Merge pull request #10 from firebase/require-uid

v2.0.0

FirebaseToken.php

@@ -82,11 +82,17 @@ public function createToken($data, $options = null)
             $claims = $this->_processOptions($options);
         }
 
+        $this->_validateData($funcName, $data, ($claims["admin"] == true));
+
         $claims["d"] = $data;
         $claims["v"] = $this->version;
         $claims["iat"] = time();
 
-        return JWT::encode($claims, $this->secret, "HS256");
+        $token = JWT::encode($claims, $this->secret, "HS256");
+        if (strlen($token) > 1024) {
+            throw new Exception($funcName + ": generated token is too large.  Token cannot be larger than 1024 bytes.");
+        }
+        return $token;
     }
 
     /**
@@ -139,6 +145,25 @@ private static function _processOptions($options) {
         return $claims;
     }
 
+    /**
+     * Validates provided data object, throwing Exceptions where necessary.
+     *
+     * @param string $funcName the function name string for error message reporting.
+     * @param array $data the token data to be validated.
+     * @param boolean $isAdminToken whether the admin flag has been set.
+     */
+     private static function _validateData($funcName, $data, $isAdminToken) {
+        if (!is_null($data) && !is_array($data)) {
+            throw new Exception($funcName + ": data must be null or an associative array of token data.");
+        }
+        $containsUID = (is_array($data) && array_key_exists("uid", $data));
+        if ((!$containsUID && !$isAdminToken) || ($containsUID && !is_string($data["uid"]))) {
+            throw new Exception($funcName + ": data must contain a \"uid\" key that must be a string.");
+        } else if ($containsUID && (strlen($data["uid"]) > 256)) {
+            throw new Exception($funcName + ": data must contain a \"uid\" key that must not be longer than 256 bytes.");
+        }
+    }
+
     /**
      * @access  private
      * @param   int          $errno    An error number from json_last_error()

README.md

@@ -32,14 +32,17 @@ this snippet of PHP code:
   include_once "FirebaseToken.php";
 
   $tokenGen = new Services_FirebaseTokenGenerator("<YOUR_FIREBASE_SECRET>");
-  $token = $tokenGen->createToken(array("id" => "exampleID"));
+  $token = $tokenGen->createToken(array("uid" => "exampleID"));
 ?>
 ```
 
-The arbitrary payload object passed into `createToken()` is then available for use within your
+The payload passed to `createToken()` is made available for use within your
 security rules via the [`auth` variable](https://www.firebase.com/docs/security/api/rule/auth.html).
-This is how you pass trusted authentication details (e.g. the client's user ID) into your
-Firebase rules.
+This is how you pass trusted authentication details (e.g. the client's user ID)
+to your Firebase security rules. The payload can contain any data of your
+choosing, however it must contain a "uid" key, which must be a string of less
+than 256 characters. The generated token must be less than 1024 characters in
+total.
 
 
 ## Token Options
@@ -67,6 +70,6 @@ Here is an example of how to use the second `options` argument:
   include_once "FirebaseToken.php";
 
   $tokenGen = new Services_FirebaseTokenGenerator("<YOUR_FIREBASE_SECRET>");
-  $token = $tokenGen->createToken(array("id" => "exampleID"), array("admin" => True));
+  $token = $tokenGen->createToken(array("uid" => "exampleID"), array("admin" => True));
 ?>
 ```

composer.json

@@ -2,6 +2,7 @@
     "name": "firebase/token-generator",
     "description": "A simple library to generate JWT tokens for authenticating to a Firebase.",
     "homepage": "https://github.com/firebase/firebase-token-generator-php",
+    "version": "2.0.0",
     "authors": [
         {
             "name": "Anant Narayanan",

tests/FirebaseTokenTest.php

@@ -6,7 +6,7 @@ class FirebaseTokenTest extends PHPUnit_Framework_TestCase {
   function testCreate() {
     $key = "0014ae3b1ded44de9d9f6fc60dfd1c64";
     $tokenGen = new Services_FirebaseTokenGenerator($key);
-    $token = $tokenGen->createToken(array("foo" => "bar", "baz" => "boo"));
+    $token = $tokenGen->createToken(array("foo" => "bar", "baz" => "boo", "uid" => "blah"));
 
