@ -26,7 +26,7 @@ "phpseclib/phpseclib": "^2.0" }, "require-dev": { - "matt-allan/laravel-code-style": "dev-main", + "jubeki/laravel-code-style": "^1.0", "mockery/mockery": "^1.4", "nesbot/carbon": "^2.43", "phpunit/phpunit": "^9.5"