vendor/lexik/jwt-authentication-bundle/Security/Authenticator/JWTAuthenticator.php line 40

  1. <?php
  3. declare(strict_types=1);
  5. namespace Lexik\Bundle\JWTAuthenticationBundle\Security\Authenticator;
  7. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTAuthenticatedEvent;
  8. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTExpiredEvent;
  9. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTInvalidEvent;
  10. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTNotFoundEvent;
  11. use Lexik\Bundle\JWTAuthenticationBundle\Events;
  12. use Lexik\Bundle\JWTAuthenticationBundle\Exception\ExpiredTokenException;
  13. use Lexik\Bundle\JWTAuthenticationBundle\Exception\InvalidPayloadException;
  14. use Lexik\Bundle\JWTAuthenticationBundle\Exception\InvalidTokenException;
  15. use Lexik\Bundle\JWTAuthenticationBundle\Exception\JWTDecodeFailureException;
  16. use Lexik\Bundle\JWTAuthenticationBundle\Exception\MissingTokenException;
  17. use Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationFailureResponse;
  18. use Lexik\Bundle\JWTAuthenticationBundle\Security\Authenticator\Token\JWTPostAuthenticationToken;
  19. use Lexik\Bundle\JWTAuthenticationBundle\Security\User\PayloadAwareUserProviderInterface;
  20. use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
  21. use Lexik\Bundle\JWTAuthenticationBundle\TokenExtractor\TokenExtractorInterface;
  22. use Symfony\Component\HttpFoundation\Request;
  23. use Symfony\Component\HttpFoundation\Response;
  24. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  25. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  26. use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
  27. use Symfony\Component\Security\Core\Exception\UserNotFoundException;
  28. use Symfony\Component\Security\Core\User\ChainUserProvider;
  29. use Symfony\Component\Security\Core\User\UserInterface;
  30. use Symfony\Component\Security\Core\User\UserProviderInterface;
  31. use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
  32. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  33. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  34. use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
  35. use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
  36. use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
  37. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  38. use Symfony\Contracts\Translation\TranslatorInterface;
  40. class JWTAuthenticator extends AbstractAuthenticator implements AuthenticationEntryPointInterface
  41. {
  42.     use ForwardCompatAuthenticatorTrait;
  44.     /**
  45.      * @var TokenExtractorInterface
  46.      */
  47.     private $tokenExtractor;
  49.     /**
  50.      * @var JWTTokenManagerInterface
  51.      */
  52.     private $jwtManager;
  54.     /**
  55.      * @var EventDispatcherInterface
  56.      */
  57.     private $eventDispatcher;
  59.     /**
  60.      * @var UserProviderInterface
  61.      */
  62.     private $userProvider;
  64.     /**
  65.      * @var TranslatorInterface|null
  66.      */
  67.     private $translator;
  69.     public function __construct(
  70.         JWTTokenManagerInterface $jwtManager,
  71.         EventDispatcherInterface $eventDispatcher,
  72.         TokenExtractorInterface $tokenExtractor,
  73.         UserProviderInterface $userProvider,
  74.         TranslatorInterface $translator null
  75.     ) {
  76.         $this->tokenExtractor $tokenExtractor;
  77.         $this->jwtManager $jwtManager;
  78.         $this->eventDispatcher $eventDispatcher;
  79.         $this->userProvider $userProvider;
  80.         $this->translator $translator;
  81.     }
  83.     /**
  84.      * {@inheritdoc}
  85.      */
  86.     public function start(Request $requestAuthenticationException $authException null): Response
  87.     {
  88.         $exception = new MissingTokenException('JWT Token not found'0$authException);
  89.         $event = new JWTNotFoundEvent($exception, new JWTAuthenticationFailureResponse($exception->getMessageKey()), $request);
  91.         $this->eventDispatcher->dispatch($eventEvents::JWT_NOT_FOUND);
  93.         return $event->getResponse();
  94.     }
  96.     public function supports(Request $request): ?bool
  97.     {
  98.         return false !== $this->getTokenExtractor()->extract($request);
  99.     }
  101.     /**
  102.      * @return Passport
  103.      */
  104.     public function doAuthenticate(Request $request/*: Passport */
  105.     {
  106.         $token $this->getTokenExtractor()->extract($request);
  107.         if ($token === false) {
  108.             throw new \LogicException('Unable to extract a JWT token from the request. Also, make sure to call `supports()` before `authenticate()` to get a proper client error.');
  109.         }
  111.         try {
  112.             if (!$payload $this->jwtManager->parse($token)) {
  113.                 throw new InvalidTokenException('Invalid JWT Token');
  114.             }
  115.         } catch (JWTDecodeFailureException $e) {
  116.             if (JWTDecodeFailureException::EXPIRED_TOKEN === $e->getReason()) {
  117.                 throw new ExpiredTokenException();
  118.             }
  120.             throw new InvalidTokenException('Invalid JWT Token'0$e);
  121.         }
  123.         $idClaim $this->jwtManager->getUserIdClaim();
  124.         if (!isset($payload[$idClaim])) {
  125.             throw new InvalidPayloadException($idClaim);
  126.         }
  128.         $passport = new SelfValidatingPassport(
  129.             new UserBadge(
  130.                 (string)$payload[$idClaim],
  131.                 function ($userIdentifier) use ($payload) {
  132.                     return $this->loadUser($payload$userIdentifier);
  133.                 }
  134.             )
  135.         );
  137.         $passport->setAttribute('payload'$payload);
  138.         $passport->setAttribute('token'$token);
  140.         return $passport;
  141.     }
  143.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  144.     {
  145.         return null;
  146.     }
  148.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): ?Response
  149.     {
  150.         $errorMessage strtr($exception->getMessageKey(), $exception->getMessageData());
  151.         if (null !== $this->translator) {
  152.             $errorMessage $this->translator->trans($exception->getMessageKey(), $exception->getMessageData(), 'security');
  153.         }
  154.         $response = new JWTAuthenticationFailureResponse($errorMessage);
  156.         if ($exception instanceof ExpiredTokenException) {
  157.             $event = new JWTExpiredEvent($exception$response$request);
  158.             $eventName Events::JWT_EXPIRED;
  159.         } else {
  160.             $event = new JWTInvalidEvent($exception$response$request);
  161.             $eventName Events::JWT_INVALID;
  162.         }
  164.         $this->eventDispatcher->dispatch($event$eventName);
  166.         return $event->getResponse();
  167.     }
  169.     /**
  170.      * Gets the token extractor to be used for retrieving a JWT token in the
  171.      * current request.
