Skip to content

Commit

Permalink
added MD5 hashing algo support
Browse files Browse the repository at this point in the history
  • Loading branch information
gaokevin1 committed Dec 27, 2024
1 parent ff154bf commit ac32f86
Show file tree
Hide file tree
Showing 8 changed files with 85 additions and 25 deletions.
1 change: 1 addition & 0 deletions .phpunit.result.cache
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"version":1,"defects":{"Descope\\Tests\\Management\\UserPwdTest::testUserPasswordMD5":4},"times":{"Descope\\Tests\\Management\\UserPwdTest::testUserPasswordBcrypt":0.004,"Descope\\Tests\\Management\\UserPwdTest::testUserPasswordFirebase":0,"Descope\\Tests\\Management\\UserPwdTest::testUserPasswordPbkdf2":0,"Descope\\Tests\\Management\\UserPwdTest::testUserPasswordDjango":0,"Descope\\Tests\\Management\\UserPwdTest::testUserPasswordMD5":0,"Descope\\Tests\\Management\\UserPwdTest::testUserPasswordWithCleartext":0,"Descope\\Tests\\Management\\UserPwdTest::testUserPasswordWithHashedPassword":0}}
31 changes: 16 additions & 15 deletions src/SDK/DescopeSDK.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
use Descope\SDK\Auth\Management\Audit;
use Descope\SDK\EndpointsV1;
use Descope\SDK\EndpointsV2;
use Descope\SDK\Exception\AuthException;

use Descope\SDK\Management\MgmtV1;

Expand Down Expand Up @@ -62,10 +63,10 @@ public function __construct(array $config)
*/
public function verify($sessionToken = null): bool
{
$sessionToken = $sessionToken ?? $_COOKIE[EndpointsV1::SESSION_COOKIE_NAME] ?? null;
$sessionToken = $sessionToken ?? $_COOKIE[EndpointsV1::$SESSION_COOKIE_NAME] ?? null;

if (!$sessionToken) {
throw new \InvalidArgumentException('Session token is required.');
throw new \InvalidArgumentException('Session token cannot be null or empty.');
}

$verifier = new Verifier($this->config, $this->api);
Expand All @@ -81,10 +82,10 @@ public function verify($sessionToken = null): bool
*/
public function refreshSession($refreshToken = null): array
{
$refreshToken = $refreshToken ?? $_COOKIE[EndpointsV1::REFRESH_COOKIE_NAME] ?? null;
$refreshToken = $refreshToken ?? $_COOKIE[EndpointsV1::$REFRESH_COOKIE_NAME] ?? null;

if (empty($refreshToken)) {
throw new AuthException('Refresh token cannot be null or empty.');
throw new \InvalidArgumentException('Refresh token cannot be null or empty.');
}

try {
Expand All @@ -111,11 +112,11 @@ public function refreshSession($refreshToken = null): array
*/
public function verifyAndRefreshSession($sessionToken = null, $refreshToken = null): array
{
$sessionToken = $sessionToken ?? $_COOKIE[EndpointsV1::SESSION_COOKIE_NAME] ?? null;
$refreshToken = $refreshToken ?? $_COOKIE[EndpointsV1::REFRESH_COOKIE_NAME] ?? null;
$sessionToken = $sessionToken ?? $_COOKIE[EndpointsV1::$SESSION_COOKIE_NAME] ?? null;
$refreshToken = $refreshToken ?? $_COOKIE[EndpointsV1::$REFRESH_COOKIE_NAME] ?? null;

if (empty($sessionToken) || empty($refreshToken)) {
throw new AuthException(400, 'Session or refresh token cannot be null or empty.');
throw new \InvalidArgumentException('Session or refresh token cannot be null or empty.');
}

try {
Expand All @@ -135,10 +136,10 @@ public function verifyAndRefreshSession($sessionToken = null, $refreshToken = nu
*/
public function getClaims($token = null): array
{
$token = $token ?? $_COOKIE[EndpointsV1::SESSION_COOKIE_NAME] ?? null;
$token = $token ?? $_COOKIE[EndpointsV1::$SESSION_COOKIE_NAME] ?? null;

if (!$token) {
throw new \InvalidArgumentException('Token is required.');
throw new \InvalidArgumentException('Session token cannot be null or empty.');
}

$extractor = new Extractor($this->config);
Expand All @@ -154,10 +155,10 @@ public function getClaims($token = null): array
*/
public function getUserDetails(string $refreshToken = null): array
{
$refreshToken = $refreshToken ?? $_COOKIE[EndpointsV1::REFRESH_COOKIE_NAME] ?? null;
$refreshToken = $refreshToken ?? $_COOKIE[EndpointsV1::$REFRESH_COOKIE_NAME] ?? null;

if (!$refreshToken) {
throw new \InvalidArgumentException('Refresh token is required.');
throw new \InvalidArgumentException('Refresh token cannot be null or empty.');
}

try {
Expand All @@ -182,10 +183,10 @@ public function getUserDetails(string $refreshToken = null): array
*/
public function logout(string $refreshToken = null): void
{
$refreshToken = $refreshToken ?? $_COOKIE[EndpointsV1::REFRESH_COOKIE_NAME] ?? null;
$refreshToken = $refreshToken ?? $_COOKIE[EndpointsV1::$REFRESH_COOKIE_NAME] ?? null;

