src/EventListener/JWTAuthenticationSuccessListener.php line 21

Open in your IDE?
  1. <?php
  3. namespace App\EventListener;
  5. use App\Application\Abonnent\DeviceService;
  6. use App\Entity\Abonnent\Abonnent;
  7. use Lexik\Bundle\JWTAuthenticationBundle\Event\AuthenticationSuccessEvent;
  8. use Psr\Log\LoggerInterface;
  9. use Symfony\Component\EventDispatcher\Attribute\AsEventListener;
  10. use Symfony\Component\HttpFoundation\RequestStack;
  12. #[AsEventListener(event: 'lexik_jwt_authentication.on_authentication_success', method: 'onAuthenticationSuccess')]
  13. class JWTAuthenticationSuccessListener
  14. {
  15. public function __construct(
  16. private RequestStack $requestStack,
  17. private LoggerInterface $logger,
  18. private DeviceService $deviceService
  19. ) {}
  21. public function onAuthenticationSuccess(AuthenticationSuccessEvent $event): void
  22. {
  23. $request = $this->requestStack->getCurrentRequest();
  25. if (!$request) {
  26. return;
  27. }
  29. $data = $event->getData();
  30. $user = $event->getUser();
  32. if (!$user instanceof Abonnent) {
  33. return;
  34. }
  36. $path = $request->getPathInfo() ?? '';
  37. $isLoginPath = str_starts_with($path, '/api/login');
  38. $isRefreshPath = str_starts_with($path, '/api/token/refresh');
  40. $this->logger->info('JWT Authentication Success triggered', [
  41. 'path' => $path,
  42. 'isLoginPath' => $isLoginPath,
  43. 'isRefreshPath' => $isRefreshPath,
  44. 'user' => $user->getUserIdentifier()
  45. ]);
  47. if ($isLoginPath) {
  48. $this->handleLogin($request, $event, $data, $user);
  49. } elseif ($isRefreshPath) {
  50. $this->handleRefresh($request, $event, $data, $user);
  51. }
  52. }
  54. private function handleLogin($request, $event, $data, $user): void
  55. {
  56. // Add info about OTHER device being logged out (existing functionality enhanced)
  57. $loggedOutDeviceInfo = $request->attributes->get('logged_out_device');
  59. if ($loggedOutDeviceInfo) {
  60. $data['logout_info'] = $loggedOutDeviceInfo;
  61. }
  63. // Create device-specific refresh token
  64. try {
  65. $deviceId = $this->deviceService->getDeviceIdFromRequest($request);
  67. // Create a new device-specific refresh token
  68. $deviceRefreshToken = $this->deviceService->createDeviceSpecificRefreshToken($user, $deviceId);
  70. // Replace the default refresh token with our device-specific one
  71. $data['refresh_token'] = $deviceRefreshToken;
  73. $this->logger->info('Created device-specific refresh token for login', [
  74. 'user' => $user->getUserIdentifier(),
  75. 'deviceId' => substr($deviceId, 0, 8) . '...',
  76. 'token_preview' => substr($deviceRefreshToken, 0, 8) . '...'
  77. ]);
  79. } catch (\Exception $e) {
  80. $this->logger->error('Failed to create device-specific refresh token', [
  81. 'user' => $user->getUserIdentifier(),
  82. 'error' => $e->getMessage()
  83. ]);
  84. }
  86. $event->setData($data);
  87. }
  89. private function handleRefresh($request, $event, $data, $user): void
  90. {
  91. $this->logger->info('handleRefresh called', [
  92. 'user' => $user->getUserIdentifier(),
  93. 'data_keys' => array_keys($data)
  94. ]);
  96. try {
  97. // Get the old refresh token from the request
  98. $oldRefreshToken = $this->getRefreshTokenFromRequest($request);
  100. $this->logger->info('Refresh token details', [
  101. 'user' => $user->getUserIdentifier(),
  102. 'oldRefreshToken' => $oldRefreshToken ? substr($oldRefreshToken, 0, 8) . '...' : 'null',
  103. 'has_new_token_in_data' => isset($data['refresh_token']),
  104. 'new_token_preview' => isset($data['refresh_token']) ? substr($data['refresh_token'], 0, 8) . '...' : 'null'
  105. ]);
  107. if ($oldRefreshToken && isset($data['refresh_token'])) {
  108. // Find which device this belongs to and update it with the new token
  109. $device = $this->deviceService->findDeviceByRefreshToken($user, $oldRefreshToken);
  111. if ($device) {
  112. $this->logger->info('Found device for refresh token', [
  113. 'user' => $user->getUserIdentifier(),
  114. 'deviceId' => substr($device->getDeviceId(), 0, 8) . '...'
  115. ]);
  117. // Update device with the new refresh token (Gesdinet already rotated it)
  118. $device->setRefreshToken($data['refresh_token']);
  119. $device->setLastActivity(new \DateTime());
  121. // Persist the change
  122. $this->deviceService->persistDeviceUpdate($device);
  124. $this->logger->info('Updated device with new refresh token', [
  125. 'user' => $user->getUserIdentifier(),
  126. 'deviceId' => substr($device->getDeviceId(), 0, 8) . '...'
  127. ]);
  128. } else {
  129. $this->logger->warning('No device found for refresh token', [
  130. 'user' => $user->getUserIdentifier(),
  131. 'oldRefreshToken' => substr($oldRefreshToken, 0, 8) . '...'
  132. ]);
  133. }
  134. } else {
  135. $this->logger->warning('Missing refresh token data', [
  136. 'user' => $user->getUserIdentifier(),
  137. 'has_old_token' => $oldRefreshToken !== null,
  138. 'has_new_token' => isset($data['refresh_token'])
  139. ]);
  140. }
  142. } catch (\Exception $e) {
  143. $this->logger->error('Failed to handle refresh token rotation', [
  144. 'user' => $user->getUserIdentifier(),
  145. 'error' => $e->getMessage(),
  146. 'trace' => $e->getTraceAsString()
  147. ]);
  148. }
  150. $event->setData($data);
  151. }
  153. private function getRefreshTokenFromRequest($request): ?string
  154. {
  155. $content = $request->getContent();
  156. if ($content) {
  157. $data = json_decode($content, true);
  158. if (isset($data['refresh_token'])) {
  159. return $data['refresh_token'];
  160. }
  161. }
  163. return $request->request->get('refresh_token') ?? $request->query->get('refresh_token');
  164. }
  165. }