  172.      *
  173.      * Override this method for adding/removing extractors to the chain one or
  174.      * returning a different {@link TokenExtractorInterface} implementation.
  175.      */
  176.     protected function getTokenExtractor(): TokenExtractorInterface
  177.     {
  178.         return $this->tokenExtractor;
  179.     }
  181.     /**
  182.      * Gets the jwt manager.
  183.      */
  184.     protected function getJwtManager(): JWTTokenManagerInterface
  185.     {
  186.         return $this->jwtManager;
  187.     }
  189.     /**
  190.      * Gets the event dispatcher.
  191.      */
  192.     protected function getEventDispatcher(): EventDispatcherInterface
  193.     {
  194.         return $this->eventDispatcher;
  195.     }
  197.     /**
  198.      * Gets the user provider.
  199.      */
  200.     protected function getUserProvider(): UserProviderInterface
  201.     {
  202.         return $this->userProvider;
  203.     }
  205.     /**
  206.      * Loads the user to authenticate.
  207.      *
  208.      * @param array                 $payload      The token payload
  209.      * @param string                $identity     The key from which to retrieve the user "identifier"
  210.      */
  211.     protected function loadUser(array $payloadstring $identity): UserInterface
  212.     {
  213.         if ($this->userProvider instanceof PayloadAwareUserProviderInterface) {
  214.             if (method_exists($this->userProvider'loadUserByIdentifierAndPayload')) {
  215.                 return $this->userProvider->loadUserByIdentifierAndPayload($identity$payload);
  216.             } else {
  217.                 return $this->userProvider->loadUserByUsernameAndPayload($identity$payload);
  218.             }
  219.         }
  221.         if ($this->userProvider instanceof ChainUserProvider) {
  222.             foreach ($this->userProvider->getProviders() as $provider) {
  223.                 try {
  224.                     if ($provider instanceof PayloadAwareUserProviderInterface) {
  225.                         if (method_exists(PayloadAwareUserProviderInterface::class, 'loadUserByIdentifierAndPayload')) {
  226.                             return $provider->loadUserByIdentifierAndPayload($identity$payload);
  227.                         } else {
  228.                             return $provider->loadUserByUsernameAndPayload($identity$payload);
  229.                         }
  230.                     }
  232.                     return $provider->loadUserByIdentifier($identity);
  233.                     // More generic call to catch both UsernameNotFoundException for SF<5.3 and new UserNotFoundException
  234.                 } catch (AuthenticationException $e) {
  235.                     // try next one
  236.                 }
  237.             }
  239.             if (!class_exists(UserNotFoundException::class)) {
  240.                 $ex = new UsernameNotFoundException(sprintf('There is no user with username "%s".'$identity));
  241.                 $ex->setUsername($identity);
  242.             } else {
  243.                 $ex = new UserNotFoundException(sprintf('There is no user with identifier "%s".'$identity));
  244.                 $ex->setUserIdentifier($identity);
  245.             }
  247.             throw $ex;
  248.         }
  250.         if (method_exists($this->userProvider'loadUserByIdentifier')) {
  251.             return $this->userProvider->loadUserByIdentifier($identity);
  252.         } else {
  253.             return $this->userProvider->loadUserByUsername($identity);
  254.         }
  255.     }
  257.     public function createAuthenticatedToken(PassportInterface $passportstring $firewallName): TokenInterface
  258.     {
  259.         if (!$passport instanceof Passport) {
  260.             throw new \LogicException(sprintf('Expected "%s" but got "%s".'Passport::class, get_debug_type($passport)));
  261.         }
  263.         $token = new JWTPostAuthenticationToken($passport->getUser(), $firewallName$passport->getUser()->getRoles(), $passport->getAttribute('token'));
  265.         $this->eventDispatcher->dispatch(new JWTAuthenticatedEvent($passport->getAttribute('payload'), $token), Events::JWT_AUTHENTICATED);
  267.         return $token;
  268.     }
  270.     public function createToken(Passport $passportstring $firewallName): TokenInterface
  271.     {
  272.         $token = new JWTPostAuthenticationToken($passport->getUser(), $firewallName$passport->getUser()->getRoles(), $passport->getAttribute('token'));
  274.         $this->eventDispatcher->dispatch(new JWTAuthenticatedEvent($passport->getAttribute('payload'), $token), Events::JWT_AUTHENTICATED);
  276.         return $token;
  277.     }
  278. }