The start of something beautiful
This commit is contained in:
+219
@@ -0,0 +1,219 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Lexik\Bundle\JWTAuthenticationBundle\Security\Authenticator;
|
||||
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTAuthenticatedEvent;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTExpiredEvent;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTInvalidEvent;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTNotFoundEvent;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Events;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Exception\ExpiredTokenException;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Exception\InvalidPayloadException;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Exception\InvalidTokenException;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Exception\JWTDecodeFailureException;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Exception\MissingTokenException;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationFailureResponse;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Security\Authenticator\Token\JWTPostAuthenticationToken;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Security\User\PayloadAwareUserProviderInterface;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\TokenExtractor\TokenExtractorInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||
use Symfony\Component\Security\Core\Exception\UserNotFoundException;
|
||||
use Symfony\Component\Security\Core\User\ChainUserProvider;
|
||||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
use Symfony\Component\Security\Core\User\UserProviderInterface;
|
||||
use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
|
||||
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
|
||||
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
|
||||
use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
|
||||
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
|
||||
use Symfony\Contracts\Translation\TranslatorInterface;
|
||||
|
||||
class JWTAuthenticator extends AbstractAuthenticator implements AuthenticationEntryPointInterface
|
||||
{
|
||||
private TokenExtractorInterface $tokenExtractor;
|
||||
private JWTTokenManagerInterface $jwtManager;
|
||||
private EventDispatcherInterface $eventDispatcher;
|
||||
private UserProviderInterface $userProvider;
|
||||
private ?TranslatorInterface $translator;
|
||||
|
||||
public function __construct(
|
||||
JWTTokenManagerInterface $jwtManager,
|
||||
EventDispatcherInterface $eventDispatcher,
|
||||
TokenExtractorInterface $tokenExtractor,
|
||||
UserProviderInterface $userProvider,
|
||||
TranslatorInterface $translator = null
|
||||
) {
|
||||
$this->tokenExtractor = $tokenExtractor;
|
||||
$this->jwtManager = $jwtManager;
|
||||
$this->eventDispatcher = $eventDispatcher;
|
||||
$this->userProvider = $userProvider;
|
||||
$this->translator = $translator;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function start(Request $request, AuthenticationException $authException = null): Response
|
||||
{
|
||||
$exception = new MissingTokenException('JWT Token not found', 0, $authException);
|
||||
$event = new JWTNotFoundEvent($exception, new JWTAuthenticationFailureResponse($exception->getMessageKey()), $request);
|
||||
|
||||
$this->eventDispatcher->dispatch($event, Events::JWT_NOT_FOUND);
|
||||
|
||||
return $event->getResponse();
|
||||
}
|
||||
|
||||
public function supports(Request $request): ?bool
|
||||
{
|
||||
return false !== $this->getTokenExtractor()->extract($request);
|
||||
}
|
||||
|
||||
public function authenticate(Request $request): Passport
|
||||
{
|
||||
$token = $this->getTokenExtractor()->extract($request);
|
||||
if ($token === false) {
|
||||
throw new \LogicException('Unable to extract a JWT token from the request. Also, make sure to call `supports()` before `authenticate()` to get a proper client error.');
|
||||
}
|
||||
|
||||
try {
|
||||
if (!$payload = $this->jwtManager->parse($token)) {
|
||||
throw new InvalidTokenException('Invalid JWT Token');
|
||||
}
|
||||
