vendor/gesdinet/jwt-refresh-token-bundle/Security/Http/Authenticator/RefreshTokenAuthenticator.php line 42

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the GesdinetJWTRefreshTokenBundle package.
  5. *
  6. * (c) Gesdinet <http://www.gesdinet.com/>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Gesdinet\JWTRefreshTokenBundle\Security\Http\Authenticator;
  14. use DateTime;
  15. use Gesdinet\JWTRefreshTokenBundle\Event\RefreshTokenNotFoundEvent;
  16. use Gesdinet\JWTRefreshTokenBundle\Http\RefreshAuthenticationFailureResponse;
  17. use Gesdinet\JWTRefreshTokenBundle\Model\RefreshTokenInterface;
  18. use Gesdinet\JWTRefreshTokenBundle\Model\RefreshTokenManagerInterface;
  19. use Gesdinet\JWTRefreshTokenBundle\Request\Extractor\ExtractorInterface;
  20. use Gesdinet\JWTRefreshTokenBundle\Security\Exception\InvalidTokenException;
  21. use Gesdinet\JWTRefreshTokenBundle\Security\Exception\MissingTokenException;
  22. use Gesdinet\JWTRefreshTokenBundle\Security\Exception\TokenNotFoundException;
  23. use Gesdinet\JWTRefreshTokenBundle\Security\Http\Authenticator\Token\PostRefreshTokenAuthenticationToken;
  24. use Symfony\Component\HttpFoundation\Request;
  25. use Symfony\Component\HttpFoundation\Response;
  26. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  27. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  28. use Symfony\Component\Security\Core\Exception\LogicException;
  29. use Symfony\Component\Security\Core\User\UserProviderInterface;
  30. use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
  31. use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
  32. use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
  33. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  34. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  35. use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
  36. use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
  37. use Symfony\Component\Security\Http\Authenticator\Passport\UserPassportInterface;
  38. use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
  39. use Symfony\Component\Security\Http\HttpUtils;
  40. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  42. class RefreshTokenAuthenticator extends AbstractAuthenticator implements AuthenticationEntryPointInterface
  43. {
  44. private RefreshTokenManagerInterface $refreshTokenManager;
  46. private EventDispatcherInterface $eventDispatcher;
  48. private ExtractorInterface $extractor;
  50. private UserProviderInterface $userProvider;
  52. private AuthenticationSuccessHandlerInterface $successHandler;
  54. private AuthenticationFailureHandlerInterface $failureHandler;
  56. private array $options;
  58. private ?HttpUtils $httpUtils;
  60. public function __construct(
  61. RefreshTokenManagerInterface $refreshTokenManager,
  62. EventDispatcherInterface $eventDispatcher,
  63. ExtractorInterface $extractor,
  64. UserProviderInterface $userProvider,
  65. AuthenticationSuccessHandlerInterface $successHandler,
  66. AuthenticationFailureHandlerInterface $failureHandler,
  67. array $options,
  68. ?HttpUtils $httpUtils = null
  69. ) {
  70. $this->refreshTokenManager = $refreshTokenManager;
  71. $this->eventDispatcher = $eventDispatcher;
  72. $this->extractor = $extractor;
  73. $this->userProvider = $userProvider;
  74. $this->successHandler = $successHandler;
  75. $this->failureHandler = $failureHandler;
  76. $this->options = array_merge([
  77. 'check_path' => null, // @todo in 2.0, change the default to `/login_check`
  78. 'ttl' => 2592000,
  79. 'ttl_update' => false,
  80. 'token_parameter_name' => 'refresh_token',
  81. ], $options);
  82. $this->httpUtils = $httpUtils;
  84. if (null === $httpUtils) {
  85. trigger_deprecation('gesdinet/jwt-refresh-token-bundle', '1.1', 'Not passing an instance of "%s" to the "%s" constructor is deprecated, it will be required in 2.0.', HttpUtils::class, self::class);
  86. }
  87. }
  89. public function supports(Request $request): bool
  90. {
