vendor/lexik/jwt-authentication-bundle/Security/Authenticator/JWTAuthenticator.php line 119

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace Lexik\Bundle\JWTAuthenticationBundle\Security\Authenticator;
  7. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTAuthenticatedEvent;
  8. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTExpiredEvent;
  9. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTInvalidEvent;
  10. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTNotFoundEvent;
  11. use Lexik\Bundle\JWTAuthenticationBundle\Events;
  12. use Lexik\Bundle\JWTAuthenticationBundle\Exception\ExpiredTokenException;
  13. use Lexik\Bundle\JWTAuthenticationBundle\Exception\InvalidPayloadException;
  14. use Lexik\Bundle\JWTAuthenticationBundle\Exception\InvalidTokenException;
  15. use Lexik\Bundle\JWTAuthenticationBundle\Exception\JWTDecodeFailureException;
  16. use Lexik\Bundle\JWTAuthenticationBundle\Exception\MissingTokenException;
  17. use Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationFailureResponse;
  18. use Lexik\Bundle\JWTAuthenticationBundle\Security\Authenticator\Token\JWTPostAuthenticationToken;
  19. use Lexik\Bundle\JWTAuthenticationBundle\Security\User\PayloadAwareUserProviderInterface;
  20. use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
  21. use Lexik\Bundle\JWTAuthenticationBundle\TokenExtractor\TokenExtractorInterface;
  22. use Symfony\Component\HttpFoundation\Request;
  23. use Symfony\Component\HttpFoundation\Response;
  24. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  25. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  26. use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
  27. use Symfony\Component\Security\Core\Exception\UserNotFoundException;
  28. use Symfony\Component\Security\Core\User\ChainUserProvider;
  29. use Symfony\Component\Security\Core\User\UserInterface;
  30. use Symfony\Component\Security\Core\User\UserProviderInterface;
  31. use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
  32. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  33. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  34. use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
  35. use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
  36. use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
  37. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  39. class JWTAuthenticator extends AbstractAuthenticator implements AuthenticationEntryPointInterface
  40. {
  41.     use ForwardCompatAuthenticatorTrait;
  43.     /**
  44.      * @var TokenExtractorInterface
  45.      */
  46.     private  $tokenExtractor;
  48.     /**
  49.      * @var JWTTokenManagerInterface
  50.      */
  51.     private $jwtManager;
  53.     /**
  54.      * @var EventDispatcherInterface
  55.      */
  56.     private $eventDispatcher;
  58.     /**
  59.      * @var UserProviderInterface
  60.      */
  61.     private $userProvider;
  63.     public function __construct(
  64.         JWTTokenManagerInterface $jwtManager,
  65.         EventDispatcherInterface $eventDispatcher,
  66.         TokenExtractorInterface $tokenExtractor,
  67.         UserProviderInterface $userProvider
  68.     ) {
  69.         $this->tokenExtractor $tokenExtractor;
  70.         $this->jwtManager $jwtManager;
  71.         $this->eventDispatcher $eventDispatcher;
  72.         $this->userProvider $userProvider;
  73.     }
  75.     /**
  76.      * {@inheritdoc}
  77.      */
  78.     public function start(Request $requestAuthenticationException $authException null): Response
  79.     {
  80.         $exception = new MissingTokenException('JWT Token not found'0$authException);
  81.         $event = new JWTNotFoundEvent($exception, new JWTAuthenticationFailureResponse($exception->getMessageKey()));
  83.         $this->eventDispatcher->dispatch($eventEvents::JWT_NOT_FOUND);
  85.         return $event->getResponse();
  86.     }
  88.     public function supports(Request $request): ?bool
  89.     {
  90.         return false !== $this->getTokenExtractor()->extract($request);
  91.     }
  93.     /**
  94.      * @return Passport
  95.      */
  96.     public function doAuthenticate(Request $request/*: Passport */
  97.     {
  98.         $token $this->getTokenExtractor()->extract($request);
  100.         try {
  101.             if (!$payload $this->jwtManager->parse($token)) {
  102.                 throw new InvalidTokenException('Invalid JWT Token');
  103.             }
  104.         } catch (JWTDecodeFailureException $e) {
  105.             if (JWTDecodeFailureException::EXPIRED_TOKEN === $e->getReason()) {
  106.                 throw new ExpiredTokenException();
  107.             }
  109.             throw new InvalidTokenException('Invalid JWT Token'0$e);
  110.         }
  112.         $idClaim $this->jwtManager->getUserIdClaim();
  113.         if (!isset($payload[$idClaim])) {
  114.             throw new InvalidPayloadException($idClaim);
  115.         }
  117.         $passport = new SelfValidatingPassport(
  118.             new UserBadge($payload[$idClaim],
  119.             function ($userIdentifier) use($payload) {
  120.                 return $this->loadUser($payload$userIdentifier);
  121.             })
  122.         );
  124.         $passport->setAttribute('payload'$payload);
  125.         $passport->setAttribute('token'$token);
  127.         return $passport;
  128.     }
  130.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  131.     {
  132.         return null;
  133.     }
  135.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): ?Response
  136.     {
  137.         $errorMessage strtr($exception->getMessageKey(), $exception->getMessageData());
  138.         $response = new JWTAuthenticationFailureResponse($errorMessage);
  140.         if ($exception instanceof ExpiredTokenException) {
  141.             $event = new JWTExpiredEvent($exception$response);
  142.             $eventName Events::JWT_EXPIRED;
  143.         } else {
  144.             $event = new JWTInvalidEvent($exception$response);
  145.             $eventName Events::JWT_INVALID;
  146.         }
  148.         $this->eventDispatcher->dispatch($event$eventName);
  150.         return $event->getResponse();
  151.     }
  153.     /**
  154.      * Gets the token extractor to be used for retrieving a JWT token in the
  155.      * current request.
