Add additional signature mismatch test

Firehed · Oct 27, 2021 · 80874ad · 80874ad
1 parent d09d994
commit 80874ad
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/tests/ServerTest.php b/tests/ServerTest.php
@@ -567,6 +567,19 @@ public function testValidateLoginThrowsIfSignatureIsInvalid(): void
  $this->server->validateLogin($challenge, $response, [$registration]);
  }
 
+ public function testValidateLoginThrowsIfWrongDataIsSigned(): void
+ {
+ $challenge = $this->getDefaultLoginChallenge();
+ $response = $this->getDefaultLoginResponse([
+ 'getSignedData' => 'some other signed data',
+ ]);
+ $registration = $this->getDefaultRegistration();
+
+ $this->expectException(SecurityException::class);
+ $this->expectExceptionCode(SecurityException::SIGNATURE_INVALID);
+ $this->server->validateLogin($challenge, $response, [$registration]);
+ }
+
  /**
  * Arguably the most important authentication test: ensure that
  * a perfectly-valid signature is rejected if it's not actually from the