vendor/lexik/jwt-authentication-bundle/Security/Authenticator/JWTAuthenticator.php line 128

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace Lexik\Bundle\JWTAuthenticationBundle\Security\Authenticator;
  7. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTAuthenticatedEvent;
  8. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTExpiredEvent;
  9. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTInvalidEvent;
  10. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTNotFoundEvent;
  11. use Lexik\Bundle\JWTAuthenticationBundle\Events;
  12. use Lexik\Bundle\JWTAuthenticationBundle\Exception\ExpiredTokenException;
  13. use Lexik\Bundle\JWTAuthenticationBundle\Exception\InvalidPayloadException;
  14. use Lexik\Bundle\JWTAuthenticationBundle\Exception\InvalidTokenException;
  15. use Lexik\Bundle\JWTAuthenticationBundle\Exception\JWTDecodeFailureException;
  16. use Lexik\Bundle\JWTAuthenticationBundle\Exception\MissingTokenException;
  17. use Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationFailureResponse;
  18. use Lexik\Bundle\JWTAuthenticationBundle\Security\Authenticator\Token\JWTPostAuthenticationToken;
  19. use Lexik\Bundle\JWTAuthenticationBundle\Security\User\PayloadAwareUserProviderInterface;
  20. use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
  21. use Lexik\Bundle\JWTAuthenticationBundle\TokenExtractor\TokenExtractorInterface;
  22. use Symfony\Component\HttpFoundation\Request;
  23. use Symfony\Component\HttpFoundation\Response;
  24. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  25. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  26. use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
  27. use Symfony\Component\Security\Core\Exception\UserNotFoundException;
  28. use Symfony\Component\Security\Core\User\ChainUserProvider;
  29. use Symfony\Component\Security\Core\User\UserInterface;
  30. use Symfony\Component\Security\Core\User\UserProviderInterface;
  31. use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
  32. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  33. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  34. use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
  35. use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
  36. use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
  37. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  38. use Symfony\Contracts\Translation\TranslatorInterface;
  40. class JWTAuthenticator extends AbstractAuthenticator implements AuthenticationEntryPointInterface
  41. {
  42.     use ForwardCompatAuthenticatorTrait;
  44.     /**
  45.      * @var TokenExtractorInterface
  46.      */
  47.     private  $tokenExtractor;
  49.     /**
  50.      * @var JWTTokenManagerInterface
  51.      */
  52.     private $jwtManager;
  54.     /**
  55.      * @var EventDispatcherInterface
  56.      */
  57.     private $eventDispatcher;
  59.     /**
  60.      * @var UserProviderInterface
  61.      */
  62.     private $userProvider;
  64.     /**
  65.      * @var TranslatorInterface|null
  66.      */
  67.     private $translator;
  69.     public function __construct(
  70.         JWTTokenManagerInterface $jwtManager,
  71.         EventDispatcherInterface $eventDispatcher,
  72.         TokenExtractorInterface $tokenExtractor,
  73.         UserProviderInterface $userProvider,
  74.         TranslatorInterface $translator null
  75.     ) {
  76.         $this->tokenExtractor $tokenExtractor;
  77.         $this->jwtManager $jwtManager;
  78.         $this->eventDispatcher $eventDispatcher;
  79.         $this->userProvider $userProvider;
  80.         $this->translator $translator;
  81.     }
  83.     /**
  84.      * {@inheritdoc}
  85.      */
  86.     public function start(Request $requestAuthenticationException $authException null): Response
  87.     {
  88.         $exception = new MissingTokenException('JWT Token not found'0$authException);
  89.         $event = new JWTNotFoundEvent($exception, new JWTAuthenticationFailureResponse($exception->getMessageKey()), $request);
  91.         $this->eventDispatcher->dispatch($eventEvents::JWT_NOT_FOUND);
  93.         return $event->getResponse();
  94.     }
  96.     public function supports(Request $request): ?bool
  97.     {
  98.         return false !== $this->getTokenExtractor()->extract($request);
  99.     }
  101.     /**
  102.      * @return Passport
  103.      */
  104.     public function doAuthenticate(Request $request/*: Passport */
  105.     {
  106.         $token $this->getTokenExtractor()->extract($request);
  108.         try {
  109.             if (!$payload $this->jwtManager->parse($token)) {
  110.                 throw new InvalidTokenException('Invalid JWT Token');
  111.             }
  112.         } catch (JWTDecodeFailureException $e) {
  113.             if (JWTDecodeFailureException::EXPIRED_TOKEN === $e->getReason()) {
  114.                 throw new ExpiredTokenException();
  115.             }
  117.             throw new InvalidTokenException('Invalid JWT Token'0$e);
  118.         }
  120.         $idClaim $this->jwtManager->getUserIdClaim();
  121.         if (!isset($payload[$idClaim])) {
  122.             throw new InvalidPayloadException($idClaim);
  123.         }
  125.         $passport = new SelfValidatingPassport(
  126.             new UserBadge((string)$payload[$idClaim],
  127.             function ($userIdentifier) use($payload) {
  128.                 return $this->loadUser($payload$userIdentifier);
  129.             })
  130.         );
  132.         $passport->setAttribute('payload'$payload);
  133.         $passport->setAttribute('token'$token);
  135.         return $passport;
  136.     }
  138.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  139.     {
  140.         return null;
  141.     }
  143.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): ?Response
  144.     {
  145.         $errorMessage strtr($exception->getMessageKey(), $exception->getMessageData());
  146.         if (null !== $this->translator) {
  147.             $errorMessage $this->translator->trans($exception->getMessageKey(), $exception->getMessageData());
  148.         }
  149.         $response = new JWTAuthenticationFailureResponse($errorMessage);
  151.         if ($exception instanceof ExpiredTokenException) {
  152.             $event = new JWTExpiredEvent($exception$response$request);
  153.             $eventName Events::JWT_EXPIRED;
  154.         } else {
  155.             $event = new JWTInvalidEvent($exception$response$request);
  156.             $eventName Events::JWT_INVALID;
  157.         }
  159.         $this->eventDispatcher->dispatch($event$eventName);
  161.         return $event->getResponse();
  162.     }
  164.     /**
  165.      * Gets the token extractor to be used for retrieving a JWT token in the
  166.      * current request.