if (!$refreshToken) {
throw new \InvalidArgumentException('Refresh token is required.');
throw new \InvalidArgumentException('Refresh token cannot be null or empty.');
}

try {
Expand All @@ -212,10 +213,10 @@ public function logout(string $refreshToken = null): void
*/
public function logoutAll(string $refreshToken = null): void
{
$refreshToken = $refreshToken ?? $_COOKIE[EndpointsV1::REFRESH_COOKIE_NAME] ?? null;
$refreshToken = $refreshToken ?? $_COOKIE[EndpointsV1::$REFRESH_COOKIE_NAME] ?? null;

if (!$refreshToken) {
throw new \InvalidArgumentException('Refresh token is required.');
throw new \InvalidArgumentException('Refresh token cannot be null or empty.');
}

try {
Expand Down
41 changes: 41 additions & 0 deletions src/SDK/Management/Password/UserPasswordMD5.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
<?php
// phpcs:ignoreFile

declare(strict_types=1);

namespace Descope\SDK\Management\Password;

/**
* Class UserPasswordMD5
*
* Represents a user password hashed using the MD5 hashing scheme.
*
*/
class UserPasswordMD5
{
public string $hash;

/**
* Constructor to initialize MD5 password details.
*
* @param string $hash The MD5 hash in plaintext format.
*/
public function __construct(string $hash)
{
$this->hash = $hash;
}

/**
* Convert object data to an array format.
*
* @return array The password data as an associative array.
*/
public function toArray(): array
{
return [
'md5' => [
'hash' => $this->hash,
],
];
}
}
4 changes: 3 additions & 1 deletion src/SDK/Management/Role.php
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,10 @@ public function __construct(API $api)
* @return bool True if tenant permissions are valid, false otherwise.
* @throws AuthException If JWT response is invalid.
*/
public function validateTenantPermissions(array $jwtResponse, string $tenant = '', array $permissions): bool
public function validateTenantPermissions(array $jwtResponse, array $permissions, ?string $tenant = null): bool
{
$tenant = $tenant ?? '';

if (!is_array($permissions)) {
$permissions = [$permissions];
}
Expand Down
2 changes: 1 addition & 1 deletion src/SDK/Token/Extractor.php
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ public function parseToken(string $sessionToken): array

/**
* Validate a JWT using the provided JWK Set.
*/
*/
public function validateJWT(string $sessionToken): array
{
$useRefreshedKey = false;
Expand Down
14 changes: 9 additions & 5 deletions src/tests/DescopeSDKTest.php
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
<?php

namespace Descope\Tests;

use PHPUnit\Framework\TestCase;
use Descope\SDK\DescopeSDK;
use Descope\SDK\API;
use Descope\SDK\Configuration\SDKConfig;
use Descope\SDK\Auth\Password;
use Descope\SDK\Auth\SSO;
use Descope\SDK\Management\Management;

class DescopeSDKTest extends TestCase
final class DescopeSDKTest extends TestCase
{
private $config;
private $sdk;
Expand All @@ -21,9 +25,9 @@ protected function setUp(): void

public function testConstructorInitializesComponents()
{
$this->assertInstanceOf(SDKConfig::class, $this->sdk->password());
$this->assertInstanceOf(SDKConfig::class, $this->sdk->sso());
$this->assertInstanceOf(SDKConfig::class, $this->sdk->management());
$this->assertInstanceOf(Password::class, $this->sdk->password());
$this->assertInstanceOf(SSO::class, $this->sdk->sso());
$this->assertInstanceOf(Management::class, $this->sdk->management());
}

public function testVerifyThrowsExceptionWithoutToken()
Expand Down
14 changes: 14 additions & 0 deletions src/tests/Management/UserPwdTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
use Descope\SDK\Management\Password\UserPasswordFirebase;
use Descope\SDK\Management\Password\UserPasswordPbkdf2;
use Descope\SDK\Management\Password\UserPasswordDjango;
use Descope\SDK\Management\Password\UserPasswordMD5;

class UserPwdTest extends TestCase
{
Expand Down Expand Up @@ -81,6 +82,19 @@ public function testUserPasswordDjango()
$this->assertEquals($expectedArray, $userPasswordDjango->toArray());
}

public function testUserPasswordMD5()
{
$md5Hash = 'pbkdf2_sha256$30000$hashvalue';
$userPasswordMD5 = new UserPasswordMD5($md5Hash);
$expectedArray = [
'md5' => [
'hash' => $md5Hash,
],
];

$this->assertEquals($expectedArray, $userPasswordMD5->toArray());
}

public function testUserPasswordWithCleartext()
{
$cleartextPassword = 'mypassword';
Expand Down
3 changes: 0 additions & 3 deletions src/tests/Management/UserTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,6 @@
use Descope\SDK\DescopeSDK;
use Descope\SDK\Management\Password\UserPassword;
use Descope\SDK\Management\Password\UserPasswordBcrypt;
use Descope\SDK\Management\Password\UserPasswordFirebase;
use Descope\SDK\Management\Password\UserPasswordPbkdf2;
use Descope\SDK\Management\Password\UserPasswordDjango;
use Descope\SDK\Management\User;
use Descope\SDK\Management\AssociatedTenant;
use Descope\SDK\Management\UserObj;
Expand Down

0 comments on commit ac32f86

Please sign in to comment.