Add none algorithm support

Author: cdoco

README.md

@@ -23,8 +23,8 @@ $ make && make install
 ## Quick Example
 
 ```php
-$key = "example_key";
-$claims = array(
+$key = "example-hmac-key";
+$payload = array(
     "data" => [
         "name" => "ZiHang Gao",
         "admin" => true
@@ -34,7 +34,7 @@ $claims = array(
 );
 
 // default HS256 algorithm
-$token = jwt_encode($claims, $key);
+$token = jwt_encode($payload, $key);
 
 echo $token . PHP_EOL;
 //eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.
@@ -63,14 +63,14 @@ Array
 
 ![Benchmarks](https://cdoco.com/images/jwt-benchmarks.png "Benchmarks")
 
-## Methods
+## Functions
 
 ```php
 //encode
 string jwt_encode(array $claims, string $key [, string $alg = 'HS256'])
 
 //decode
-array jwt_decode(string $token, string $key [, string $alg = 'HS256'])
+array jwt_decode(string $token, string $key [, array $options = ['algorithm' => 'HS256']])
 ```
 
 ## The algorithm of support

example/ecdsa.php

@@ -17,7 +17,7 @@
 -----END PUBLIC KEY-----
 EOD;
 
-$claims = array(
+$payload = array(
     "data" => [
         "name" => "ZiHang Gao",
         "admin" => true
@@ -26,7 +26,7 @@
     "sub" => "1234567890",
 );
 
-$token = jwt_encode($claims, $privateKey, 'ES256');
+$token = jwt_encode($payload, $privateKey, 'ES256');
 
 echo $token . PHP_EOL;
-print_r(jwt_decode($token, $publicKey, 'ES256'));
+print_r(jwt_decode($token, $publicKey, ['algorithm' => 'ES256']));

example/hmac.php

@@ -1,7 +1,7 @@
 <?php
 
 $key = "example_key";
-$claims = array(
+$payload = array(
     "data" => [
         "name" => "ZiHang Gao",
         "admin" => true
@@ -11,7 +11,7 @@
 );
 
 // default HS256 algorithm
-$token = jwt_encode($claims, $key);
+$token = jwt_encode($payload, $key);
 
 echo $token . PHP_EOL;
 print_r(jwt_decode($token, $key));

example/none.php

@@ -0,0 +1,16 @@
+<?php
+
+$payload = array(
+    "data" => [
+        "name" => "ZiHang Gao",
+        "admin" => true
+    ],
+    "iss" => "http://example.org",
+    "sub" => "1234567890",
+);
+
+// none algorithm
+$token = jwt_encode($payload, null, 'none');
+
+echo $token . PHP_EOL;
+print_r(jwt_decode($token, null, false));

example/rsa.php

@@ -28,7 +28,7 @@
 -----END PUBLIC KEY-----
 EOD;
 
-$claims = array(
+$payload = array(
     "data" => [
         "name" => "ZiHang Gao",
         "admin" => true
@@ -37,7 +37,7 @@
     "sub" => "1234567890",
 );
 
-$token = jwt_encode($claims, $privateKey, 'RS256');
+$token = jwt_encode($payload, $privateKey, 'RS256');
 
 echo $token . PHP_EOL;
-print_r(jwt_decode($token, $publicKey, 'RS256'));
+print_r(jwt_decode($token, $publicKey, ['algorithm' => 'RS256']));

jwt.c

@@ -229,14 +229,13 @@ void jwt_parse_body(char *body, zval *return_value)
     zend_string_free(vs);
 }
 
-
 PHP_FUNCTION(jwt_encode)
 {
     zval *claims = NULL, header;
     zend_string *key = NULL;
     smart_str json_header = {0}, json_claims = {0}, segments = {0};
 
-    char *sig = NULL, *alg = NULL;
+    char *sig = NULL, *alg = "HS256";
     unsigned int sig_len;
     size_t alg_len;
     jwt_t *jwt = NULL;
@@ -248,9 +247,6 @@ PHP_FUNCTION(jwt_encode)
     /* init jwt */
     jwt_new(&jwt);
 
-    /* not set algorithm */
-    alg = (alg == NULL) ? "HS256" : alg;
-
     /* check algorithm */
     jwt->alg = jwt_str_alg(alg);
 
@@ -280,23 +276,29 @@ PHP_FUNCTION(jwt_encode)