  167.      *
  168.      * Override this method for adding/removing extractors to the chain one or
  169.      * returning a different {@link TokenExtractorInterface} implementation.
  170.      */
  171.     protected function getTokenExtractor(): TokenExtractorInterface
  172.     {
  173.         return $this->tokenExtractor;
  174.     }
  176.     /**
  177.      * Gets the jwt manager.
  178.      */
  179.     protected function getJwtManager(): JWTTokenManagerInterface
  180.     {
  181.         return $this->jwtManager;
  182.     }
  184.     /**
  185.      * Gets the event dispatcher.
  186.      */
  187.     protected function getEventDispatcher(): EventDispatcherInterface
  188.     {
  189.         return $this->eventDispatcher;
  190.     }
  192.     /**
  193.      * Gets the user provider.
  194.      */
  195.     protected function getUserProvider(): UserProviderInterface
  196.     {
  197.         return $this->userProvider;
  198.     }
  200.     /**
  201.      * Loads the user to authenticate.
  202.      *
  203.      * @param array                 $payload      The token payload
  204.      * @param string                $identity     The key from which to retrieve the user "identifier"
  205.      */
  206.     protected function loadUser(array $payloadstring $identity): UserInterface
  207.     {
  208.         if ($this->userProvider instanceof PayloadAwareUserProviderInterface) {
  209.             if (method_exists($this->userProvider'loadUserByIdentifierAndPayload')) {
  210.                 return $this->userProvider->loadUserByIdentifierAndPayload($identity$payload);
  211.             } else {
  212.                 return $this->userProvider->loadUserByUsernameAndPayload($identity$payload);
  213.             }
  214.         }
  216.         if ($this->userProvider instanceof ChainUserProvider) {
  217.             foreach ($this->userProvider->getProviders() as $provider) {
  218.                 try {
  219.                     if ($provider instanceof PayloadAwareUserProviderInterface) {
  220.                         if (method_exists(PayloadAwareUserProviderInterface::class, 'loadUserByIdentifierAndPayload')) {
  221.                             return $provider->loadUserByIdentifierAndPayload($identity$payload);
  222.                         } else {
  223.                             return $provider->loadUserByUsernameAndPayload($identity$payload);
  224.                         }
  225.                     }
  227.                     return $provider->loadUserByIdentifier($identity);
  228.                 // More generic call to catch both UsernameNotFoundException for SF<5.3 and new UserNotFoundException
  229.                 } catch (AuthenticationException $e) {
  230.                     // try next one
  231.                 }
  232.             }
  234.             if(!class_exists(UserNotFoundException::class)) {
  235.                 $ex = new UsernameNotFoundException(sprintf('There is no user with username "%s".'$identity));
  236.                 $ex->setUsername($identity);
  237.             } else {
  238.                 $ex = new UserNotFoundException(sprintf('There is no user with identifier "%s".'$identity));
  239.                 $ex->setUserIdentifier($identity);
  240.             }
  242.             throw $ex;
  243.         }
  245.         if (method_exists($this->userProvider'loadUserByIdentifier')) {
  246.             return $this->userProvider->loadUserByIdentifier($identity);
  247.         } else {
  248.             return $this->userProvider->loadUserByUsername($identity);
  249.         }
  250.     }
  252.     public function createAuthenticatedToken(PassportInterface $passportstring $firewallName): TokenInterface
  253.     {
  254.         if (!$passport instanceof Passport) {
  255.             throw new \LogicException(sprintf('Expected "%s" but got "%s".'Passport::class, get_debug_type($passport)));
  256.         }
  258.         $token = new JWTPostAuthenticationToken($passport->getUser(), $firewallName$passport->getUser()->getRoles(), $passport->getAttribute('token'));
  260.         $this->eventDispatcher->dispatch(new JWTAuthenticatedEvent($passport->getAttribute('payload'), $token), Events::JWT_AUTHENTICATED);
  262.         return $token;
  263.     }
  265.     public function createToken(Passport $passportstring $firewallName): TokenInterface
  266.     {
  267.         $token = new JWTPostAuthenticationToken($passport->getUser(), $firewallName$passport->getUser()->getRoles(), $passport->getAttribute('token'));
  269.         $this->eventDispatcher->dispatch(new JWTAuthenticatedEvent($passport->getAttribute('payload'), $token), Events::JWT_AUTHENTICATED);
  271.         return $token;
  272.     }
  273. }