vendor/nen/kennisbank-platform/src/Nen/Security/JwtTokenAuthenticator.php line 23

Open in your IDE?
  1. <?php
  3. namespace Nen\Bundle\KennisbankPlatformBundle\Security;
  5. use Doctrine\ORM\EntityManagerInterface;
  6. use Lexik\Bundle\JWTAuthenticationBundle\Encoder\JWTEncoderInterface;
  7. use Lexik\Bundle\JWTAuthenticationBundle\TokenExtractor\QueryParameterTokenExtractor;
  8. use Symfony\Component\HttpFoundation\Request;
  9. use Symfony\Component\HttpFoundation\Response;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  12. use Symfony\Component\Security\Core\User\UserInterface;
  13. use Symfony\Component\Security\Core\User\UserProviderInterface;
  14. use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
  15. use App\Entity\User;
  16. use Symfony\Component\HttpFoundation\JsonResponse;
  17. use Symfony\Component\HttpFoundation\RedirectResponse;
  18. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  19. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  20. use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
  21. use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
  23. class JwtTokenAuthenticator extends AbstractAuthenticator
  24. {
  25.     private $jwtEncoder;
  26.     private $em;
  27.     private $urlGenerator;
  28.     private $extractor;
  30.     public function __construct(JWTEncoderInterface $jwtEncoderEntityManagerInterface $emUrlGeneratorInterface $urlGenerator)
  31.     {
  32.         $this->jwtEncoder $jwtEncoder;
  33.         $this->em $em;
  34.         $this->urlGenerator $urlGenerator;
  35.         $this->extractor = new QueryParameterTokenExtractor(
  36.             'jwt'
  37.         );
  38.     }
  40.     public function supports(Request $request): bool
  41.     {
  42.         return false !== $this->extractor->extract($request) &&  ! in_array($request->attributes->get('_route'), ['login''subscription_index''abonnementen_detail']) ;
  43.     }
  47.     public function getCredentials(Request $request)
  48.     {
  49.         $token $this->extractor->extract($request);
  51.         if (!$token) {
  52.             return;
  53.         }
  55.         return $token;
  56.     }
  58.     public function getUser($credentials)
  59.     {
  60.         try {
  61.             $data $this->jwtEncoder->decode($credentials);
  62.         } catch (JWTDecodeFailureException $e) {
  63.             // if you want to, use can use $e->getReason() to find out which of the 3 possible things went wrong
  64.             // and tweak the message accordingly
  65.             // https://github.com/lexik/LexikJWTAuthenticationBundle/blob/05e15967f4dab94c8a75b275692d928a2fbf6d18/Exception/JWTDecodeFailureException.php
  67.             throw new CustomUserMessageAuthenticationException('Invalid Token');
  68.         }
  70.         if ($data === false) {
  71.             throw new CustomUserMessageAuthenticationException('Invalid Token');
  72.         }
  74.         if (empty($data['username'])) {
  75.             return null;
  76.         }
  78.         $username $data['username'];
  80.         return $this->em
  81.             ->getRepository(User::class)
  82.             ->findOneBy(['username' => $username]);
  83.     }
  85.     public function authenticate(Request $request): PassportInterface
  86.     {
  87.         $credentials $this->getCredentials($request);
  88.         try {
  89.             $data $this->jwtEncoder->decode($credentials);
  91.             return new SelfValidatingPassport(
  92.             new UserBadge($credentials, [$this'getUser'])
  93.         );
  94.         } catch (JWTDecodeFailureException $e) {
  95.             // if you want to, use can use $e->getReason() to find out which of the 3 possible things went wrong
  96.             // and tweak the message accordingly
  97.             // https://github.com/lexik/LexikJWTAuthenticationBundle/blob/05e15967f4dab94c8a75b275692d928a2fbf6d18/Exception/JWTDecodeFailureException.php
  99.             throw new CustomUserMessageAuthenticationException('Invalid Token');
  100.         }
  102.         return true;
  103.     }
  105.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): ?Response
  106.     {
  107.         $response = new RedirectResponse($this->urlGenerator->generate('login', ['jwt' => $this->extractor->extract($request)]), 302);
  108.         // $response->headers->set('Authorization', 'Bearer ' . $this->extractor->extract($request));
  110.         return $response;
  111.         // do nothing - let the controller be called
  112.     }
  114.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  115.     {
  116.          return null;
  117.     }
  119.     public function supportsRememberMe()
  120.     {
  121.         return false;
  122.     }
  124.     public function start(Request $requestAuthenticationException $authException null)
  125.     {
  126.         return new JsonResponse([
  127.             'error' => 'auth required'
  128.         ], 401);
  129.     }
  130. }