From 45e81674eec4610ebd98b8f74cf26af4782a82c5 Mon Sep 17 00:00:00 2001 From: Marick van Tuil Date: Wed, 7 Dec 2022 21:17:31 +0100 Subject: [PATCH] Fix bug making it possible to task handler under specific circumstances --- src/CloudTasksQueue.php | 1 + src/OpenIdVerificatorConcrete.php | 2 +- src/OpenIdVerificatorFake.php | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/CloudTasksQueue.php b/src/CloudTasksQueue.php index a77e09c..33c8dba 100644 --- a/src/CloudTasksQueue.php +++ b/src/CloudTasksQueue.php @@ -163,6 +163,7 @@ protected function pushToCloudTasks($queue, $payload, $delay = 0) $token = new OidcToken; $token->setServiceAccountEmail($this->config['service_account_email']); + $token->setAudience(hash_hmac('sha256', $this->getHandler(), config('app.key'))); $httpRequest->setOidcToken($token); if ($availableAt > time()) { diff --git a/src/OpenIdVerificatorConcrete.php b/src/OpenIdVerificatorConcrete.php index 196e0ac..fa46175 100644 --- a/src/OpenIdVerificatorConcrete.php +++ b/src/OpenIdVerificatorConcrete.php @@ -18,7 +18,7 @@ public function verify(?string $token, array $config): void (new AccessToken())->verify( $token, [ - 'audience' => app('queue')->getHandler(), + 'audience' => hash_hmac('sha256', app('queue')->getHandler(), config('app.key')), 'throwException' => true, ] ); diff --git a/src/OpenIdVerificatorFake.php b/src/OpenIdVerificatorFake.php index 971ede2..077f917 100644 --- a/src/OpenIdVerificatorFake.php +++ b/src/OpenIdVerificatorFake.php @@ -17,7 +17,7 @@ public function verify(?string $token, array $config): void (new AccessToken())->verify( $token, [ - 'audience' => app('queue')->getHandler(), + 'audience' => hash_hmac('sha256', app('queue')->getHandler(), config('app.key')), 'throwException' => true, 'certsLocation' => __DIR__ . '/../tests/Support/self-signed-public-key-as-jwk.json', ]