fix: Throw exception when required keys are not set.

Author: tymondesigns

src/Payload.php

@@ -205,6 +205,7 @@ public function offsetExists($key)
      * @param  mixed  $key
      * @return mixed
      */
+    #[\ReturnTypeWillChange]
     public function offsetGet($key)
     {
         return Arr::get($this->toArray(), $key);

src/Providers/JWT/Lcobucci.php

@@ -11,20 +11,21 @@
 
 namespace Tymon\JWTAuth\Providers\JWT;
 
+use Exception;
 use DateTimeImmutable;
 use DateTimeInterface;
-use Exception;
-use Illuminate\Support\Collection;
-use Lcobucci\JWT\Configuration;
 use Lcobucci\JWT\Signer;
-use Lcobucci\JWT\Signer\Ecdsa;
-use Lcobucci\JWT\Signer\Key\InMemory;
+use Lcobucci\JWT\Signer\Key;
 use Lcobucci\JWT\Signer\Rsa;
+use Lcobucci\JWT\Signer\Ecdsa;
+use Lcobucci\JWT\Configuration;
 use Lcobucci\JWT\Token\Builder;
+use Illuminate\Support\Collection;
+use Lcobucci\JWT\Signer\Key\InMemory;
 use Lcobucci\JWT\Token\RegisteredClaims;
-use Lcobucci\JWT\Validation\Constraint\SignedWith;
 use Tymon\JWTAuth\Contracts\Providers\JWT;
 use Tymon\JWTAuth\Exceptions\JWTException;
+use Lcobucci\JWT\Validation\Constraint\SignedWith;
 use Tymon\JWTAuth\Exceptions\TokenInvalidException;
 
 class Lcobucci extends Provider implements JWT
@@ -226,23 +227,55 @@ protected function isAsymmetric()
      * {@inheritdoc}
      *
      * @return \Lcobucci\JWT\Signer\Key
+     *
+     * @throws \Tymon\JWTAuth\Exceptions\JWTException
      */
     protected function getSigningKey()
     {
-        return $this->isAsymmetric()
-            ? InMemory::plainText($this->getPrivateKey(), $this->getPassphrase() ?? '')
-            : InMemory::plainText($this->getSecret());
+        if ($this->isAsymmetric()) {
+            if (! $privateKey = $this->getPrivateKey()) {
+                throw new JWTException('Private key is not set.');
+            }
+
+            return $this->getKey($privateKey, $this->getPassphrase() ?? '');
+        }
+
+        if (! $secret = $this->getSecret()) {
+            throw new JWTException('Secret is not set.');
+        }
+
+        return $this->getKey($secret);
     }
 
     /**
      * {@inheritdoc}
      *
      * @return \Lcobucci\JWT\Signer\Key
+     *
+     * @throws \Tymon\JWTAuth\Exceptions\JWTException
      */
     protected function getVerificationKey()
     {
-        return $this->isAsymmetric()
-            ? InMemory::plainText($this->getPublicKey())
-            : InMemory::plainText($this->getSecret());
+        if ($this->isAsymmetric()) {
+            if (! $public = $this->getPublicKey()) {
+                throw new JWTException('Public key is not set.');
+            }
+
+            return $this->getKey($public);
+        }
+
+        if (! $secret = $this->getSecret()) {
+            throw new JWTException('Secret is not set.');
+        }
+
+        return $this->getKey($secret);
+    }
+
+    /**
+     * Get the signing key instance.
+     */
+    protected function getKey(string $contents, string $passphrase = ''): Key
+    {
+        return InMemory::plainText($contents, $passphrase);
     }
 }

src/Providers/JWT/Provider.php

@@ -133,7 +133,7 @@ public function getKeys()
     /**
      * Get the public key used to sign tokens with an asymmetric algorithm.
      *
-     * @return resource|string|null
+     * @return string|null
      */
     public function getPublicKey()
     {
@@ -143,7 +143,7 @@ public function getPublicKey()
     /**
      * Get the private key used to sign tokens with an asymmetric algorithm.
      *
-     * @return resource|string|null
+     * @return string|null
      */
     public function getPrivateKey()
     {
@@ -164,7 +164,7 @@ public function getPassphrase()
     /**
      * Get the key used to sign the tokens.
      *
-     * @return resource|string|null
+     * @return string|null
      */
     protected function getSigningKey()
     {
@@ -174,7 +174,7 @@ protected function getSigningKey()
     /**
      * Get the key used to verify the tokens.
      *
-     * @return resource|string|null
+     * @return string|null
      */
     protected function getVerificationKey()
     {

tests/Providers/JWT/LcobucciTest.php

@@ -146,24 +146,68 @@ public function it_should_throw_a_token_invalid_exception_when_the_token_could_n
         $this->expectException(TokenInvalidException::class);
         $this->expectExceptionMessage('Could not decode token:');
 
-        $this->getProvider('secret', 'HS256')->decode('foo.bar.baz');
+        $this->getProvider('secret', Provider::ALGO_HS256)->decode('foo.bar.baz');
     }
 
     /** @test */
-    public function it_should_throw_a_exception_when_the_algorithm_passed_is_invalid()
+    public function it_should_throw_an_exception_when_the_algorithm_passed_is_invalid()
     {
         $this->expectException(JWTException::class);
         $this->expectExceptionMessage('The given algorithm could not be found');
 
         $this->getProvider('secret', 'INVALID_ALGO')->decode('foo.bar.baz');
     }
 
+    /** @test */
+    public function it_should_throw_an_exception_when_no_symmetric_key_is_provided_when_encoding()
+    {
+        $this->expectException(JWTException::class);
+        $this->expectExceptionMessage('Secret is not set.');
+
+        $this->getProvider(null, Provider::ALGO_HS256)->encode(['sub' => 1]);
+    }
+
+    /** @test */
+    public function it_should_throw_an_exception_when_no_symmetric_key_is_provided_when_decoding()
+    {
+        $this->expectException(JWTException::class);
+        $this->expectExceptionMessage('Secret is not set.');
+
+        $this->getProvider(null, Provider::ALGO_HS256)->decode('foo.bar.baz');
+    }
+
+    /** @test */
+    public function it_should_throw_an_exception_when_no_asymmetric_public_key_is_provided()
+    {
+        $this->expectException(JWTException::class);
+        $this->expectExceptionMessage('Public key is not set.');
+
+        $this->getProvider(
+            'does_not_matter',
+            Provider::ALGO_RS256,
+            ['private' => $this->getDummyPrivateKey(), 'public' => null]
+        )->decode('foo.bar.baz');
+    }
+
+    /** @test */
+    public function it_should_throw_an_exception_when_no_asymmetric_private_key_is_provided()
+    {
+        $this->expectException(JWTException::class);
+        $this->expectExceptionMessage('Private key is not set.');
+
+        $this->getProvider(
+            'does_not_matter',
+            Provider::ALGO_RS256,
+            ['private' => null, 'public' => $this->getDummyPublicKey()]
+        )->encode(['sub' => 1]);
+    }
+
     /** @test */
     public function it_should_return_the_public_key()
     {
         $provider = $this->getProvider(
             'does_not_matter',
-            'RS256',
+            Provider::ALGO_RS256,
             $keys = ['private' => $this->getDummyPrivateKey(), 'public' => $this->getDummyPublicKey()]
         );
 
@@ -175,7 +219,7 @@ public function it_should_return_the_keys()
     {
         $provider = $this->getProvider(
             'does_not_matter',
-            'RS256',
+            Provider::ALGO_RS256,
             $keys = ['private' => $this->getDummyPrivateKey(), 'public' => $this->getDummyPublicKey()]
         );