vendor/lexik/jwt-authentication-bundle/Security/Guard/JWTTokenAuthenticator.php line 121

Open in your IDE?
  1. <?php
  3. namespace Lexik\Bundle\JWTAuthenticationBundle\Security\Guard;
  5. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTAuthenticatedEvent;
  6. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTExpiredEvent;
  7. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTInvalidEvent;
  8. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTNotFoundEvent;
  9. use Lexik\Bundle\JWTAuthenticationBundle\Events;
  10. use Lexik\Bundle\JWTAuthenticationBundle\Exception\ExpiredTokenException;
  11. use Lexik\Bundle\JWTAuthenticationBundle\Exception\InvalidPayloadException;
  12. use Lexik\Bundle\JWTAuthenticationBundle\Exception\InvalidTokenException;
  13. use Lexik\Bundle\JWTAuthenticationBundle\Exception\JWTDecodeFailureException;
  14. use Lexik\Bundle\JWTAuthenticationBundle\Exception\MissingTokenException;
  15. use Lexik\Bundle\JWTAuthenticationBundle\Exception\UserNotFoundException;
  16. use Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationFailureResponse;
  17. use Lexik\Bundle\JWTAuthenticationBundle\Security\Authentication\Token\JWTUserToken;
  18. use Lexik\Bundle\JWTAuthenticationBundle\Security\Authentication\Token\PreAuthenticationJWTUserToken;
  19. use Lexik\Bundle\JWTAuthenticationBundle\Security\Authentication\Token\PreAuthenticationJWTUserTokenInterface;
  20. use Lexik\Bundle\JWTAuthenticationBundle\Security\User\PayloadAwareUserProviderInterface;
  21. use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
  22. use Lexik\Bundle\JWTAuthenticationBundle\TokenExtractor\TokenExtractorInterface;
  23. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  24. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface as ContractsEventDispatcherInterface;
  25. use Symfony\Component\HttpFoundation\Request;
  26. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
  27. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  28. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  29. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  30. use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
  31. use Symfony\Component\Security\Core\User\ChainUserProvider;
  32. use Symfony\Component\Security\Core\User\UserInterface;
  33. use Symfony\Component\Security\Core\User\UserProviderInterface;
  34. use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
  36. /**
  37.  * JWTTokenAuthenticator (Guard implementation).
  38.  *
  39.  * @see http://knpuniversity.com/screencast/symfony-rest4/jwt-guard-authenticator
  40.  *
  41.  * @author Nicolas Cabot <n.cabot@lexik.fr>
  42.  * @author Robin Chalas <robin.chalas@gmail.com>
  43.  */
  44. class JWTTokenAuthenticator extends AbstractGuardAuthenticator
  45. {
  46.     /**
  47.      * @var JWTTokenManagerInterface
  48.      */
  49.     private $jwtManager;
  51.     /**
  52.      * @var EventDispatcherInterface
  53.      */
  54.     private $dispatcher;
  56.     /**
  57.      * @var TokenExtractorInterface
  58.      */
  59.     private $tokenExtractor;
  61.     /**
  62.      * @var TokenStorageInterface
  63.      */
  64.     private $preAuthenticationTokenStorage;
  66.     /**
  67.      * @param JWTTokenManagerInterface $jwtManager
  68.      * @param EventDispatcherInterface $dispatcher
  69.      * @param TokenExtractorInterface  $tokenExtractor
  70.      * @param TokenStorageInterface    $preAuthenticationTokenStorage
  71.      */
  72.     public function __construct(
  73.         JWTTokenManagerInterface $jwtManager,
  74.         EventDispatcherInterface $dispatcher,
  75.         TokenExtractorInterface $tokenExtractor,
  76.         TokenStorageInterface $preAuthenticationTokenStorage
  77.     ) {
  78.         $this->jwtManager                    $jwtManager;
  79.         $this->dispatcher                    $dispatcher;
  80.         $this->tokenExtractor                $tokenExtractor;
  81.         $this->preAuthenticationTokenStorage $preAuthenticationTokenStorage;
  82.     }
  84.     public function supports(Request $request)
  85.     {
  86.         return false !== $this->getTokenExtractor()->extract($request);
  87.     }
  89.     /**
  90.      * Returns a decoded JWT token extracted from a request.