     smart_str_free(&json_header);
     smart_str_free(&json_claims);
 
-    /* set jwt struct */
-    jwt->key = key;
-    jwt->str = segments.s;
-
     /* sign */
-    if (jwt_sign(jwt, &sig, &sig_len)) {
-        zend_throw_exception(zend_ce_exception, "Signature error", 0);
-        goto encode_done;
-    }
+    if (jwt->alg == JWT_ALG_NONE) {
+        // alg none.
+		smart_str_appendl(&segments, ".", 1);
+    } else {
+        /* set jwt struct */
+        jwt->key = key;
+        jwt->str = segments.s;
+
+        /* sign */
+        if (jwt_sign(jwt, &sig, &sig_len)) {
+            zend_throw_exception(zend_ce_exception, "Signature error", 0);
+            goto encode_done;
+        }
 
-    /* string concatenation */
-    smart_str_appends(&segments, ".");
+        /* string concatenation */
+        smart_str_appends(&segments, ".");
 
-    zend_string *sig_str = zend_string_init(sig, sig_len, 0);
+        zend_string *sig_str = zend_string_init(sig, sig_len, 0);
 
-    smart_str_appends(&segments, jwt_b64_url_encode(sig_str));
-    zend_string_free(sig_str);
+        smart_str_appends(&segments, jwt_b64_url_encode(sig_str));
+        zend_string_free(sig_str);
+    }
 
     smart_str_0(&segments);
 
@@ -315,24 +317,42 @@ PHP_FUNCTION(jwt_encode)
 PHP_FUNCTION(jwt_decode)
 {
     zend_string *token = NULL, *key = NULL;
+    zval *options = NULL;
     smart_str segments = {0};
-    char *alg = NULL, *body = NULL, *sig = NULL;
-    size_t alg_len;
+    char *alg = "HS256", *body = NULL, *sig = NULL;
     jwt_t *jwt = NULL;
 
-    if (zend_parse_parameters(ZEND_NUM_ARGS(), "SS|s", &token, &key, &alg, &alg_len) == FAILURE) {
+    if (zend_parse_parameters(ZEND_NUM_ARGS(), "SS|z", &token, &key, &options) == FAILURE) {
         return;
     }
 
-    /* not set algorithm */
-    alg = (alg == NULL) ? "HS256" : alg;
-
     char *head = estrdup(ZSTR_VAL(token));
 
     /* jwt init */
     jwt_new(&jwt);
 
-    /* check algorithm */
+    /* check options */
+    if (options != NULL) {
+        switch(Z_TYPE_P(options)) {
+        case IS_ARRAY:
+            /* check algorithm */
+            {
+                zval *zv_algorithm = zend_hash_str_find(Z_ARRVAL_P(options), "algorithm", strlen("algorithm"));
+                if (zv_algorithm != NULL) {
+                    alg = Z_STRVAL_P(zv_algorithm);
+                }
+            }
+            break;
+        case IS_NULL:
+        case IS_FALSE:
+            alg = "none";
+            break;
+        default:
+            php_error(E_ERROR, "jwt wrong zval type");
+            break;
+        }
+    }
+
     jwt->alg = jwt_str_alg(alg);
 
     if (jwt->alg == JWT_ALG_INVAL) {
@@ -388,17 +408,22 @@ PHP_FUNCTION(jwt_decode)
     /* parse body */
     jwt_parse_body(body, return_value);
 
-    /* set jwt struct */
-    jwt->key = key;
+    /* verify */
+    if (jwt->alg == JWT_ALG_NONE) {
+        /* done */
+    } else {
+        /* set jwt struct */
+        jwt->key = key;
 
-    smart_str_appends(&segments, head);
-    smart_str_appends(&segments, ".");
-    smart_str_appends(&segments, body);
+        smart_str_appends(&segments, head);
+        smart_str_appends(&segments, ".");
+        smart_str_appends(&segments, body);
 
-    jwt->str = segments.s;
+        jwt->str = segments.s;
 
-    if (jwt_verify(jwt, sig)) {