} catch (JWTDecodeFailureException $e) {
|
||||
if (JWTDecodeFailureException::EXPIRED_TOKEN === $e->getReason()) {
|
||||
throw new ExpiredTokenException();
|
||||
}
|
||||
|
||||
throw new InvalidTokenException('Invalid JWT Token', 0, $e);
|
||||
}
|
||||
|
||||
$idClaim = $this->jwtManager->getUserIdClaim();
|
||||
if (!isset($payload[$idClaim])) {
|
||||
throw new InvalidPayloadException($idClaim);
|
||||
}
|
||||
|
||||
$passport = new SelfValidatingPassport(
|
||||
new UserBadge(
|
||||
(string) $payload[$idClaim],
|
||||
fn ($userIdentifier) => $this->loadUser($payload, $userIdentifier)
|
||||
)
|
||||
);
|
||||
|
||||
$passport->setAttribute('payload', $payload);
|
||||
$passport->setAttribute('token', $token);
|
||||
|
||||
return $passport;
|
||||
}
|
||||
|
||||
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
|
||||
{
|
||||
$errorMessage = strtr($exception->getMessageKey(), $exception->getMessageData());
|
||||
if (null !== $this->translator) {
|
||||
$errorMessage = $this->translator->trans($exception->getMessageKey(), $exception->getMessageData(), 'security');
|
||||
}
|
||||
$response = new JWTAuthenticationFailureResponse($errorMessage);
|
||||
|
||||
if ($exception instanceof ExpiredTokenException) {
|
||||
$event = new JWTExpiredEvent($exception, $response, $request);
|
||||
$eventName = Events::JWT_EXPIRED;
|
||||
} else {
|
||||
$event = new JWTInvalidEvent($exception, $response, $request);
|
||||
$eventName = Events::JWT_INVALID;
|
||||
}
|
||||
|
||||
$this->eventDispatcher->dispatch($event, $eventName);
|
||||
|
||||
return $event->getResponse();
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the token extractor to be used for retrieving a JWT token in the
|
||||
* current request.
|
||||
*
|
||||
* Override this method for adding/removing extractors to the chain one or
|
||||
* returning a different {@link TokenExtractorInterface} implementation.
|
||||
*/
|
||||
protected function getTokenExtractor(): TokenExtractorInterface
|
||||
{
|
||||
return $this->tokenExtractor;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the jwt manager.
|
||||
*/
|
||||
protected function getJwtManager(): JWTTokenManagerInterface
|
||||
{
|
||||
return $this->jwtManager;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the event dispatcher.
|
||||
*/
|
||||
protected function getEventDispatcher(): EventDispatcherInterface
|
||||
{
|
||||
return $this->eventDispatcher;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the user provider.
|
||||
*/
|
||||
protected function getUserProvider(): UserProviderInterface
|
||||
{
|
||||
return $this->userProvider;
|
||||
}
|
||||
|
||||
/**
|
||||
* Loads the user to authenticate.
|
||||
*
|
||||
* @param array $payload The token payload
|
||||
* @param string $identity The key from which to retrieve the user "identifier"
|
||||
*/
|
||||
protected function loadUser(array $payload, string $identity): UserInterface
|
||||
{
|
||||
if ($this->userProvider instanceof PayloadAwareUserProviderInterface) {
|
||||
return $this->userProvider->loadUserByIdentifierAndPayload($identity, $payload);
|
||||
}
|
||||
|
||||
if ($this->userProvider instanceof ChainUserProvider) {
|
||||
foreach ($this->userProvider->getProviders() as $provider) {
|
||||
try {
|
||||
if ($provider instanceof PayloadAwareUserProviderInterface) {
|
||||
return $provider->loadUserByIdentifierAndPayload($identity, $payload);
|
||||
}
|
||||
|
||||
return $provider->loadUserByIdentifier($identity);
|
||||
} catch (AuthenticationException $e) {
|
||||
// try next one
|
||||
}
|
||||
}
|
||||
|
||||
$ex = new UserNotFoundException(sprintf('There is no user with identifier "%s".', $identity));
|
||||
$ex->setUserIdentifier($identity);
|
||||
|
||||
throw $ex;
|
||||
}
|
||||
|
||||
return $this->userProvider->loadUserByIdentifier($identity);
|
||||
}
|
||||
|
||||
public function createToken(Passport $passport, string $firewallName): TokenInterface
|
||||
{
|
||||
$token = new JWTPostAuthenticationToken($passport->getUser(), $firewallName, $passport->getUser()->getRoles(), $passport->getAttribute('token'));
