vendor/lexik/jwt-authentication-bundle/Security/Guard/JWTTokenAuthenticator.php line 224

Open in your IDE?
  1. <?php
  3. namespace Lexik\Bundle\JWTAuthenticationBundle\Security\Guard;
  5. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTAuthenticatedEvent;
  6. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTExpiredEvent;
  7. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTInvalidEvent;
  8. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTNotFoundEvent;
  9. use Lexik\Bundle\JWTAuthenticationBundle\Events;
  10. use Lexik\Bundle\JWTAuthenticationBundle\Exception\ExpiredTokenException;
  11. use Lexik\Bundle\JWTAuthenticationBundle\Exception\InvalidPayloadException;
  12. use Lexik\Bundle\JWTAuthenticationBundle\Exception\InvalidTokenException;
  13. use Lexik\Bundle\JWTAuthenticationBundle\Exception\JWTDecodeFailureException;
  14. use Lexik\Bundle\JWTAuthenticationBundle\Exception\MissingTokenException;
  15. use Lexik\Bundle\JWTAuthenticationBundle\Exception\UserNotFoundException;
  16. use Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationFailureResponse;
  17. use Lexik\Bundle\JWTAuthenticationBundle\Security\Authentication\Token\JWTUserToken;
  18. use Lexik\Bundle\JWTAuthenticationBundle\Security\Authentication\Token\PreAuthenticationJWTUserToken;
  19. use Lexik\Bundle\JWTAuthenticationBundle\Security\Authentication\Token\PreAuthenticationJWTUserTokenInterface;
  20. use Lexik\Bundle\JWTAuthenticationBundle\Security\User\PayloadAwareUserProviderInterface;
  21. use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
  22. use Lexik\Bundle\JWTAuthenticationBundle\TokenExtractor\TokenExtractorInterface;
  23. use Symfony\Component\HttpFoundation\Request;
  24. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  25. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  26. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  27. use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
  28. use Symfony\Component\Security\Core\Exception\UserNotFoundException as SecurityUserNotFoundException;
  29. use Symfony\Component\Security\Core\User\ChainUserProvider;
  30. use Symfony\Component\Security\Core\User\UserInterface;
  31. use Symfony\Component\Security\Core\User\UserProviderInterface;
  32. use Symfony\Component\Security\Guard\AuthenticatorInterface;
  33. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  34. use Symfony\Contracts\Translation\TranslatorInterface;
  36. /**
  37.  * JWTTokenAuthenticator (Guard implementation).
  38.  *
  39.  * @see http://knpuniversity.com/screencast/symfony-rest4/jwt-guard-authenticator
  40.  *
  41.  * @author Nicolas Cabot <n.cabot@lexik.fr>
  42.  * @author Robin Chalas <robin.chalas@gmail.com>
  43.  */
  44. class JWTTokenAuthenticator implements AuthenticatorInterface
  45. {
  46.     /**
  47.      * @var JWTTokenManagerInterface
  48.      */
  49.     private $jwtManager;
  51.     /**
  52.      * @var EventDispatcherInterface
  53.      */
  54.     private $dispatcher;
  56.     /**
  57.      * @var TokenExtractorInterface
  58.      */
  59.     private $tokenExtractor;
  61.     /**
  62.      * @var TokenStorageInterface
  63.      */
  64.     private $preAuthenticationTokenStorage;
  66.     /**
  67.      * @var TranslatorInterface
  68.      */
  69.     private $translator;
  71.     public function __construct(
  72.         JWTTokenManagerInterface $jwtManager,
  73.         EventDispatcherInterface $dispatcher,
  74.         TokenExtractorInterface $tokenExtractor,
  75.         TokenStorageInterface $preAuthenticationTokenStorage,
  76.         TranslatorInterface $translator null
  77.     ) {
  78.         $this->jwtManager $jwtManager;
  79.         $this->dispatcher $dispatcher;
  80.         $this->tokenExtractor $tokenExtractor;
  81.         $this->preAuthenticationTokenStorage $preAuthenticationTokenStorage;
  82.         $this->translator $translator;
  83.     }
  85.     public function supports(Request $request)
  86.     {
  87.         return false !== $this->getTokenExtractor()->extract($request);
  88.     }
  90.     /**
  91.      * Returns a decoded JWT token extracted from a request.
