diff --git a/.gitignore b/.gitignore index 7dcd5bd..3f5791f 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ +/.idea /.phpunit.cache +.phpunit.result.cache diff --git a/src/Hazelnut.php b/src/Hazelnut.php index d65f2db..ce6024e 100644 --- a/src/Hazelnut.php +++ b/src/Hazelnut.php @@ -265,7 +265,9 @@ private function validateRequest(array $get, array $post) :int { private function validateNut(?Nut $nut, ?string $key) :int { if ($nut == null) return NUT_INVALID; if ($nut->getCreatedTime() < strtotime('-'.$this->nutExpiry.' minutes')) return NUT_EXPIRED; - if ($key != null && $nut->getIdentity() != null && $key != $nut->getIdentity()) return NUT_MISMATCHING_ID; + if ($key != null && $nut->getIdentity() != null && $key != trim($nut->getIdentity())) { + return NUT_MISMATCHING_ID; + } return NUT_VALID; } diff --git a/tests/core/CoreValidateNutTest.php b/tests/core/CoreValidateNutTest.php index 7a9d3a1..cddcbbc 100644 --- a/tests/core/CoreValidateNutTest.php +++ b/tests/core/CoreValidateNutTest.php @@ -39,6 +39,24 @@ public function testValidNutWithDefinedKey() { $this->assertEquals(\Varden\Hazelnut\NUT_VALID, $result); } + public function testValidNutWithPaddedDefinedKey() { + /* + * Per https://www.grc.com/sqrl/details.htm: After its single trailing (“=”) equals sign + * is removed, the resulting 43-character string becomes the value for the sqrlkey parameter. + * + * Test for cases where the CHAR(44) pubkey includes a trailing space. + */ + $nut = new \Varden\Hazelnut\Nut('sample'); + $key = "k"; + $nut + -> createdAt(time()) + -> forIdentity("k ") + -> withTIF('0') + -> byIP('2001:db8::1'); + $result = $this->method->invoke($this->hazelnut, $nut, $key); + $this->assertEquals(\Varden\Hazelnut\NUT_VALID, $result); + } + public function testNullNut() { $result = $this->method->invoke($this->hazelnut, null, null); $this->assertEquals(\Varden\Hazelnut\NUT_INVALID, $result);