lock to JWT 2.* version

9 years ago · b302c08cff
3 changed files with 16 additions and 15 deletions
--- a/composer.json
+++ b/composer.json
@ -8,7 +8,7 @@
    "indieweb/date-formatter": "0.1.*",
    "indieauth/client": "0.1.3",
    "mpratt/relativetime": ">=1.0",
-    "firebase/php-jwt": "dev-master",
+    "firebase/php-jwt": "2.*",
    "ruudk/twitter-oauth": "dev-master",
    "andreyco/instagram": "3.*",
    "p3k/multipart": "*"
--- a/composer.lock
+++ b/composer.lock
@ -4,7 +4,7 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
        "This file is @generated automatically"
    ],
-    "hash": "561c25a6b782004d9b05656de5d67971",
+    "hash": "ee4d8d4e5d4ced9e6a7191bd5bc1fa29",
    "packages": [
        {
            "name": "andreyco/instagram",
@ -51,26 +51,27 @@
        },
        {
            "name": "firebase/php-jwt",
-            "version": "dev-master",
+            "version": "v2.2.0",
            "source": {
                "type": "git",
                "url": "https://github.com/firebase/php-jwt.git",
-                "reference": "fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1"
+                "reference": "e0a75bfb6413f22092c99b70f310ccb2cca3efa5"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/firebase/php-jwt/zipball/fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1",
-                "reference": "fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1",
+                "url": "https://api.github.com/repos/firebase/php-jwt/zipball/e0a75bfb6413f22092c99b70f310ccb2cca3efa5",
+                "reference": "e0a75bfb6413f22092c99b70f310ccb2cca3efa5",
                "shasum": ""
            },
            "require": {
-                "php": ">=5.3.0"
+                "php": ">=5.2.0"
            },
            "type": "library",
            "autoload": {
-                "psr-4": {
-                    "Firebase\\JWT\\": "src"
-                }
+                "classmap": [
+                    "Authentication/",
+                    "Exceptions/"
+                ]
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
@ -90,7 +91,7 @@
            ],
            "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
            "homepage": "https://github.com/firebase/php-jwt",
-            "time": "2015-07-22 18:31:08"
+            "time": "2015-06-22 23:26:39"
        },
        {
            "name": "indieauth/client",
@ -565,7 +566,6 @@
    "minimum-stability": "stable",
    "stability-flags": {
        "saltybeagle/savant3": 20,
-        "firebase/php-jwt": 20,
        "ruudk/twitter-oauth": 20
    },
    "prefer-stable": false,
--- a/controllers/controllers.php
+++ b/controllers/controllers.php
@ -1,11 +1,10 @@
 <?php
-use Firebase\JWT\JWT;

 function require_login(&$app, $redirect=true) {
  $params = $app->request()->params();
  if(array_key_exists('token', $params)) {
    try {
-      $data = JWT::decode($params['token'], Config::$jwtSecret);
+      $data = JWT::decode($params['token'], Config::$jwtSecret, array('HS256'));
      $_SESSION['user_id'] = $data->user_id;
      $_SESSION['me'] = $data->me;
    } catch(DomainException $e) {
@ -194,12 +193,14 @@ $app->get('/privacy', function() use($app) {

 $app->get('/add-to-home', function() use($app) {
  $params = $app->request()->params();
+  header("Cache-Control: no-cache, must-revalidate");

  if(array_key_exists('token', $params) && !session('add-to-home-started')) {
+    unset($_SESSION['add-to-home-started']);

    // Verify the token and sign the user in
    try {
-      $data = JWT::decode($params['token'], Config::$jwtSecret);
+      $data = JWT::decode($params['token'], Config::$jwtSecret, array('HS256'));
      $_SESSION['user_id'] = $data->user_id;
      $_SESSION['me'] = $data->me;
      $app->redirect('/new', 301);