The start of something beautiful
This commit is contained in:
vendor/lexik/jwt-authentication-bundle/Security/Http/Authentication/AuthenticationFailureHandler.php
Vendored
+66
@@ -0,0 +1,66 @@
|
||||
<?php
|
||||
|
||||
namespace Lexik\Bundle\JWTAuthenticationBundle\Security\Http\Authentication;
|
||||
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Event\AuthenticationFailureEvent;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Events;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationFailureResponse;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
|
||||
use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
|
||||
use Symfony\Contracts\Translation\TranslatorInterface;
|
||||
|
||||
/**
|
||||
* AuthenticationFailureHandler.
|
||||
*
|
||||
* @author Dev Lexik <dev@lexik.fr>
|
||||
*/
|
||||
class AuthenticationFailureHandler implements AuthenticationFailureHandlerInterface
|
||||
{
|
||||
protected EventDispatcherInterface $dispatcher;
|
||||
private ?TranslatorInterface $translator;
|
||||
|
||||
public function __construct(EventDispatcherInterface $dispatcher, TranslatorInterface $translator = null)
|
||||
{
|
||||
$this->dispatcher = $dispatcher;
|
||||
$this->translator = $translator;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function onAuthenticationFailure(Request $request, AuthenticationException $exception): Response
|
||||
{
|
||||
$errorMessage = strtr($exception->getMessageKey(), $exception->getMessageData());
|
||||
$statusCode = self::mapExceptionCodeToStatusCode($exception->getCode());
|
||||
if ($this->translator) {
|
||||
$errorMessage = $this->translator->trans($exception->getMessageKey(), $exception->getMessageData(), 'security');
|
||||
}
|
||||
|
||||
$event = new AuthenticationFailureEvent(
|
||||
$exception,
|
||||
new JWTAuthenticationFailureResponse($errorMessage, $statusCode),
|
||||
$request
|
||||
);
|
||||
|
||||
$this->dispatcher->dispatch($event, Events::AUTHENTICATION_FAILURE);
|
||||
|
||||
return $event->getResponse();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string|int $exceptionCode
|
||||
*/
|
||||
private static function mapExceptionCodeToStatusCode($exceptionCode): int
|
||||
{
|
||||
$canMapToStatusCode = is_int($exceptionCode)
|
||||
&& $exceptionCode >= 400
|
||||
&& $exceptionCode < 500;
|
||||
|
||||
return $canMapToStatusCode
|
||||
? $exceptionCode
|
||||
: Response::HTTP_UNAUTHORIZED;
|
||||
}
|
||||
}
|
||||
vendor/lexik/jwt-authentication-bundle/Security/Http/Authentication/AuthenticationSuccessHandler.php
Vendored
+80
@@ -0,0 +1,80 @@
|
||||
<?php
|
||||
|
||||
namespace Lexik\Bundle\JWTAuthenticationBundle\Security\Http\Authentication;
|
||||
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Event\AuthenticationSuccessEvent;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Events;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationSuccessResponse;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Security\Http\Cookie\JWTCookieProvider;
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
|
||||
use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
|
||||
|
||||
/**
|
||||
* AuthenticationSuccessHandler.
|
||||
*
|
||||
* @author Dev Lexik <dev@lexik.fr>
|
||||
* @author Robin Chalas <robin.chalas@gmail.com>
|
||||
*
|
||||
* @final
|
||||
*/
|
||||
class AuthenticationSuccessHandler implements AuthenticationSuccessHandlerInterface
|
||||
{
|
||||
protected JWTTokenManagerInterface $jwtManager;
|
||||
protected EventDispatcherInterface $dispatcher;
|
||||
protected bool $removeTokenFromBodyWhenCookiesUsed;
|
||||
private iterable $cookieProviders;
|
||||
|
||||
/**
|
||||
* @param iterable|JWTCookieProvider[] $cookieProviders
|
||||
*/
|
||||
public function __construct(JWTTokenManagerInterface $jwtManager, EventDispatcherInterface $dispatcher, iterable $cookieProviders = [], bool $removeTokenFromBodyWhenCookiesUsed = true)
|
||||
{
|
||||
$this->jwtManager = $jwtManager;
|
||||
$this->dispatcher = $dispatcher;
|
||||
$this->cookieProviders = $cookieProviders;
|
||||
$this->removeTokenFromBodyWhenCookiesUsed = $removeTokenFromBodyWhenCookiesUsed;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function onAuthenticationSuccess(Request $request, TokenInterface $token): Response
|
||||
{
|
||||
return $this->handleAuthenticationSuccess($token->getUser());
|
||||
}
|
||||
|
||||
public function handleAuthenticationSuccess(UserInterface $user, $jwt = null): Response
|
||||
{
|
||||
if (null === $jwt) {
|
||||
$jwt = $this->jwtManager->create($user);
|
||||
}
|
||||
|
||||
$jwtCookies = [];
|
||||
foreach ($this->cookieProviders as $cookieProvider) {
|
||||
$jwtCookies[] = $cookieProvider->createCookie($jwt);
|
||||
}
|
||||
|
||||
$response = new JWTAuthenticationSuccessResponse($jwt, [], $jwtCookies);
|
||||
$event = new AuthenticationSuccessEvent(['token' => $jwt], $user, $response);
|
||||
|
||||
$this->dispatcher->dispatch($event, Events::AUTHENTICATION_SUCCESS);
|
||||
$responseData = $event->getData();
|
||||
|
||||
if ($jwtCookies && $this->removeTokenFromBodyWhenCookiesUsed) {
|
||||
unset($responseData['token']);
|
||||
}
|
||||
|
||||
if ($responseData) {
|
||||
$response->setData($responseData);
|
||||
} else {
|
||||
$response->setStatusCode(Response::HTTP_NO_CONTENT);
|
||||
}
|
||||
|
||||
return $response;
|
||||
}
|
||||
}
|
||||
+81
@@ -0,0 +1,81 @@
|
||||
<?php
|
||||
|
||||
namespace Lexik\Bundle\JWTAuthenticationBundle\Security\Http\Cookie;
|
||||
|
||||
use Lexik\Bundle\JWTAuthenticationBundle\Helper\JWTSplitter;
|
||||
use Symfony\Component\HttpFoundation\Cookie;
|
||||
use Symfony\Component\HttpKernel\Kernel;
|
||||
|
||||
/**
|
||||
* Creates secure JWT cookies.
