Fix usage of non JSON numeric values for time fractions

yassinrais · lcobucci · commit 9a961f4541ba · 2021-03-19T21:04:06.000+01:00
The RFC-7519 states that the `NumericDate` type is:

&gt; JSON numeric value representing the number of seconds from
&gt; 1970-01-01T00:00:00Z UTC until the specified UTC date/time, ignoring
&gt; leap seconds.

Then also mentions that time fractions (as covered by RFC-3339) are supported:

&gt; Seconds Since the Epoch", in which each day is accounted for by
&gt; exactly 86400 seconds, other than that non-integer values can be
&gt; represented.

While adding support for time fractions we've interpreted the
"non-integer" really as any "non-integer" value, and used strings to
guard against precision issues.

That causes issues, since a string isn't a "JSON numeric value"
according to the JSON specs.

We observed that the 6-digit precision is not lost when doing JSON
encode/decode operations, this applies that technique to make sure we
comply to the specs and have "rounding issues" when dealing with floats.
diff --git a/src/Encoding/MicrosecondBasedDateConversion.php b/src/Encoding/MicrosecondBasedDateConversion.php
@@ -25,16 +25,13 @@ public function formatClaims(array $claims): array
         return $claims;
     }
 
-    /** @return int|string */
+    /** @return int|float */
     private function convertDate(DateTimeImmutable $date)
     {
-        $seconds      = $date->format('U');
-        $microseconds = $date->format('u');
-
-        if ((int) $microseconds === 0) {
-            return (int) $seconds;
+        if ($date->format('u') === '000000') {
+            return (int) $date->format('U');
         }
 
-        return $seconds . '.' . $microseconds;
+        return (float) $date->format('U.u');
     }
 }
diff --git a/src/Token/Parser.php b/src/Token/Parser.php
@@ -12,8 +12,12 @@
 use function count;
 use function explode;
 use function is_array;
+use function is_string;
+use function json_encode;
 use function strpos;
 
+use const JSON_THROW_ON_ERROR;
+
 final class Parser implements ParserInterface
 {
     private Decoder $decoder;
@@ -105,7 +109,9 @@ private function parseClaims(string $data): array
                 continue;
             }
 
-            $claims[$claim] = $this->convertDate((string) $claims[$claim]);
+            $date = $claims[$claim];
+
+            $claims[$claim] = $this->convertDate(is_string($date) ? $date : json_encode($date, JSON_THROW_ON_ERROR));
         }
 
         return $claims;
diff --git a/test/unit/Encoding/ChainedFormatterTest.php b/test/unit/Encoding/ChainedFormatterTest.php
@@ -34,6 +34,6 @@ public function formatClaimsShouldApplyAllConfiguredFormatters(): void
         $formatted = $formatter->formatClaims($claims);
 
         self::assertSame('test', $formatted[RegisteredClaims::AUDIENCE]);
-        self::assertSame('1487285080.123456', $formatted[RegisteredClaims::EXPIRATION_TIME]);
+        self::assertSame(1487285080.123456, $formatted[RegisteredClaims::EXPIRATION_TIME]);
     }
 }
diff --git a/test/unit/Encoding/MicrosecondBasedDateConversionTest.php b/test/unit/Encoding/MicrosecondBasedDateConversionTest.php
@@ -36,8 +36,8 @@ public function dateClaimsHaveMicrosecondsOrSeconds(): void
         $formatted = $formatter->formatClaims($claims);
 
         self::assertSame(1487285080, $formatted[RegisteredClaims::ISSUED_AT]);
-        self::assertSame('1487285080.000123', $formatted[RegisteredClaims::NOT_BEFORE]);
-        self::assertSame('1487285080.123456', $formatted[RegisteredClaims::EXPIRATION_TIME]);
+        self::assertSame(1487285080.000123, $formatted[RegisteredClaims::NOT_BEFORE]);
+        self::assertSame(1487285080.123456, $formatted[RegisteredClaims::EXPIRATION_TIME]);
         self::assertSame('test', $formatted['testing']); // this should remain untouched
     }
 
