Changed generateToken back to returning T1 tokens due to auth bug in the API

dragonmantank · dragonmantank · commit 3f10580e0fef · 2024-12-14T18:46:14.000-05:00
diff --git a/src/OpenTok/OpenTok.php b/src/OpenTok/OpenTok.php
@@ -120,45 +120,46 @@ public function __construct($apiKey, $apiSecret, $options = array())
      */
     public function generateToken(string $sessionId, array $options = array(), bool $legacy = false): string
     {
-        if ($legacy) {
-            return $this->returnLegacyToken($sessionId, $options);
-        }
+        // Note, JWT generation disabled due to a backend bug regarding `exp` claims being mandatory - CRT
+        // if ($legacy) {
+        return $this->returnLegacyToken($sessionId, $options);
+        // }
 
-        $issuedAt = new \DateTimeImmutable('@' . time());
+        // $issuedAt = new \DateTimeImmutable('@' . time());
 
-        $defaults = [
-            'session_id' => $sessionId,
-            'role' => Role::PUBLISHER,
-            'expireTime' => null,
-            'initial_layout_list' => [''],
-            'ist' => 'project',
-            'nonce' => mt_rand(),
-            'scope' => 'session.connect'
-        ];
+        // $defaults = [
+        //     'session_id' => $sessionId,
+        //     'role' => Role::PUBLISHER,
+        //     'expireTime' => null,
+        //     'initial_layout_list' => [''],
+        //     'ist' => 'project',
+        //     'nonce' => mt_rand(),
+        //     'scope' => 'session.connect'
+        // ];
 
-        $options = array_merge($defaults, array_intersect_key($options, $defaults));
+        // $options = array_merge($defaults, array_intersect_key($options, $defaults));
 
-        $builder = new Builder(new JoseEncoder(), ChainedFormatter::default());
-        $builder = $builder->issuedBy($this->apiKey);
+        // $builder = new Builder(new JoseEncoder(), ChainedFormatter::default());
+        // $builder = $builder->issuedBy($this->apiKey);
 
-        if ($options['expireTime']) {
-            $expiry = new \DateTimeImmutable('@' . $options['expireTime']);
-            $builder = $builder->expiresAt($expiry);
-        }
+        // if ($options['expireTime']) {
+        //     $expiry = new \DateTimeImmutable('@' . $options['expireTime']);
+        //     $builder = $builder->expiresAt($expiry);
+        // }
 
-        unset($options['expireTime']);
+        // unset($options['expireTime']);
 
-        $builder = $builder->issuedAt($issuedAt);
-        $builder = $builder->canOnlyBeUsedAfter($issuedAt);
-        $builder = $builder->identifiedBy(bin2hex(random_bytes(16)));
+        // $builder = $builder->issuedAt($issuedAt);
+        // $builder = $builder->canOnlyBeUsedAfter($issuedAt);
+        // $builder = $builder->identifiedBy(bin2hex(random_bytes(16)));
 
-        foreach ($options as $key => $value) {
-            $builder = $builder->withClaim($key, $value);
-        }
+        // foreach ($options as $key => $value) {
+        //     $builder = $builder->withClaim($key, $value);
+        // }
 
-        $token = $builder->getToken(new \Lcobucci\JWT\Signer\Hmac\Sha256(), InMemory::plainText($this->apiSecret));
+        // $token = $builder->getToken(new \Lcobucci\JWT\Signer\Hmac\Sha256(), InMemory::plainText($this->apiSecret));
 
-        return $token->toString();
+        // return $token->toString();
     }
 
     private function returnLegacyToken(string $sessionId, array $options = []): string
diff --git a/tests/OpenTokTest/OpenTokTest.php b/tests/OpenTokTest/OpenTokTest.php
@@ -742,31 +742,53 @@ public function testFailsWhenGeneratingTokenUsingInvalidRole(): void
         $token = $this->opentok->generateToken('SESSIONID', array('role' => 'notarole'), true);
     }
 
-    public function testWillCreateJwt(): void
+    public function testWillCreateLegacyT1WhenRequested(): void
     {
-        $openTok = new OpenTok('my-api-key', 'my-super-long-and-cool-api-secret');
-        $token = $openTok->generateToken('some-token-value');
+        $openTok = new OpenTok('12345678', '0123456789abcdef0123456789abcdef0123456789');
+        $token = $openTok->generateToken('1_MX4xMjM0NTY3OH4-VGh1IEZlYiAyNyAwNDozODozMSBQU1QgMjAxNH4wLjI0NDgyMjI', [], true);
 
-        $config = Configuration::forSymmetricSigner(
-            new \Lcobucci\JWT\Signer\Hmac\Sha256(),
-            \Lcobucci\JWT\Signer\Key\InMemory::plainText('my-super-long-and-cool-api-secret')
-        );
-
-        $token = $config->parser()->parse($token);
-        $this->assertInstanceOf(Plain::class, $token);
+        $this->assertEquals('T1', substr($token, 0, 2));
+    }
 
-        $this->assertTrue($config->validator()->validate($token, new \Lcobucci\JWT\Validation\Constraint\SignedWith(
-            $config->signer(),
-            $config->signingKey()
-        )));
+    public function testWillCreateLegacyT1DirectlyToBypassExpBug(): void
+    {
+        $openTok = new OpenTok('12345678', '0123456789abcdef0123456789abcdef0123456789');
+        $token = $openTok->generateToken('1_MX4xMjM0NTY3OH4-VGh1IEZlYiAyNyAwNDozODozMSBQU1QgMjAxNH4wLjI0NDgyMjI', []);
 
-        $this->assertEquals('my-api-key', $token->claims()->get('iss'));
-        $this->assertEquals('some-token-value', $token->claims()->get('session_id'));
-        $this->assertEquals('publisher', $token->claims()->get('role'));
-        $this->assertEquals('project', $token->claims()->get('ist'));
-        $this->assertEquals('session.connect', $token->claims()->get('scope'));
+        $this->assertEquals('T1', substr($token, 0, 2));
     }
 
+    /**
+     * Makes sure that a JWT is generated for the client-side token
+     * 
+     * Currently disabled due to the backend requiring an `exp` claim, which was
+     * not required on T1s. Uncomment when the backend is fixed. - CRT
+     */
+    // public function testWillCreateJwt(): void
+    // {
+    //     $openTok = new OpenTok('my-api-key', 'my-super-long-and-cool-api-secret');
+    //     $token = $openTok->generateToken('some-token-value');
+
+    //     $config = Configuration::forSymmetricSigner(
+    //         new \Lcobucci\JWT\Signer\Hmac\Sha256(),
+    //         \Lcobucci\JWT\Signer\Key\InMemory::plainText('my-super-long-and-cool-api-secret')
+    //     );
+
+    //     $token = $config->parser()->parse($token);
+    //     $this->assertInstanceOf(Plain::class, $token);
+
+    //     $this->assertTrue($config->validator()->validate($token, new \Lcobucci\JWT\Validation\Constraint\SignedWith(
+    //         $config->signer(),
+    //         $config->signingKey()
+    //     )));
+
+    //     $this->assertEquals('my-api-key', $token->claims()->get('iss'));
+    //     $this->assertEquals('some-token-value', $token->claims()->get('session_id'));
+    //     $this->assertEquals('publisher', $token->claims()->get('role'));
+    //     $this->assertEquals('project', $token->claims()->get('ist'));
+    //     $this->assertEquals('session.connect', $token->claims()->get('scope'));
+    // }
+
     public function testStartsArchive(): void
     {
         // Arrange