|
||||
|
||||
$this->eventDispatcher->dispatch(new JWTAuthenticatedEvent($passport->getAttribute('payload'), $token), Events::JWT_AUTHENTICATED);
|
||||
|
||||
return $token;
|
||||
}
|
||||
}
|
||||
Vendored
+26
@@ -0,0 +1,26 @@
|
||||
<?php
|
||||
|
||||
namespace Lexik\Bundle\JWTAuthenticationBundle\Security\Authenticator\Token;
|
||||
|
||||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
use Symfony\Component\Security\Http\Authenticator\Token\PostAuthenticationToken;
|
||||
|
||||
class JWTPostAuthenticationToken extends PostAuthenticationToken
|
||||
{
|
||||
private string $token;
|
||||
|
||||
public function __construct(UserInterface $user, string $firewallName, array $roles, string $token)
|
||||
{
|
||||
parent::__construct($user, $firewallName, $roles);
|
||||
|
||||
$this->token = $token;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function getCredentials(): string
|
||||
{
|
||||
return $this->token;
|
||||
}
|
||||
}
|
||||
vendor/lexik/jwt-authentication-bundle/Security/Http/Authentication/AuthenticationFailureHandler.php
Vendored
+66
@@ -0,0 +1,66 @@
|
||||
<?php
|
||||
|
||||
namespace Lexik\Bundle\JWTAuthenticationBundle\Security\Http\Authentication;
|
||||
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Event\AuthenticationFailureEvent;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Events;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationFailureResponse;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
|
||||
use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
|
||||
use Symfony\Contracts\Translation\TranslatorInterface;
|
||||
|
||||
/**
|
||||
* AuthenticationFailureHandler.
|
||||
*
|
||||
* @author Dev Lexik <dev@lexik.fr>
|
||||
*/
|
||||
class AuthenticationFailureHandler implements AuthenticationFailureHandlerInterface
|
||||
{
|
||||
protected EventDispatcherInterface $dispatcher;
|
||||
private ?TranslatorInterface $translator;
|
||||
|
||||
public function __construct(EventDispatcherInterface $dispatcher, TranslatorInterface $translator = null)
|
||||
{
|
||||
$this->dispatcher = $dispatcher;
|
||||
$this->translator = $translator;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function onAuthenticationFailure(Request $request, AuthenticationException $exception): Response
|
||||
{
|
||||
$errorMessage = strtr($exception->getMessageKey(), $exception->getMessageData());
|
||||
$statusCode = self::mapExceptionCodeToStatusCode($exception->getCode());
|
||||
if ($this->translator) {
|
||||
$errorMessage = $this->translator->trans($exception->getMessageKey(), $exception->getMessageData(), 'security');
|
||||
}
|
||||
|
||||
$event = new AuthenticationFailureEvent(
|
||||
$exception,
|
||||
new JWTAuthenticationFailureResponse($errorMessage, $statusCode),
|
||||
$request
|
||||
);
|
||||
|
||||
$this->dispatcher->dispatch($event, Events::AUTHENTICATION_FAILURE);
|
||||
|
||||
return $event->getResponse();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string|int $exceptionCode
|
||||
*/
|
||||
private static function mapExceptionCodeToStatusCode($exceptionCode): int
|
||||
{
|
||||
$canMapToStatusCode = is_int($exceptionCode)
|
||||
&& $exceptionCode >= 400
|
||||
&& $exceptionCode < 500;
|
||||
|
||||
return $canMapToStatusCode
|
||||
? $exceptionCode
|
||||
: Response::HTTP_UNAUTHORIZED;
|
||||
}
|
||||
}
|
||||
vendor/lexik/jwt-authentication-bundle/Security/Http/Authentication/AuthenticationSuccessHandler.php
Vendored
+80
@@ -0,0 +1,80 @@
|
||||
<?php
|
||||
|
||||
namespace Lexik\Bundle\JWTAuthenticationBundle\Security\Http\Authentication;
|
||||
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Event\AuthenticationSuccessEvent;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Events;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationSuccessResponse;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Security\Http\Cookie\JWTCookieProvider;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
|
||||
use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
|
||||
|
||||
/**
|
||||
* AuthenticationSuccessHandler.
