vendor/lexik/jwt-authentication-bundle/Security/Authenticator/JWTAuthenticator.php line 132

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace Lexik\Bundle\JWTAuthenticationBundle\Security\Authenticator;
  7. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTAuthenticatedEvent;
  8. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTExpiredEvent;
  9. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTInvalidEvent;
  10. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTNotFoundEvent;
  11. use Lexik\Bundle\JWTAuthenticationBundle\Events;
  12. use Lexik\Bundle\JWTAuthenticationBundle\Exception\ExpiredTokenException;
  13. use Lexik\Bundle\JWTAuthenticationBundle\Exception\InvalidPayloadException;
  14. use Lexik\Bundle\JWTAuthenticationBundle\Exception\InvalidTokenException;
  15. use Lexik\Bundle\JWTAuthenticationBundle\Exception\JWTDecodeFailureException;
  16. use Lexik\Bundle\JWTAuthenticationBundle\Exception\MissingTokenException;
  17. use Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationFailureResponse;
  18. use Lexik\Bundle\JWTAuthenticationBundle\Security\Authenticator\Token\JWTPostAuthenticationToken;
  19. use Lexik\Bundle\JWTAuthenticationBundle\Security\User\PayloadAwareUserProviderInterface;
  20. use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
  21. use Lexik\Bundle\JWTAuthenticationBundle\TokenExtractor\TokenExtractorInterface;
  22. use Symfony\Component\HttpFoundation\Request;
  23. use Symfony\Component\HttpFoundation\Response;
  24. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  25. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  26. use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
  27. use Symfony\Component\Security\Core\Exception\UserNotFoundException;
  28. use Symfony\Component\Security\Core\User\ChainUserProvider;
  29. use Symfony\Component\Security\Core\User\UserInterface;
  30. use Symfony\Component\Security\Core\User\UserProviderInterface;
  31. use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
  32. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  33. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  34. use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
  35. use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
  36. use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
  37. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  38. use Symfony\Contracts\Translation\TranslatorInterface;
  40. class JWTAuthenticator extends AbstractAuthenticator implements AuthenticationEntryPointInterface
  41. {
  42. use ForwardCompatAuthenticatorTrait;
  44. /**
  45. * @var TokenExtractorInterface
  46. */
  47. private $tokenExtractor;
  49. /**
  50. * @var JWTTokenManagerInterface
  51. */
  52. private $jwtManager;
  54. /**
  55. * @var EventDispatcherInterface
  56. */
  57. private $eventDispatcher;
  59. /**
  60. * @var UserProviderInterface
  61. */
  62. private $userProvider;
  64. /**
  65. * @var TranslatorInterface|null
  66. */
  67. private $translator;
  69. public function __construct(
  70. JWTTokenManagerInterface $jwtManager,
  71. EventDispatcherInterface $eventDispatcher,
  72. TokenExtractorInterface $tokenExtractor,
  73. UserProviderInterface $userProvider,
  74. TranslatorInterface $translator = null
  75. ) {
  76. $this->tokenExtractor = $tokenExtractor;
  77. $this->jwtManager = $jwtManager;
  78. $this->eventDispatcher = $eventDispatcher;
  79. $this->userProvider = $userProvider;
  80. $this->translator = $translator;
  81. }
  83. /**
  84. * {@inheritdoc}
  85. */
  86. public function start(Request $request, AuthenticationException $authException = null): Response
  87. {
  88. $exception = new MissingTokenException('JWT Token not found', 0, $authException);
  89. $event = new JWTNotFoundEvent($exception, new JWTAuthenticationFailureResponse($exception->getMessageKey()), $request);
  91. $this->eventDispatcher->dispatch($event, Events::JWT_NOT_FOUND);
  93. return $event->getResponse();
  94. }
  96. public function supports(Request $request): ?bool
  97. {
  98. return false !== $this->getTokenExtractor()->extract($request);
  99. }
  101. /**
  102. * @return Passport
  103. */
  104. public function doAuthenticate(Request $request) /*: Passport */
  105. {
  106. $token = $this->getTokenExtractor()->extract($request);
  107. if ($token === false) {
  108. throw new \LogicException('Unable to extract a JWT token from the request. Also, make sure to call `supports()` before `authenticate()` to get a proper client error.');
  109. }
  111. try {
  112. if (!$payload = $this->jwtManager->parse($token)) {
  113. throw new InvalidTokenException('Invalid JWT Token');
  114. }
  115. } catch (JWTDecodeFailureException $e) {
  116. if (JWTDecodeFailureException::EXPIRED_TOKEN === $e->getReason()) {
  117. throw new ExpiredTokenException();
  118. }
  120. throw new InvalidTokenException('Invalid JWT Token', 0, $e);
  121. }
  123. $idClaim = $this->jwtManager->getUserIdClaim();
  124. if (!isset($payload[$idClaim])) {
  125. throw new InvalidPayloadException($idClaim);
  126. }
  128. $passport = new SelfValidatingPassport(
  129. new UserBadge(
  130. (string)$payload[$idClaim],
  131. function ($userIdentifier) use ($payload) {
  132. return $this->loadUser($payload, $userIdentifier);
  133. }
  134. )
  135. );
  137. $passport->setAttribute('payload', $payload);
  138. $passport->setAttribute('token', $token);
  140. return $passport;
  141. }
  143. public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
  144. {
  145. return null;
  146. }
  148. public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
  149. {
  150. $errorMessage = strtr($exception->getMessageKey(), $exception->getMessageData());
  151. if (null !== $this->translator) {
  152. $errorMessage = $this->translator->trans($exception->getMessageKey(), $exception->getMessageData(), 'security');
  153. }
  154. $response = new JWTAuthenticationFailureResponse($errorMessage);
  156. if ($exception instanceof ExpiredTokenException) {
  157. $event = new JWTExpiredEvent($exception, $response, $request);
  158. $eventName = Events::JWT_EXPIRED;
  159. } else {
  160. $event = new JWTInvalidEvent($exception, $response, $request);
  161. $eventName = Events::JWT_INVALID;
  162. }
  164. $this->eventDispatcher->dispatch($event, $eventName);
  166. return $event->getResponse();
  167. }
  169. /**
  170. * Gets the token extractor to be used for retrieving a JWT token in the
  171. * current request.
