diff --git a/app/Authentication/AuthServiceProvider.php b/app/Authentication/AuthServiceProvider.php index 78375f002a..4e6f65ee2c 100644 --- a/app/Authentication/AuthServiceProvider.php +++ b/app/Authentication/AuthServiceProvider.php @@ -15,7 +15,6 @@ use CultuurNet\UDB3\Cache\CacheFactory; use CultuurNet\UDB3\Container\AbstractServiceProvider; use CultuurNet\UDB3\Http\Auth\Jwt\JsonWebToken; -use CultuurNet\UDB3\Http\Auth\Jwt\UitIdV1JwtValidator; use CultuurNet\UDB3\Http\Auth\Jwt\UitIdV2JwtValidator; use CultuurNet\UDB3\Http\Auth\RequestAuthenticatorMiddleware; use CultuurNet\UDB3\Impersonator; @@ -53,10 +52,6 @@ public function register(): void RequestAuthenticatorMiddleware::class, function () use ($container): RequestAuthenticatorMiddleware { $authenticator = new RequestAuthenticatorMiddleware( - new UitIdV1JwtValidator( - 'file://' . __DIR__ . '/../../' . $container->get('config')['jwt']['v1']['keys']['public']['file'], - $container->get('config')['jwt']['v1']['valid_issuers'] - ), $this->createUitIdV2JwtValidator($container), new CachedApiKeyAuthenticator( new CultureFeedApiKeyAuthenticator($container->get(ConsumerReadRepository::class)), diff --git a/src/Http/Auth/Jwt/JsonWebToken.php b/src/Http/Auth/Jwt/JsonWebToken.php index 1a410040ab..d977d2f357 100644 --- a/src/Http/Auth/Jwt/JsonWebToken.php +++ b/src/Http/Auth/Jwt/JsonWebToken.php @@ -23,7 +23,6 @@ final class JsonWebToken { - public const UIT_ID_V1_JWT_PROVIDER_TOKEN = 'uit_v1_jwt_provider_token'; public const UIT_ID_V2_JWT_PROVIDER_TOKEN = 'uit_v2_jwt_provider_token'; public const UIT_ID_V2_USER_ACCESS_TOKEN = 'uit_v2_user_access_token'; public const UIT_ID_V2_CLIENT_ACCESS_TOKEN = 'uit_v2_client_access_token'; @@ -53,11 +52,6 @@ public function __construct(string $jwt) */ public function getType(): string { - // V1 tokens had a non-standardized "uid" claim - if ($this->token->claims()->has('uid')) { - return self::UIT_ID_V1_JWT_PROVIDER_TOKEN; - } - // Because ID tokens from Keycloak always have a `azp` claim the `typ` claim can be used to verify if a Keycloak ID token is passed. if ($this->token->claims()->get('typ', '') === 'ID') { return self::UIT_ID_V2_JWT_PROVIDER_TOKEN; diff --git a/src/Http/Auth/Jwt/UitIdV1JwtValidator.php b/src/Http/Auth/Jwt/UitIdV1JwtValidator.php deleted file mode 100644 index 92e0b30b29..0000000000 --- a/src/Http/Auth/Jwt/UitIdV1JwtValidator.php +++ /dev/null @@ -1,25 +0,0 @@ -baseValidator = new GenericJwtValidator($publicKey, ['uid'], $validIssuers); - } - - public function verifySignature(JsonWebToken $token): void - { - $this->baseValidator->verifySignature($token); - } - - public function validateClaims(JsonWebToken $token): void - { - $this->baseValidator->validateClaims($token); - } -} diff --git a/src/Http/Auth/RequestAuthenticatorMiddleware.php b/src/Http/Auth/RequestAuthenticatorMiddleware.php index 919b47c1dc..af8d2cd0a0 100644 --- a/src/Http/Auth/RequestAuthenticatorMiddleware.php +++ b/src/Http/Auth/RequestAuthenticatorMiddleware.php @@ -43,8 +43,6 @@ final class RequestAuthenticatorMiddleware implements MiddlewareInterface private ?JsonWebToken $token = null; private ?ApiKey $apiKey = null; - - private JwtValidator $uitIdV1JwtValidator; private JwtValidator $uitIdV2JwtValidator; private ApiKeyAuthenticator $apiKeyAuthenticator; private ApiKeyConsumerReadRepository $apiKeyConsumerReadRepository; @@ -56,7 +54,6 @@ final class RequestAuthenticatorMiddleware implements MiddlewareInterface private ?ApiKeysMatchedToClientIds $apiKeysMatchedToClientIds; public function __construct( - JwtValidator $uitIdV1JwtValidator, JwtValidator $uitIdV2JwtValidator, ApiKeyAuthenticator $apiKeyAuthenticator, ApiKeyConsumerReadRepository $apiKeyConsumerReadRepository, @@ -65,7 +62,6 @@ public function __construct( ClientIdResolver $clientIdResolver, ?ApiKeysMatchedToClientIds $apiKeysMatchedToClientIds = null ) { - $this->uitIdV1JwtValidator = $uitIdV1JwtValidator; $this->uitIdV2JwtValidator = $uitIdV2JwtValidator; $this->apiKeyAuthenticator = $apiKeyAuthenticator; $this->apiKeyConsumerReadRepository = $apiKeyConsumerReadRepository; @@ -103,9 +99,9 @@ private function authenticate(ServerRequestInterface $request): void $this->authenticateToken($request); - // Requests that use a token from the JWT provider (v1 or v2) require an API key from UiTID v1. + // Requests that use a token from the JWT provider (v2) require an API key from UiTID v1. // Requests that use a token that they got from a clientId do not require an API key. - if ($this->token->getType() === JsonWebToken::UIT_ID_V1_JWT_PROVIDER_TOKEN || $this->token->getType() === JsonWebToken::UIT_ID_V2_JWT_PROVIDER_TOKEN) { + if ($this->token->getType() === JsonWebToken::UIT_ID_V2_JWT_PROVIDER_TOKEN) { $this->authenticateApiKey($request); } @@ -150,11 +146,8 @@ private function authenticateToken(ServerRequestInterface $request): void throw ApiProblem::unauthorized('Token "' . $tokenString . '" is not a valid JWT.'); } - $isV1 = $this->token->getType() === JsonWebToken::UIT_ID_V1_JWT_PROVIDER_TOKEN; - $validator = $isV1 ? $this->uitIdV1JwtValidator : $this->uitIdV2JwtValidator; - - $validator->verifySignature($this->token); - $validator->validateClaims($this->token); + $this->uitIdV2JwtValidator->verifySignature($this->token); + $this->uitIdV2JwtValidator->validateClaims($this->token); } private function authenticateApiKey(ServerRequestInterface $request): void diff --git a/tests/Http/Auth/Jwt/JsonWebTokenTest.php b/tests/Http/Auth/Jwt/JsonWebTokenTest.php index 4b083859a0..a59d37f9c0 100644 --- a/tests/Http/Auth/Jwt/JsonWebTokenTest.php +++ b/tests/Http/Auth/Jwt/JsonWebTokenTest.php @@ -36,21 +36,6 @@ public function it_returns_uid_claim_as_id_if_present(): void $this->assertEquals('6e3ef9b3-e37b-428e-af30-05f3a96dbbe4', $jwt->getUserId()); } - /** - * @test - */ - public function it_returns_uitid_v1_claim_as_id_if_present(): void - { - $jwt = JsonWebTokenFactory::createWithClaims( - [ - 'https://publiq.be/uitidv1id' => 'b55f041e-5c5e-4850-9fb8-8cf73d538c56', - 'sub' => 'auth0|ce6abd8f-b1e2-4bce-9dde-08af64438e87', - ] - ); - - $this->assertEquals('b55f041e-5c5e-4850-9fb8-8cf73d538c56', $jwt->getUserId()); - } - /** * @test */ @@ -113,15 +98,6 @@ public function it_returns_null_as_client_name_if_publiq_client_name_claim_is_mi $this->assertNull($jwt->getClientName()); } - /** - * @test - */ - public function it_returns_v1_jwt_provider_token_type_if_a_uid_claim_is_present(): void - { - $jwt = JsonWebTokenFactory::createWithClaims(['uid' => 'mock']); - $this->assertEquals(JsonWebToken::UIT_ID_V1_JWT_PROVIDER_TOKEN, $jwt->getType()); - } - /** * @test */ @@ -163,32 +139,6 @@ public function it_returns_v2_user_access_token_type_otherwise(): void $this->assertEquals(JsonWebToken::UIT_ID_V2_USER_ACCESS_TOKEN, $jwt->getType()); } - /** - * @test - */ - public function it_returns_user_identity_details_for_v1_jwt_provider_tokens(): void - { - $userIdentityResolver = $this->createMock(UserIdentityResolver::class); - $userIdentityResolver->expects($this->never()) - ->method('getUserById'); - - $v1Token = JsonWebTokenFactory::createWithClaims( - [ - 'uid' => 'c82bd40c-1932-4c45-bd5d-a76cc9907cee', - 'nick' => 'mock-nickname', - 'email' => 'mock@example.com', - ] - ); - - $details = new UserIdentityDetails( - 'c82bd40c-1932-4c45-bd5d-a76cc9907cee', - 'mock-nickname', - 'mock@example.com' - ); - - $this->assertEquals($details, $v1Token->getUserIdentityDetails($userIdentityResolver)); - } - /** * @test */