  91.      *
  92.      * {@inheritdoc}
  93.      *
  94.      * @return PreAuthenticationJWTUserTokenInterface
  95.      *
  96.      * @throws InvalidTokenException If an error occur while decoding the token
  97.      * @throws ExpiredTokenException If the request token is expired
  98.      */
  99.     public function getCredentials(Request $request)
  100.     {
  101.         $tokenExtractor $this->getTokenExtractor();
  103.         if (!$tokenExtractor instanceof TokenExtractorInterface) {
  104.             throw new \RuntimeException(sprintf('Method "%s::getTokenExtractor()" must return an instance of "%s".'__CLASS__TokenExtractorInterface::class));
  105.         }
  107.         if (false === ($jsonWebToken $tokenExtractor->extract($request))) {
  108.             return;
  109.         }
  111.         $preAuthToken = new PreAuthenticationJWTUserToken($jsonWebToken);
  113.         try {
  114.             if (!$payload $this->jwtManager->decode($preAuthToken)) {
  115.                 throw new InvalidTokenException('Invalid JWT Token');
  116.             }
  118.             $preAuthToken->setPayload($payload);
  119.         } catch (JWTDecodeFailureException $e) {
  120.             if (JWTDecodeFailureException::EXPIRED_TOKEN === $e->getReason()) {
  121.                 $expiredTokenException = new ExpiredTokenException();
  122.                 $expiredTokenException->setToken($preAuthToken);
  123.                 throw $expiredTokenException;
  124.             }
  126.             throw new InvalidTokenException('Invalid JWT Token'0$e);
  127.         }
  129.         return $preAuthToken;
  130.     }
  132.     /**
  133.      * Returns an user object loaded from a JWT token.
  134.      *
  135.      * {@inheritdoc}
  136.      *
  137.      * @param PreAuthenticationJWTUserTokenInterface Implementation of the (Security) TokenInterface
  138.      *
  139.      * @throws \InvalidArgumentException If preAuthToken is not of the good type
  140.      * @throws InvalidPayloadException   If the user identity field is not a key of the payload
  141.      * @throws UserNotFoundException     If no user can be loaded from the given token
  142.      */
  143.     public function getUser($preAuthTokenUserProviderInterface $userProvider)
  144.     {
  145.         if (!$preAuthToken instanceof PreAuthenticationJWTUserTokenInterface) {
  146.             throw new \InvalidArgumentException(
  147.                 sprintf('The first argument of the "%s()" method must be an instance of "%s".'__METHOD__PreAuthenticationJWTUserTokenInterface::class)
  148.             );
  149.         }
  151.         $payload $preAuthToken->getPayload();
  152.         $idClaim $this->jwtManager->getUserIdClaim();
  155.         if (!isset($payload[$idClaim])) {
  156.             throw new InvalidPayloadException($idClaim);
  157.         }
  159.         $user $this->loadUser($userProvider$payload$payload[$idClaim]);
  161.         $this->preAuthenticationTokenStorage->setToken($preAuthToken);
  163.         return $user;
  164.     }
  166.     /**
  167.      * {@inheritdoc}
  168.      */
  169.     public function onAuthenticationFailure(Request $requestAuthenticationException $authException)
  170.     {
  171.         $response = new JWTAuthenticationFailureResponse($authException->getMessageKey());
  173.         if ($authException instanceof ExpiredTokenException) {
  174.             $event = new JWTExpiredEvent($authException$response);
  175.             $eventName Events::JWT_EXPIRED;
  176.         } else {
  177.             $event = new JWTInvalidEvent($authException$response);
  178.             $eventName Events::JWT_INVALID;
  179.         }
  181.         if ($this->dispatcher instanceof ContractsEventDispatcherInterface) {
  182.             $this->dispatcher->dispatch($event$eventName);
  183.         } else {
  184.             $this->dispatcher->dispatch($eventName$event);
  185.         }
  187.         return $event->getResponse();
  188.     }
  190.     /**
  191.      * {@inheritdoc}
  192.      */
  193.     public function onAuthenticationSuccess(Request $requestTokenInterface $token$providerKey)
  194.     {
  195.         return;
  196.     }
  198.     /**
  199.      * {@inheritdoc}
  200.      *
  201.      * @return JWTAuthenticationFailureResponse