  172. *
  173. * Override this method for adding/removing extractors to the chain one or
  174. * returning a different {@link TokenExtractorInterface} implementation.
  175. */
  176. protected function getTokenExtractor(): TokenExtractorInterface
  177. {
  178. return $this->tokenExtractor;
  179. }
  181. /**
  182. * Gets the jwt manager.
  183. */
  184. protected function getJwtManager(): JWTTokenManagerInterface
  185. {
  186. return $this->jwtManager;
  187. }
  189. /**
  190. * Gets the event dispatcher.
  191. */
  192. protected function getEventDispatcher(): EventDispatcherInterface
  193. {
  194. return $this->eventDispatcher;
  195. }
  197. /**
  198. * Gets the user provider.
  199. */
  200. protected function getUserProvider(): UserProviderInterface
  201. {
  202. return $this->userProvider;
  203. }
  205. /**
  206. * Loads the user to authenticate.
  207. *
  208. * @param array $payload The token payload
  209. * @param string $identity The key from which to retrieve the user "identifier"
  210. */
  211. protected function loadUser(array $payload, string $identity): UserInterface
  212. {
  213. if ($this->userProvider instanceof PayloadAwareUserProviderInterface) {
  214. if (method_exists($this->userProvider, 'loadUserByIdentifierAndPayload')) {
  215. return $this->userProvider->loadUserByIdentifierAndPayload($identity, $payload);
  216. } else {
  217. return $this->userProvider->loadUserByUsernameAndPayload($identity, $payload);
  218. }
  219. }
  221. if ($this->userProvider instanceof ChainUserProvider) {
  222. foreach ($this->userProvider->getProviders() as $provider) {
  223. try {
  224. if ($provider instanceof PayloadAwareUserProviderInterface) {
  225. if (method_exists(PayloadAwareUserProviderInterface::class, 'loadUserByIdentifierAndPayload')) {
  226. return $provider->loadUserByIdentifierAndPayload($identity, $payload);
  227. } else {
  228. return $provider->loadUserByUsernameAndPayload($identity, $payload);
  229. }
  230. }
  232. return $provider->loadUserByIdentifier($identity);
  233. // More generic call to catch both UsernameNotFoundException for SF<5.3 and new UserNotFoundException
  234. } catch (AuthenticationException $e) {
  235. // try next one
  236. }
  237. }
  239. if (!class_exists(UserNotFoundException::class)) {
  240. $ex = new UsernameNotFoundException(sprintf('There is no user with username "%s".', $identity));
  241. $ex->setUsername($identity);
  242. } else {
  243. $ex = new UserNotFoundException(sprintf('There is no user with identifier "%s".', $identity));
  244. $ex->setUserIdentifier($identity);
  245. }
  247. throw $ex;
  248. }
  250. if (method_exists($this->userProvider, 'loadUserByIdentifier')) {
  251. return $this->userProvider->loadUserByIdentifier($identity);
  252. } else {
  253. return $this->userProvider->loadUserByUsername($identity);
  254. }
  255. }
  257. public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
  258. {
  259. if (!$passport instanceof Passport) {
  260. throw new \LogicException(sprintf('Expected "%s" but got "%s".', Passport::class, get_debug_type($passport)));
  261. }
  263. $token = new JWTPostAuthenticationToken($passport->getUser(), $firewallName, $passport->getUser()->getRoles(), $passport->getAttribute('token'));
  265. $this->eventDispatcher->dispatch(new JWTAuthenticatedEvent($passport->getAttribute('payload'), $token), Events::JWT_AUTHENTICATED);
  267. return $token;
  268. }
  270. public function createToken(Passport $passport, string $firewallName): TokenInterface
  271. {
  272. $token = new JWTPostAuthenticationToken($passport->getUser(), $firewallName, $passport->getUser()->getRoles(), $passport->getAttribute('token'));
  274. $this->eventDispatcher->dispatch(new JWTAuthenticatedEvent($passport->getAttribute('payload'), $token), Events::JWT_AUTHENTICATED);
  276. return $token;
  277. }
  278. }