|
||||
*
|
||||
* @author Dev Lexik <dev@lexik.fr>
|
||||
* @author Robin Chalas <robin.chalas@gmail.com>
|
||||
*
|
||||
* @final
|
||||
*/
|
||||
class AuthenticationSuccessHandler implements AuthenticationSuccessHandlerInterface
|
||||
{
|
||||
protected JWTTokenManagerInterface $jwtManager;
|
||||
protected EventDispatcherInterface $dispatcher;
|
||||
protected bool $removeTokenFromBodyWhenCookiesUsed;
|
||||
private iterable $cookieProviders;
|
||||
|
||||
/**
|
||||
* @param iterable|JWTCookieProvider[] $cookieProviders
|
||||
*/
|
||||
public function __construct(JWTTokenManagerInterface $jwtManager, EventDispatcherInterface $dispatcher, iterable $cookieProviders = [], bool $removeTokenFromBodyWhenCookiesUsed = true)
|
||||
{
|
||||
$this->jwtManager = $jwtManager;
|
||||
$this->dispatcher = $dispatcher;
|
||||
$this->cookieProviders = $cookieProviders;
|
||||
$this->removeTokenFromBodyWhenCookiesUsed = $removeTokenFromBodyWhenCookiesUsed;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function onAuthenticationSuccess(Request $request, TokenInterface $token): Response
|
||||
{
|
||||
return $this->handleAuthenticationSuccess($token->getUser());
|
||||
}
|
||||
|
||||
public function handleAuthenticationSuccess(UserInterface $user, $jwt = null): Response
|
||||
{
|
||||
if (null === $jwt) {
|
||||
$jwt = $this->jwtManager->create($user);
|
||||
}
|
||||
|
||||
$jwtCookies = [];
|
||||
foreach ($this->cookieProviders as $cookieProvider) {
|
||||
$jwtCookies[] = $cookieProvider->createCookie($jwt);
|
||||
}
|
||||
|
||||
$response = new JWTAuthenticationSuccessResponse($jwt, [], $jwtCookies);
|
||||
$event = new AuthenticationSuccessEvent(['token' => $jwt], $user, $response);
|
||||
|
||||
$this->dispatcher->dispatch($event, Events::AUTHENTICATION_SUCCESS);
|
||||
$responseData = $event->getData();
|
||||
|
||||
if ($jwtCookies && $this->removeTokenFromBodyWhenCookiesUsed) {
|
||||
unset($responseData['token']);
|
||||
}
|
||||
|
||||
if ($responseData) {
|
||||
$response->setData($responseData);
|
||||
} else {
|
||||
$response->setStatusCode(Response::HTTP_NO_CONTENT);
|
||||
}
|
||||
|
||||
return $response;
|
||||
}
|
||||
}
|
||||
+81
@@ -0,0 +1,81 @@
|
||||
<?php
|
||||
|
||||
namespace Lexik\Bundle\JWTAuthenticationBundle\Security\Http\Cookie;
|
||||
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Helper\JWTSplitter;
|
||||
use Symfony\Component\HttpFoundation\Cookie;
|
||||
use Symfony\Component\HttpKernel\Kernel;
|
||||
|
||||
/**
|
||||
* Creates secure JWT cookies.