  92.      *
  93.      * {@inheritdoc}
  94.      *
  95.      * @return PreAuthenticationJWTUserTokenInterface
  96.      *
  97.      * @throws InvalidTokenException If an error occur while decoding the token
  98.      * @throws ExpiredTokenException If the request token is expired
  99.      */
  100.     public function getCredentials(Request $request)
  101.     {
  102.         $tokenExtractor $this->getTokenExtractor();
  104.         if (!$tokenExtractor instanceof TokenExtractorInterface) {
  105.             throw new \RuntimeException(sprintf('Method "%s::getTokenExtractor()" must return an instance of "%s".'self::class, TokenExtractorInterface::class));
  106.         }
  108.         if (false === ($jsonWebToken $tokenExtractor->extract($request))) {
  109.             return;
  110.         }
  112.         $preAuthToken = new PreAuthenticationJWTUserToken($jsonWebToken);
  114.         try {
  115.             if (!$payload $this->jwtManager->decode($preAuthToken)) {
  116.                 throw new InvalidTokenException('Invalid JWT Token');
  117.             }
  119.             $preAuthToken->setPayload($payload);
  120.         } catch (JWTDecodeFailureException $e) {
  121.             if (JWTDecodeFailureException::EXPIRED_TOKEN === $e->getReason()) {
  122.                 $expiredTokenException = new ExpiredTokenException();
  123.                 $expiredTokenException->setToken($preAuthToken);
  124.                 throw $expiredTokenException;
  125.             }
  127.             throw new InvalidTokenException('Invalid JWT Token'0$e);
  128.         }
  130.         return $preAuthToken;
  131.     }
  133.     /**
  134.      * Returns an user object loaded from a JWT token.
  135.      *
  136.      * {@inheritdoc}
  137.      *
  138.      * @param PreAuthenticationJWTUserTokenInterface $preAuthToken Implementation of the (Security) TokenInterface
  139.      *
  140.      * @throws \InvalidArgumentException If preAuthToken is not of the good type
  141.      * @throws InvalidPayloadException   If the user identity field is not a key of the payload
  142.      * @throws UserNotFoundException     If no user can be loaded from the given token
  143.      */
  144.     public function getUser($preAuthTokenUserProviderInterface $userProvider)
  145.     {
  146.         if (!$preAuthToken instanceof PreAuthenticationJWTUserTokenInterface) {
  147.             throw new \InvalidArgumentException(sprintf('The first argument of the "%s()" method must be an instance of "%s".'__METHOD__PreAuthenticationJWTUserTokenInterface::class));
  148.         }
  150.         $payload $preAuthToken->getPayload();
  151.         $idClaim $this->jwtManager->getUserIdClaim();
  153.         if (!isset($payload[$idClaim])) {
  154.             throw new InvalidPayloadException($idClaim);
  155.         }
  157.         $user $this->loadUser($userProvider$payload$payload[$idClaim]);
  159.         $this->preAuthenticationTokenStorage->setToken($preAuthToken);
  161.         return $user;
  162.     }
  164.     /**
  165.      * {@inheritdoc}
  166.      */
  167.     public function onAuthenticationFailure(Request $requestAuthenticationException $authException)
  168.     {
  169.         $errorMessage strtr($authException->getMessageKey(), $authException->getMessageData());
  170.         if (null !== $this->translator) {
  171.             $errorMessage $this->translator->trans($authException->getMessageKey(), $authException->getMessageData(), 'security');
  172.         }
  173.         $response = new JWTAuthenticationFailureResponse($errorMessage);
  175.         if ($authException instanceof ExpiredTokenException) {
  176.             $event = new JWTExpiredEvent($authException$response$request);
  177.             $eventName Events::JWT_EXPIRED;
  178.         } else {
  179.             $event = new JWTInvalidEvent($authException$response$request);
  180.             $eventName Events::JWT_INVALID;
  181.         }
  183.         $this->dispatcher->dispatch($event$eventName);
  185.         return $event->getResponse();
  186.     }
  188.     /**
  189.      * {@inheritdoc}
  190.      */
  191.     public function onAuthenticationSuccess(Request $requestTokenInterface $token$providerKey)
  192.     {
  193.         return;
  194.     }
  196.     /**
  197.      * {@inheritdoc}
  198.      *
  199.      * @return JWTAuthenticationFailureResponse
  200.      */
  201.     public function start(Request $requestAuthenticationException $authException null)
