From b302c08cfff073c29bceb6bda7cefc80eb62eaa7 Mon Sep 17 00:00:00 2001 From: Aaron Parecki Date: Sat, 25 Jul 2015 16:49:07 -0700 Subject: [PATCH] lock to JWT 2.* version --- composer.json | 2 +- composer.lock | 22 +++++++++++----------- controllers/controllers.php | 7 ++++--- 3 files changed, 16 insertions(+), 15 deletions(-) diff --git a/composer.json b/composer.json index 1156a2b..a0003bd 100644 --- a/composer.json +++ b/composer.json @@ -8,7 +8,7 @@ "indieweb/date-formatter": "0.1.*", "indieauth/client": "0.1.3", "mpratt/relativetime": ">=1.0", - "firebase/php-jwt": "dev-master", + "firebase/php-jwt": "2.*", "ruudk/twitter-oauth": "dev-master", "andreyco/instagram": "3.*", "p3k/multipart": "*" diff --git a/composer.lock b/composer.lock index 819c8ea..530edb6 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "hash": "561c25a6b782004d9b05656de5d67971", + "hash": "ee4d8d4e5d4ced9e6a7191bd5bc1fa29", "packages": [ { "name": "andreyco/instagram", @@ -51,26 +51,27 @@ }, { "name": "firebase/php-jwt", - "version": "dev-master", + "version": "v2.2.0", "source": { "type": "git", "url": "https://github.com/firebase/php-jwt.git", - "reference": "fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1" + "reference": "e0a75bfb6413f22092c99b70f310ccb2cca3efa5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/firebase/php-jwt/zipball/fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1", - "reference": "fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1", + "url": "https://api.github.com/repos/firebase/php-jwt/zipball/e0a75bfb6413f22092c99b70f310ccb2cca3efa5", + "reference": "e0a75bfb6413f22092c99b70f310ccb2cca3efa5", "shasum": "" }, "require": { - "php": ">=5.3.0" + "php": ">=5.2.0" }, "type": "library", "autoload": { - "psr-4": { - "Firebase\\JWT\\": "src" - } + "classmap": [ + "Authentication/", + "Exceptions/" + ] }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -90,7 +91,7 @@ ], "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", "homepage": "https://github.com/firebase/php-jwt", - "time": "2015-07-22 18:31:08" + "time": "2015-06-22 23:26:39" }, { "name": "indieauth/client", @@ -565,7 +566,6 @@ "minimum-stability": "stable", "stability-flags": { "saltybeagle/savant3": 20, - "firebase/php-jwt": 20, "ruudk/twitter-oauth": 20 }, "prefer-stable": false, diff --git a/controllers/controllers.php b/controllers/controllers.php index fc8425c..b3e23a7 100644 --- a/controllers/controllers.php +++ b/controllers/controllers.php @@ -1,11 +1,10 @@ request()->params(); if(array_key_exists('token', $params)) { try { - $data = JWT::decode($params['token'], Config::$jwtSecret); + $data = JWT::decode($params['token'], Config::$jwtSecret, array('HS256')); $_SESSION['user_id'] = $data->user_id; $_SESSION['me'] = $data->me; } catch(DomainException $e) { @@ -194,12 +193,14 @@ $app->get('/privacy', function() use($app) { $app->get('/add-to-home', function() use($app) { $params = $app->request()->params(); + header("Cache-Control: no-cache, must-revalidate"); if(array_key_exists('token', $params) && !session('add-to-home-started')) { + unset($_SESSION['add-to-home-started']); // Verify the token and sign the user in try { - $data = JWT::decode($params['token'], Config::$jwtSecret); + $data = JWT::decode($params['token'], Config::$jwtSecret, array('HS256')); $_SESSION['user_id'] = $data->user_id; $_SESSION['me'] = $data->me; $app->redirect('/new', 301);