|
||||
*/
|
||||
final class JWTCookieProvider
|
||||
{
|
||||
private ?string $defaultName;
|
||||
private ?int $defaultLifetime;
|
||||
private ?string $defaultSameSite;
|
||||
private ?string $defaultPath;
|
||||
private ?string $defaultDomain;
|
||||
private bool $defaultSecure;
|
||||
private bool $defaultHttpOnly;
|
||||
private array $defaultSplit;
|
||||
private bool $defaultPartitioned;
|
||||
|
||||
public function __construct(?string $defaultName = null, ?int $defaultLifetime = 0, ?string $defaultSameSite = Cookie::SAMESITE_LAX, ?string $defaultPath = '/', ?string $defaultDomain = null, bool $defaultSecure = true, bool $defaultHttpOnly = true, array $defaultSplit = [], bool $defaultPartitioned = false)
|
||||
{
|
||||
$this->defaultName = $defaultName;
|
||||
$this->defaultLifetime = $defaultLifetime;
|
||||
$this->defaultSameSite = $defaultSameSite;
|
||||
$this->defaultPath = $defaultPath;
|
||||
$this->defaultDomain = $defaultDomain;
|
||||
$this->defaultSecure = $defaultSecure;
|
||||
$this->defaultHttpOnly = $defaultHttpOnly;
|
||||
$this->defaultSplit = $defaultSplit;
|
||||
$this->defaultPartitioned = $defaultPartitioned;
|
||||
|
||||
if ($defaultPartitioned && Kernel::VERSION < '6.4') {
|
||||
throw new \LogicException(sprintf('The `partitioned` option for cookies is only available for Symfony 6.4 and above. You are currently on version %s', Kernel::VERSION));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a secure cookie containing the passed JWT.
|
||||
*
|
||||
* For each argument (all args except $jwt), if omitted or set to null then the
|
||||
* default value defined via the constructor will be used.
|
||||
*/
|
||||
public function createCookie(string $jwt, ?string $name = null, $expiresAt = null, ?string $sameSite = null, ?string $path = null, ?string $domain = null, ?bool $secure = null, ?bool $httpOnly = null, array $split = [], ?bool $partitioned = null): Cookie
|
||||
{
|
||||
if (!$name && !$this->defaultName) {
|
||||
throw new \LogicException(sprintf('The cookie name must be provided, either pass it as 2nd argument of %s or set a default name via the constructor.', __METHOD__));
|
||||
}
|
||||
|
||||
if (!$expiresAt && null === $this->defaultLifetime) {
|
||||
throw new \LogicException(sprintf('The cookie expiration time must be provided, either pass it as 3rd argument of %s or set a default lifetime via the constructor.', __METHOD__));
|
||||
}
|
||||
|
||||
if ($partitioned && Kernel::VERSION < '6.4') {
|
||||
throw new \LogicException(sprintf('The `partitioned` option for cookies is only available for Symfony 6.4 and above. You are currently on version %s', Kernel::VERSION));
|
||||
}
|
||||
|
||||
$jwtParts = new JWTSplitter($jwt);
|
||||
$jwt = $jwtParts->getParts($split ?: $this->defaultSplit);
|
||||
|
||||
if (null === $expiresAt) {
|
||||
$expiresAt = 0 === $this->defaultLifetime ? 0 : (time() + $this->defaultLifetime);
|
||||
}
|
||||
|
||||
return Cookie::create(
|
||||
$name ?: $this->defaultName,
|
||||
$jwt,
|
||||
$expiresAt,
|
||||
$path ?: $this->defaultPath,
|
||||
$domain ?: $this->defaultDomain,
|
||||
$secure ?: $this->defaultSecure,
|
||||
$httpOnly ?: $this->defaultHttpOnly,
|
||||
false,
|
||||
$sameSite ?: $this->defaultSameSite,
|
||||
$partitioned ?: $this->defaultPartitioned
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,72 @@
|
||||
<?php
|
||||
|
||||
namespace Lexik\Bundle\JWTAuthenticationBundle\Security\User;
|
||||
|
||||
/**
|
||||
* User class for which to create instances from JWT tokens.
|
||||
*
|
||||
* Note: This is only useful when using the JWTUserProvider (database-less).