  156.      *
  157.      * Override this method for adding/removing extractors to the chain one or
  158.      * returning a different {@link TokenExtractorInterface} implementation.
  159.      */
  160.     protected function getTokenExtractor(): TokenExtractorInterface
  161.     {
  162.         return $this->tokenExtractor;
  163.     }
  165.     /**
  166.      * Gets the jwt manager.
  167.      */
  168.     protected function getJwtManager(): JWTTokenManagerInterface
  169.     {
  170.         return $this->jwtManager;
  171.     }
  173.     /**
  174.      * Gets the event dispatcher.
  175.      */
  176.     protected function getEventDispatcher(): EventDispatcherInterface
  177.     {
  178.         return $this->eventDispatcher;
  179.     }
  181.     /**
  182.      * Gets the user provider.
  183.      */
  184.     protected function getUserProvider(): UserProviderInterface
  185.     {
  186.         return $this->userProvider;
  187.     }
  189.     /**
  190.      * Loads the user to authenticate.
  191.      *
  192.      * @param array                 $payload      The token payload
  193.      * @param string                $identity     The key from which to retrieve the user "identifier"
  194.      */
  195.     protected function loadUser(array $payloadstring $identity): UserInterface
  196.     {
  197.         if ($this->userProvider instanceof PayloadAwareUserProviderInterface) {
  198.             if (method_exists($this->userProvider'loadUserByIdentifierAndPayload')) {
  199.                 return $this->userProvider->loadUserByIdentifierAndPayload($identity$payload);
  200.             } else {
  201.                 return $this->userProvider->loadUserByUsernameAndPayload($identity$payload);
  202.             }
  203.         }
  205.         if ($this->userProvider instanceof ChainUserProvider) {
  206.             foreach ($this->userProvider->getProviders() as $provider) {
  207.                 try {
  208.                     if ($provider instanceof PayloadAwareUserProviderInterface) {
  209.                         if (method_exists(PayloadAwareUserProviderInterface::class, 'loadUserByIdentifierAndPayload')) {
  210.                             return $provider->loadUserByIdentifierAndPayload($identity$payload);
  211.                         } else {
  212.                             return $provider->loadUserByUsernameAndPayload($identity$payload);
  213.                         }
  214.                     }
  216.                     return $provider->loadUserByIdentifier($identity);
  217.                 // More generic call to catch both UsernameNotFoundException for SF<5.3 and new UserNotFoundException
  218.                 } catch (AuthenticationException $e) {
  219.                     // try next one
  220.                 }
  221.             }
  223.             if(!class_exists(UserNotFoundException::class)) {
  224.                 $ex = new UsernameNotFoundException(sprintf('There is no user with username "%s".'$identity));
  225.                 $ex->setUsername($identity);
  226.             } else {
  227.                 $ex = new UserNotFoundException(sprintf('There is no user with identifier "%s".'$identity));
  228.                 $ex->setUserIdentifier($identity);
  229.             }
  231.             throw $ex;
  232.         }
  234.         if (method_exists($this->userProvider'loadUserByIdentifier')) {
  235.             return $this->userProvider->loadUserByIdentifier($identity);
  236.         } else {
  237.             return $this->userProvider->loadUserByUsername($identity);
  238.         }
  239.     }
  241.     public function createAuthenticatedToken(PassportInterface $passportstring $firewallName): TokenInterface
  242.     {
  243.         if (!$passport instanceof Passport) {
  244.             throw new \LogicException(sprintf('Expected "%s" but got "%s".'Passport::class, get_debug_type($passport)));
  245.         }
  247.         $token = new JWTPostAuthenticationToken($passport->getUser(), $firewallName$passport->getUser()->getRoles(), $passport->getAttribute('token'));
  249.         $this->eventDispatcher->dispatch(new JWTAuthenticatedEvent($passport->getAttribute('payload'), $token), Events::JWT_AUTHENTICATED);
  251.         return $token;
  252.     }
  254.     public function createToken(Passport $passportstring $firewallName): TokenInterface
  255.     {
  256.         $token = new JWTPostAuthenticationToken($passport->getUser(), $firewallName$passport->getUser()->getRoles(), $passport->getAttribute('token'));
  258.         $this->eventDispatcher->dispatch(new JWTAuthenticatedEvent($passport->getAttribute('payload'), $token), Events::JWT_AUTHENTICATED);
  260.         return $token;
  261.     }
  262. }