  202.     {
  203.         $exception = new MissingTokenException('JWT Token not found'0$authException);
  204.         $event = new JWTNotFoundEvent($exception, new JWTAuthenticationFailureResponse($exception->getMessageKey()), $request);
  206.         $this->dispatcher->dispatch($eventEvents::JWT_NOT_FOUND);
  208.         return $event->getResponse();
  209.     }
  211.     /**
  212.      * {@inheritdoc}
  213.      */
  214.     public function checkCredentials($credentialsUserInterface $user)
  215.     {
  216.         return true;
  217.     }
  219.     /**
  220.      * {@inheritdoc}
  221.      *
  222.      * @throws \RuntimeException If there is no pre-authenticated token previously stored
  223.      */
  224.     public function createAuthenticatedToken(UserInterface $user$providerKey)
  225.     {
  226.         $preAuthToken $this->preAuthenticationTokenStorage->getToken();
  228.         if (null === $preAuthToken) {
  229.             throw new \RuntimeException('Unable to return an authenticated token since there is no pre authentication token.');
  230.         }
  232.         $authToken = new JWTUserToken($user->getRoles(), $user$preAuthToken->getCredentials(), $providerKey);
  234.         $this->dispatcher->dispatch(new JWTAuthenticatedEvent($preAuthToken->getPayload(), $authToken), Events::JWT_AUTHENTICATED);
  236.         $this->preAuthenticationTokenStorage->setToken(null);
  238.         return $authToken;
  239.     }
  241.     /**
  242.      * {@inheritdoc}
  243.      */
  244.     public function supportsRememberMe()
  245.     {
  246.         return false;
  247.     }
  249.     /**
  250.      * Gets the token extractor to be used for retrieving a JWT token in the
  251.      * current request.
  252.      *
  253.      * Override this method for adding/removing extractors to the chain one or
  254.      * returning a different {@link TokenExtractorInterface} implementation.
  255.      *
  256.      * @return TokenExtractorInterface
  257.      */
  258.     protected function getTokenExtractor()
  259.     {
  260.         return $this->tokenExtractor;
  261.     }
  263.     /**
  264.      * @return JWTTokenManagerInterface
  265.      */
  266.     protected function getJwtManager()
  267.     {
  268.         return $this->jwtManager;
  269.     }
  271.     /**
  272.      * @return EventDispatcherInterface
  273.      */
  274.     protected function getDispatcher()
  275.     {
  276.         return $this->dispatcher;
  277.     }
  279.     /**
  280.      * @return TokenStorageInterface
  281.      */
  282.     protected function getPreAuthenticationTokenStorage()
  283.     {
  284.         return $this->preAuthenticationTokenStorage;
  285.     }
  287.     /**
  288.      * Loads the user to authenticate.
  289.      *
  290.      * @param UserProviderInterface $userProvider An user provider
  291.      * @param array                 $payload      The token payload
  292.      * @param string                $identity     The key from which to retrieve the user "username"
  293.      *
  294.      * @return UserInterface
  295.      */
  296.     protected function loadUser(UserProviderInterface $userProvider, array $payload$identity)
  297.     {
  298.         $providers $userProvider instanceof ChainUserProvider $userProvider->getProviders() : [$userProvider];
  300.         foreach ($providers as $provider) {
  301.             try {
  302.                 if ($provider instanceof PayloadAwareUserProviderInterface) {
  303.                     return $provider->loadUserByUsernameAndPayload($identity$payload);
  304.                 }
  306.                 if (method_exists($provider'loadUserByIdentifier')) {
  307.                     return $provider->loadUserByIdentifier($identity);
  308.                 }
  310.                 return $provider->loadUserByUsername($identity);
  311.             } catch (SecurityUserNotFoundException UsernameNotFoundException $e) {
  312.                 // try next one
  313.             }
  314.         }
  316.         if (class_exists(SecurityUserNotFoundException::class)) {
  317.             $ex = new SecurityUserNotFoundException(sprintf('There is no user with name "%s".'$identity));
  318.             $ex->setUserIdentifier($identity);
  319.         } else {
  320.             $ex = new UsernameNotFoundException(sprintf('There is no user with name "%s".'$identity));
  321.             $ex->setUsername($identity);
  322.         }
  324.         throw $ex;
  325.     }
  326. }