|
||||
*
|
||||
* @author Robin Chalas <robin.chalas@gmail.com>
|
||||
*/
|
||||
class JWTUser implements JWTUserInterface
|
||||
{
|
||||
private string $userIdentifier;
|
||||
private array $roles;
|
||||
|
||||
public function __construct(string $userIdentifier, array $roles = [])
|
||||
{
|
||||
$this->userIdentifier = $userIdentifier;
|
||||
$this->roles = $roles;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public static function createFromPayload($username, array $payload): JWTUserInterface
|
||||
{
|
||||
if (isset($payload['roles'])) {
|
||||
return new static($username, (array) $payload['roles']);
|
||||
}
|
||||
|
||||
return new static($username);
|
||||
}
|
||||
|
||||
public function getUsername(): string
|
||||
{
|
||||
return $this->getUserIdentifier();
|
||||
}
|
||||
|
||||
public function getUserIdentifier(): string
|
||||
{
|
||||
return $this->userIdentifier;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function getRoles(): array
|
||||
{
|
||||
return $this->roles;
|
||||
}
|
||||
|
||||
public function getPassword(): ?string
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function getSalt(): ?string
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function eraseCredentials(): void
|
||||
{
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,17 @@
|
||||
<?php
|
||||
|
||||
namespace Lexik\Bundle\JWTAuthenticationBundle\Security\User;
|
||||
|
||||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
|
||||
interface JWTUserInterface extends UserInterface
|
||||
{
|
||||
/**
|
||||
* Creates a new instance from a given JWT payload.
|
||||
*
|
||||
* @param string $username
|
||||
*
|
||||
* @return JWTUserInterface
|
||||
*/
|
||||
public static function createFromPayload($username, array $payload);
|
||||
}
|
||||
@@ -0,0 +1,68 @@
|
||||
<?php
|
||||
|
||||
namespace Lexik\Bundle\JWTAuthenticationBundle\Security\User;
|
||||
|
||||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
|
||||
/**
|
||||
* JWT User provider.
|
||||
*
|
||||
* @author Robin Chalas <robin.chalas@gmail.com>
|
||||
*/
|
||||
final class JWTUserProvider implements PayloadAwareUserProviderInterface
|
||||
{
|
||||
private string $class;
|
||||
|
||||
private array $cache = [];
|
||||
|
||||
/**
|
||||
* @param string $class The {@link JWTUserInterface} implementation FQCN for which to provide instances
|
||||
*/
|
||||
public function __construct(string $class)
|
||||
{
|
||||
$this->class = $class;
|
||||
}
|
||||
|
||||
/**
|
||||
* To be removed at the same time as symfony 5.4 support.
|
||||
*/
|
||||
public function loadUserByUsername(string $username): UserInterface
|
||||
{
|
||||
// to be removed at the same time as symfony 5.4 support
|
||||
throw new \LogicException('This method is implemented for BC purpose and should never be called.');
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*
|
||||
* @param array $payload The JWT payload from which to create an instance
|
||||
*/
|
||||
public function loadUserByIdentifier(string $identifier, array $payload = []): UserInterface
|
||||
{
|
||||
return $this->loadUserByIdentifierAndPayload($identifier, $payload);
|
||||
}
|
||||
|
||||
public function loadUserByIdentifierAndPayload(string $identifier, array $payload): UserInterface
|
||||
{
|
||||
if (isset($this->cache[$identifier])) {
|
||||
return $this->cache[$identifier];
|
||||
}
|
||||
|
||||
$class = $this->class;
|
||||
|
||||
return $this->cache[$identifier] = $class::createFromPayload($identifier, $payload);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function supportsClass($class): bool
|
||||
{
|
||||
return $class === $this->class || (new \ReflectionClass($class))->implementsInterface(JWTUserInterface::class);
|
||||
}
|
||||
|
||||
public function refreshUser(UserInterface $user): UserInterface
|
||||
{
|
||||
return $user; // noop
|
||||
}
|
||||
}
|
||||
+17
@@ -0,0 +1,17 @@
|
||||
<?php
|
||||
|
||||
namespace Lexik\Bundle\JWTAuthenticationBundle\Security\User;
|
||||
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Exception\UserNotFoundException;
|
||||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
use Symfony\Component\Security\Core\User\UserProviderInterface;
|
||||
|
||||
interface PayloadAwareUserProviderInterface extends UserProviderInterface
|
||||
{
|
||||
/**
|
||||
* Loads a user from an identifier and JWT token payload.
|
||||
*
|
||||
* @throws UserNotFoundException if the user is not found
|
||||
*/
|
||||
public function loadUserByIdentifierAndPayload(string $identifier, array $payload): UserInterface;
|
||||
}
|
||||
Reference in New Issue
Block a user