-        zend_throw_exception(zend_ce_exception, "Signature verification failed", 0);
+        if (jwt_verify(jwt, sig)) {
+            zend_throw_exception(zend_ce_exception, "Signature verification failed", 0);
+        }
     }
 
     smart_str_free(&segments);
@@ -438,14 +463,14 @@ PHP_MINFO_FUNCTION(jwt)
     php_info_print_table_end();
 }
 
-static const zend_module_dep jwt_dep_deps[] = {
+static const zend_module_dep jwt_deps[] = {
     ZEND_MOD_REQUIRED("json")
     ZEND_MOD_END
 };
 
 zend_module_entry jwt_module_entry = {
     STANDARD_MODULE_HEADER_EX, NULL,
-    jwt_dep_deps,
+    jwt_deps,
     "jwt",
     jwt_functions,
     PHP_MINIT(jwt),

tests/002.phpt

@@ -5,7 +5,7 @@ Check for jwt HMAC algorithm (HS256)
 --FILE--
 <?php 
 $key = "example_key";
-$claims = array(
+$payload = array(
     "data" => [
         "name" => "ZiHang Gao",
         "admin" => true
@@ -14,7 +14,7 @@ $claims = array(
     "sub" => "1234567890",
 );
 
-$token = jwt_encode($claims, $key);
+$token = jwt_encode($payload, $key);
 
 echo $token . PHP_EOL;
 print_r(jwt_decode($token, $key));

tests/003.phpt

@@ -32,7 +32,7 @@ UnR8tSdwUqI3119zAQIDAQAB
 -----END PUBLIC KEY-----
 EOD;
 
-$claims = array(
+$payload = array(
     "data" => [
         "name" => "ZiHang Gao",
         "admin" => true
@@ -41,10 +41,10 @@ $claims = array(
     "sub" => "1234567890",
 );
 
-$token = jwt_encode($claims, $privateKey, 'RS256');
+$token = jwt_encode($payload, $privateKey, 'RS256');
 
 echo $token . PHP_EOL;
-print_r(jwt_decode($token, $publicKey, 'RS256'));
+print_r(jwt_decode($token, $publicKey, ['algorithm' => 'RS256']));
 ?>
 --EXPECT--
 eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7Im5hbWUiOiJaaUhhbmcgR2FvIiwiYWRtaW4iOnRydWV9LCJpc3MiOiJodHRwOlwvXC9leGFtcGxlLm9yZyIsInN1YiI6IjEyMzQ1Njc4OTAifQ.iSpiBRxW0RKDK0KZRDTwEQmllzkS-WQKMzQ8j3pSSA8NI3ukj0EjZCWIsWfgmb20xKViT5UhUAf_1UQwxwu5k0laEkJ8Ze04gj1P8KO--7BkxUFp4UerkDex49lwHSJmvTJBRZBy9t7BDqCaouEpUe0vZ6z_siMX95VMvVrk0g0

tests/004.phpt

@@ -21,7 +21,7 @@ qN3tlSZmUEZ3w3c6KYJfK97PMOSZQaUdeydBoq/IOglQQOj8zLqubq5IpaaUiDQ5
 -----END PUBLIC KEY-----
 EOD;
 
-$claims = array(
+$payload = array(
     "data" => [
         "name" => "ZiHang Gao",
         "admin" => true
@@ -30,8 +30,8 @@ $claims = array(
     "sub" => "1234567890",
 );
 
-$token = jwt_encode($claims, $privateKey, 'ES256');
-print_r(jwt_decode($token, $publicKey, 'ES256'));
+$token = jwt_encode($payload, $privateKey, 'ES256');
+print_r(jwt_decode($token, $publicKey, ['algorithm' => 'ES256']));
 ?>
 --EXPECT--
 Array

tests/005.phpt

@@ -0,0 +1,35 @@
+--TEST--
+Check for jwt none algorithm
+--SKIPIF--
+<?php if (!extension_loaded("jwt")) print "skip"; ?>
+--FILE--
+<?php 
+
+$payload = array(
+    "data" => [
+        "name" => "ZiHang Gao",
+        "admin" => true
+    ],
+    "iss" => "http://example.org",
+    "sub" => "1234567890",
+);
+
+// none algorithm
+$token = jwt_encode($payload, null, 'none');
+
+echo $token . PHP_EOL;
+print_r(jwt_decode($token, null, false));
+?>
+--EXPECT--
+eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJkYXRhIjp7Im5hbWUiOiJaaUhhbmcgR2FvIiwiYWRtaW4iOnRydWV9LCJpc3MiOiJodHRwOlwvXC9leGFtcGxlLm9yZyIsInN1YiI6IjEyMzQ1Njc4OTAifQ.
+Array
+(
+    [data] => Array
+        (
+            [name] => ZiHang Gao
+            [admin] => 1
+        )
+
+    [iss] => http://example.org
+    [sub] => 1234567890
+)