  91. if (null !== $this->httpUtils && null !== $this->options['check_path']) {
  92. return $this->httpUtils->checkRequestPath($request, $this->options['check_path']);
  93. }
  95. trigger_deprecation('gesdinet/jwt-refresh-token-bundle', '1.1', 'Checking if the refresh token is in the request in %s() is deprecated, as of 2.0 only the request path will be checked.', __METHOD__);
  97. return null !== $this->extractor->getRefreshToken($request, $this->options['token_parameter_name']);
  98. }
  100. public function authenticate(Request $request): Passport
  101. {
  102. $token = $this->extractor->getRefreshToken($request, $this->options['token_parameter_name']);
  104. if (null === $token) {
  105. throw new MissingTokenException();
  106. }
  108. $refreshToken = $this->refreshTokenManager->get($token);
  110. if (null === $refreshToken) {
  111. throw new TokenNotFoundException();
  112. }
  114. if (!$refreshToken->isValid()) {
  115. throw new InvalidTokenException(sprintf('Refresh token "%s" is invalid.', $refreshToken->getRefreshToken()));
  116. }
  118. if ($this->options['ttl_update']) {
  119. $expirationDate = new DateTime();
  121. // Explicitly check for a negative number based on a behavior change in PHP 8.2, see https://github.com/php/php-src/issues/9950
  122. if ($this->options['ttl'] > 0) {
  123. $expirationDate->modify(sprintf('+%d seconds', $this->options['ttl']));
  124. } elseif ($this->options['ttl'] < 0) {
  125. $expirationDate->modify(sprintf('%d seconds', $this->options['ttl']));
  126. }
  128. $refreshToken->setValid($expirationDate);
  130. $this->refreshTokenManager->save($refreshToken);
  131. }
  133. $method = method_exists($this->userProvider, 'loadUserByIdentifier') ? 'loadUserByIdentifier' : 'loadUserByUsername';
  135. $passport = new SelfValidatingPassport(new UserBadge($refreshToken->getUsername(), [$this->userProvider, $method]));
  136. $passport->setAttribute('refreshToken', $refreshToken);
  138. return $passport;
  139. }
  141. /**
  142. * @deprecated to be removed in 2.0, use `createToken()` instead
  143. */
  144. public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
  145. {
  146. if (!$passport instanceof UserPassportInterface) {
  147. throw new LogicException(sprintf('Passport does not contain a user, overwrite "createToken()" in "%s" to create a custom authentication token.', static::class));
  148. }
  150. trigger_deprecation('gesdinet/jwt-refresh-token-bundle', '1.0', '"%s()" is deprecated, use "%s::createToken()" instead.', __METHOD__, __CLASS__);
  152. return $this->createToken($passport, $firewallName);
  153. }
  155. public function createToken(Passport $passport, string $firewallName): TokenInterface
  156. {
  157. /** @var RefreshTokenInterface|null $refreshToken */
  158. $refreshToken = $passport->getAttribute('refreshToken');
  160. if (null === $refreshToken) {
  161. throw new LogicException('Passport does not contain the refresh token.');
  162. }
  164. return new PostRefreshTokenAuthenticationToken(
  165. $passport->getUser(),
  166. $firewallName,
  167. $passport->getUser()->getRoles(),
  168. $refreshToken
  169. );
  170. }
  172. public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
  173. {
  174. return $this->successHandler->onAuthenticationSuccess($request, $token);
  175. }
  177. public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
  178. {
  179. return $this->failureHandler->onAuthenticationFailure($request, $exception);
  180. }
  182. public function start(Request $request, ?AuthenticationException $authException = null): Response
  183. {
  184. $event = new RefreshTokenNotFoundEvent(
  185. new MissingTokenException('JWT Refresh Token not found', 0, $authException),
  186. new RefreshAuthenticationFailureResponse($authException ? $authException->getMessageKey() : 'Authentication error')
  187. );
  189. $this->eventDispatcher->dispatch($event, 'gesdinet.refresh_token_not_found');
  191. return $event->getResponse();
  192. }
  193. }