  202.      */
  203.     public function start(Request $requestAuthenticationException $authException null)
  204.     {
  205.         $exception = new MissingTokenException('JWT Token not found'0$authException);
  206.         $event     = new JWTNotFoundEvent($exception, new JWTAuthenticationFailureResponse($exception->getMessageKey()));
  208.         if ($this->dispatcher instanceof ContractsEventDispatcherInterface) {
  209.             $this->dispatcher->dispatch($eventEvents::JWT_NOT_FOUND);
  210.         } else {
  211.             $this->dispatcher->dispatch(Events::JWT_NOT_FOUND$event);
  212.         }
  214.         return $event->getResponse();
  215.     }
  217.     /**
  218.      * {@inheritdoc}
  219.      */
  220.     public function checkCredentials($credentialsUserInterface $user)
  221.     {
  222.         return true;
  223.     }
  225.     /**
  226.      * {@inheritdoc}
  227.      *
  228.      * @throws \RuntimeException If there is no pre-authenticated token previously stored
  229.      */
  230.     public function createAuthenticatedToken(UserInterface $user$providerKey)
  231.     {
  232.         $preAuthToken $this->preAuthenticationTokenStorage->getToken();
  234.         if (null === $preAuthToken) {
  235.             throw new \RuntimeException('Unable to return an authenticated token since there is no pre authentication token.');
  236.         }
  238.         $authToken = new JWTUserToken($user->getRoles(), $user$preAuthToken->getCredentials(), $providerKey);
  240.         if ($this->dispatcher instanceof ContractsEventDispatcherInterface) {
  241.             $this->dispatcher->dispatch(new JWTAuthenticatedEvent($preAuthToken->getPayload(), $authToken), Events::JWT_AUTHENTICATED);
  242.         } else {
  243.             $this->dispatcher->dispatch(Events::JWT_AUTHENTICATED, new JWTAuthenticatedEvent($preAuthToken->getPayload(), $authToken));
  244.         }
  246.         $this->preAuthenticationTokenStorage->setToken(null);
  248.         return $authToken;
  249.     }
  251.     /**
  252.      * {@inheritdoc}
  253.      */
  254.     public function supportsRememberMe()
  255.     {
  256.         return false;
  257.     }
  259.     /**
  260.      * Gets the token extractor to be used for retrieving a JWT token in the
  261.      * current request.
  262.      *
  263.      * Override this method for adding/removing extractors to the chain one or
  264.      * returning a different {@link TokenExtractorInterface} implementation.
  265.      *
  266.      * @return TokenExtractorInterface
  267.      */
  268.     protected function getTokenExtractor()
  269.     {
  270.         return $this->tokenExtractor;
  271.     }
  273.     /**
  274.      * Loads the user to authenticate.
  275.      *
  276.      * @param UserProviderInterface $userProvider An user provider
  277.      * @param array                 $payload      The token payload
  278.      * @param string                $identity     The key from which to retrieve the user "username"
  279.      *
  280.      * @return UserInterface
  281.      */
  282.     protected function loadUser(UserProviderInterface $userProvider, array $payload$identity)
  283.     {
  284.         if ($userProvider instanceof PayloadAwareUserProviderInterface) {
  285.             return $userProvider->loadUserByUsernameAndPayload($identity$payload);
  286.         }
  288.         if ($userProvider instanceof ChainUserProvider) {
  289.             foreach ($userProvider->getProviders() as $provider) {
  290.                 try {
  291.                     if ($provider instanceof PayloadAwareUserProviderInterface) {
  292.                         return $provider->loadUserByUsernameAndPayload($identity$payload);
  293.                     }
  295.                     return $provider->loadUserByUsername($identity);
  296.                 } catch (UsernameNotFoundException $e) {
  297.                     // try next one
  298.                 }
  299.             }
  301.             $ex = new UsernameNotFoundException(sprintf('There is no user with name "%s".'$identity));
  302.             $ex->setUsername($identity);
  303.             throw $ex;
  304.         }
  306.         return $userProvider->loadUserByUsername($identity);
  307.     }
  308. }