@@ -62,7 +62,7 @@ public function notAllDateClaimsNeedToBeConfigured(): void
         $formatted = $formatter->formatClaims($claims);
 
         self::assertSame(1487285080, $formatted[RegisteredClaims::ISSUED_AT]);
-        self::assertSame('1487285080.123456', $formatted[RegisteredClaims::EXPIRATION_TIME]);
+        self::assertSame(1487285080.123456, $formatted[RegisteredClaims::EXPIRATION_TIME]);
         self::assertSame('test', $formatted['testing']); // this should remain untouched
     }
 }
diff --git a/test/unit/Token/ParserTest.php b/test/unit/Token/ParserTest.php
@@ -453,7 +453,7 @@ public function parseMustConvertDateClaimsToObjects(): void
     {
         $data = [
             RegisteredClaims::ISSUED_AT => 1486930663,
-            RegisteredClaims::EXPIRATION_TIME => '1486930757.023055',
+            RegisteredClaims::EXPIRATION_TIME => 1486930757.023055,
         ];
 
         $this->decoder->expects(self::exactly(2))

Original file line number	Diff line number	Diff line change
`@@ -25,16 +25,13 @@ public function formatClaims(array $claims): array`
`25`	`25`	`return $claims;`
`26`	`26`	`}`
`27`	`27`
`28`		`- /** @return int\|string */`
	`28`	`+ /** @return int\|float */`
`29`	`29`	`private function convertDate(DateTimeImmutable $date)`
`30`	`30`	`{`
`31`		`- $seconds = $date->format('U');`
`32`		`- $microseconds = $date->format('u');`
`33`		`-`
`34`		`- if ((int) $microseconds === 0) {`
`35`		`- return (int) $seconds;`
	`31`	`+ if ($date->format('u') === '000000') {`
	`32`	`+ return (int) $date->format('U');`
`36`	`33`	`}`
`37`	`34`
`38`		`- return $seconds . '.' . $microseconds;`
	`35`	`+ return (float) $date->format('U.u');`
`39`	`36`	`}`
`40`	`37`	`}`
Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,6 @@ public function formatClaimsShouldApplyAllConfiguredFormatters(): void`
`34`	`34`	`$formatted = $formatter->formatClaims($claims);`
`35`	`35`
`36`	`36`	`self::assertSame('test', $formatted[RegisteredClaims::AUDIENCE]);`
`37`		`- self::assertSame('1487285080.123456', $formatted[RegisteredClaims::EXPIRATION_TIME]);`
	`37`	`+ self::assertSame(1487285080.123456, $formatted[RegisteredClaims::EXPIRATION_TIME]);`
`38`	`38`	`}`
`39`	`39`	`}`
Original file line number	Diff line number	Diff line change
`@@ -36,8 +36,8 @@ public function dateClaimsHaveMicrosecondsOrSeconds(): void`
`36`	`36`	`$formatted = $formatter->formatClaims($claims);`
`37`	`37`
`38`	`38`	`self::assertSame(1487285080, $formatted[RegisteredClaims::ISSUED_AT]);`
`39`		`- self::assertSame('1487285080.000123', $formatted[RegisteredClaims::NOT_BEFORE]);`
`40`		`- self::assertSame('1487285080.123456', $formatted[RegisteredClaims::EXPIRATION_TIME]);`
	`39`	`+ self::assertSame(1487285080.000123, $formatted[RegisteredClaims::NOT_BEFORE]);`
	`40`	`+ self::assertSame(1487285080.123456, $formatted[RegisteredClaims::EXPIRATION_TIME]);`
`41`	`41`	`self::assertSame('test', $formatted['testing']); // this should remain untouched`
`42`	`42`	`}`
`43`	`43`
`@@ -62,7 +62,7 @@ public function notAllDateClaimsNeedToBeConfigured(): void`
`62`	`62`	`$formatted = $formatter->formatClaims($claims);`
`63`	`63`
`64`	`64`	`self::assertSame(1487285080, $formatted[RegisteredClaims::ISSUED_AT]);`
`65`		`- self::assertSame('1487285080.123456', $formatted[RegisteredClaims::EXPIRATION_TIME]);`
	`65`	`+ self::assertSame(1487285080.123456, $formatted[RegisteredClaims::EXPIRATION_TIME]);`
`66`	`66`	`self::assertSame('test', $formatted['testing']); // this should remain untouched`
`67`	`67`	`}`
`68`	`68`	`}`
Original file line number	Diff line number	Diff line change
`@@ -453,7 +453,7 @@ public function parseMustConvertDateClaimsToObjects(): void`
`453`	`453`	`{`
`454`	`454`	`$data = [`
`455`	`455`	`RegisteredClaims::ISSUED_AT => 1486930663,`
`456`		`- RegisteredClaims::EXPIRATION_TIME => '1486930757.023055',`
	`456`	`+ RegisteredClaims::EXPIRATION_TIME => 1486930757.023055,`
`457`	`457`	`];`
`458`	`458`
`459`	`459`	`$this->decoder->expects(self::exactly(2))`