|
||||
*/
|
||||
final class JWTCookieProvider
|
||||
{
|
||||
private ?string $defaultName;
|
||||
private ?int $defaultLifetime;
|
||||
private ?string $defaultSameSite;
|
||||
private ?string $defaultPath;
|
||||
private ?string $defaultDomain;
|
||||
private bool $defaultSecure;
|
||||
private bool $defaultHttpOnly;
|
||||
private array $defaultSplit;
|
||||
private bool $defaultPartitioned;
|
||||
|
||||
public function __construct(?string $defaultName = null, ?int $defaultLifetime = 0, ?string $defaultSameSite = Cookie::SAMESITE_LAX, ?string $defaultPath = '/', ?string $defaultDomain = null, bool $defaultSecure = true, bool $defaultHttpOnly = true, array $defaultSplit = [], bool $defaultPartitioned = false)
|
||||
{
|
||||
$this->defaultName = $defaultName;
|
||||
$this->defaultLifetime = $defaultLifetime;
|
||||
$this->defaultSameSite = $defaultSameSite;
|
||||
$this->defaultPath = $defaultPath;
|
||||
$this->defaultDomain = $defaultDomain;
|
||||
$this->defaultSecure = $defaultSecure;
|
||||
$this->defaultHttpOnly = $defaultHttpOnly;
|
||||
$this->defaultSplit = $defaultSplit;
|
||||
$this->defaultPartitioned = $defaultPartitioned;
|
||||
|
||||
if ($defaultPartitioned && Kernel::VERSION < '6.4') {
|
||||
throw new \LogicException(sprintf('The `partitioned` option for cookies is only available for Symfony 6.4 and above. You are currently on version %s', Kernel::VERSION));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a secure cookie containing the passed JWT.
|
||||
*
|
||||
* For each argument (all args except $jwt), if omitted or set to null then the
|
||||
* default value defined via the constructor will be used.
|
||||
*/
|
||||
public function createCookie(string $jwt, ?string $name = null, $expiresAt = null, ?string $sameSite = null, ?string $path = null, ?string $domain = null, ?bool $secure = null, ?bool $httpOnly = null, array $split = [], ?bool $partitioned = null): Cookie
|
||||
{
|
||||
if (!$name && !$this->defaultName) {
|
||||
throw new \LogicException(sprintf('The cookie name must be provided, either pass it as 2nd argument of %s or set a default name via the constructor.', __METHOD__));
|
||||
}
|
||||
|
||||
if (!$expiresAt && null === $this->defaultLifetime) {
|
||||
throw new \LogicException(sprintf('The cookie expiration time must be provided, either pass it as 3rd argument of %s or set a default lifetime via the constructor.', __METHOD__));
|
||||
}
|
||||
|
||||
if ($partitioned && Kernel::VERSION < '6.4') {
|
||||
throw new \LogicException(sprintf('The `partitioned` option for cookies is only available for Symfony 6.4 and above. You are currently on version %s', Kernel::VERSION));
|
||||
}
|
||||
|
||||
$jwtParts = new JWTSplitter($jwt);
|
||||
$jwt = $jwtParts->getParts($split ?: $this->defaultSplit);
|
||||
|
||||
if (null === $expiresAt) {
|
||||
$expiresAt = 0 === $this->defaultLifetime ? 0 : (time() + $this->defaultLifetime);
|
||||
}
|
||||
|
||||
return Cookie::create(
|
||||
$name ?: $this->defaultName,
|
||||
$jwt,
|
||||
$expiresAt,
|
||||
$path ?: $this->defaultPath,
|
||||
$domain ?: $this->defaultDomain,
|
||||
$secure ?: $this->defaultSecure,
|
||||
$httpOnly ?: $this->defaultHttpOnly,
|
||||
false,
|
||||
$sameSite ?: $this->defaultSameSite,
|
||||
$partitioned ?: $this->defaultPartitioned
|
||||
);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user