     $data = JWT::decode($token, $key);
     $this->assertEquals("bar", $data->d->foo);
@@ -33,7 +33,7 @@ function testExpires() {
     $key = "barfoo";
     $tokenGen = new Services_FirebaseTokenGenerator($key);
     $expires = time() + 1000;
-    $token = $tokenGen->createToken(null, array("expires" => $expires));
+    $token = $tokenGen->createToken(array("uid" => "blah"), array("expires" => $expires));
 
     $data = JWT::decode($token, $key);
     $this->assertEquals($expires, $data->exp);
@@ -43,11 +43,82 @@ function testNotBeforeObject() {
     $key = "barfoo";
     $tokenGen = new Services_FirebaseTokenGenerator($key);
     $notBefore = new DateTime("now", new DateTimeZone('America/Los_Angeles'));
-    $token = $tokenGen->createToken(null, array("notBefore" => $notBefore));
+    $token = $tokenGen->createToken(array("uid" => "blah"), array("notBefore" => $notBefore));
 
     $data = JWT::decode($token, $key);
     $this->assertEquals($notBefore->getTimestamp(), $data->nbf);
   }
+
+  function testNoUID() {
+    $key = "barfoo";
+    $tokenGen = new Services_FirebaseTokenGenerator($key);
+    $this->setExpectedException("Exception");
+    $token = $tokenGen->createToken(array("blah" => 5));
+  }
+
+  function testInvalidUID() {
+    $key = "barfoo";
+    $tokenGen = new Services_FirebaseTokenGenerator($key);
+    $this->setExpectedException("Exception");
+    $token = $tokenGen->createToken(array("uid" => 5, "blah" => 5));
+  }
+
+  function testUIDMaxLength() {
+    $key = "barfoo";
+    $tokenGen = new Services_FirebaseTokenGenerator($key);
+    //length:                                               10        20        30        40        50        60        70        80        90       100       110       120       130       140       150       160       170       180       190       200       210       220       230       240       250   256
+    $token = $tokenGen->createToken(array("uid" => "1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456"));
+  }
+
+  function testUIDTooLong() {
+    $key = "barfoo";
+    $tokenGen = new Services_FirebaseTokenGenerator($key);
+    $this->setExpectedException("Exception");
+    //length:                                               10        20        30        40        50        60        70        80        90       100       110       120       130       140       150       160       170       180       190       200       210       220       230       240       250    257
+    $token = $tokenGen->createToken(array("uid" => "12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567"));
+  }
+
+  function testUIDMinLength() {
+    $key = "barfoo";
+    $tokenGen = new Services_FirebaseTokenGenerator($key);
+    $token = $tokenGen->createToken(array("uid" => ""));
+  }
+
+  function testTokenTooLong() {
+    $key = "barfoo";
+    $tokenGen = new Services_FirebaseTokenGenerator($key);
+    $this->setExpectedException("Exception");
+    $token = $tokenGen->createToken(array("uid" => "blah", "longVar" => "123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345612345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234561234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456"));
+  }
+
+  function testNoUIDWithAdmin() {
+    $key = "barfoo";
+    $tokenGen = new Services_FirebaseTokenGenerator($key);
+    $token = $tokenGen->createToken(null, array("admin" => true));
+    $token = $tokenGen->createToken(array(), array("admin" => true));
+    $token = $tokenGen->createToken(array("foo" => "bar"), array("admin" => true));
+  }
+
+  function testInvalidUIDWithAdmin1() {
+    $key = "barfoo";
+    $tokenGen = new Services_FirebaseTokenGenerator($key);
+    $this->setExpectedException("Exception");
+    $token = $tokenGen->createToken(array("uid" => 1), array("admin" => true));
+  }
+
+  function testInvalidUIDWithAdmin2() {
+    $key = "barfoo";
+    $tokenGen = new Services_FirebaseTokenGenerator($key);
+    $this->setExpectedException("Exception");
+    $token = $tokenGen->createToken(array("uid" => null), array("admin" => true));
+  }
+
+  function testInvalidUIDWithAdmin3() {
+    $key = "barfoo";
+    $tokenGen = new Services_FirebaseTokenGenerator($key);
+    $this->setExpectedException("Exception");
+    $token = $tokenGen->createToken("foo", array("admin" => true));
+  }
 }
 
 ?>