|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* |
|
4
|
|
|
* This file is part of the GesdinetJWTRefreshTokenBundle package. |
|
5
|
|
|
* |
|
6
|
|
|
* (c) Gesdinet <http://www.gesdinet.com/> |
|
7
|
|
|
* |
|
8
|
|
|
* For the full copyright and license information, please view the LICENSE |
|
9
|
|
|
* file that was distributed with this source code. |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
namespace Gesdinet\JWTRefreshTokenBundle\Security\Authenticator; |
|
13
|
|
|
|
|
14
|
|
|
use Gesdinet\JWTRefreshTokenBundle\Request\RequestRefreshToken; |
|
15
|
|
|
use Symfony\Component\Security\Core\Authentication\SimplePreAuthenticatorInterface; |
|
16
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; |
|
17
|
|
|
use Symfony\Component\Security\Core\Exception\AuthenticationException; |
|
18
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken; |
|
19
|
|
|
use Symfony\Component\HttpFoundation\Request; |
|
20
|
|
|
use Symfony\Component\Security\Core\User\UserProviderInterface; |
|
21
|
|
|
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface; |
|
22
|
|
|
use Symfony\Component\HttpFoundation\Response; |
|
23
|
|
|
use Gesdinet\JWTRefreshTokenBundle\Security\Provider\RefreshTokenProvider; |
|
24
|
|
|
|
|
25
|
|
|
/** |
|
26
|
|
|
* Class RefreshTokenAuthenticator. |
|
27
|
|
|
*/ |
|
28
|
|
|
class RefreshTokenAuthenticator implements SimplePreAuthenticatorInterface, AuthenticationFailureHandlerInterface |
|
|
|
|
|
|
29
|
|
|
{ |
|
30
|
|
|
public function createToken(Request $request, $providerKey) |
|
31
|
|
|
{ |
|
32
|
|
|
$refreshTokenString = RequestRefreshToken::getRefreshToken($request); |
|
33
|
|
|
|
|
34
|
|
|
return new PreAuthenticatedToken( |
|
35
|
|
|
'', |
|
36
|
|
|
$refreshTokenString, |
|
37
|
|
|
$providerKey |
|
38
|
|
|
); |
|
39
|
|
|
} |
|
40
|
|
|
|
|
41
|
|
|
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) |
|
42
|
|
|
{ |
|
43
|
|
|
if (!$userProvider instanceof RefreshTokenProvider) { |
|
44
|
|
|
throw new \InvalidArgumentException( |
|
45
|
|
|
sprintf( |
|
46
|
|
|
'The user provider must be an instance of RefreshTokenProvider (%s was given).', |
|
47
|
|
|
get_class($userProvider) |
|
48
|
|
|
) |
|
49
|
|
|
); |
|
50
|
|
|
} |
|
51
|
|
|
|
|
52
|
|
|
$refreshToken = $token->getCredentials(); |
|
53
|
|
|
$username = $userProvider->getUsernameForRefreshToken($refreshToken); |
|
54
|
|
|
|
|
55
|
|
|
if (!$username) { |
|
56
|
|
|
throw new AuthenticationException( |
|
57
|
|
|
sprintf('Refresh token "%s" does not exist.', $refreshToken) |
|
58
|
|
|
); |
|
59
|
|
|
} |
|
60
|
|
|
|
|
61
|
|
|
$user = $userProvider->loadUserByUsername($username); |
|
62
|
|
|
|
|
63
|
|
|
return new PreAuthenticatedToken( |
|
64
|
|
|
$user, |
|
65
|
|
|
$refreshToken, |
|
66
|
|
|
$providerKey, |
|
67
|
|
|
$user->getRoles() |
|
68
|
|
|
); |
|
69
|
|
|
} |
|
70
|
|
|
|
|
71
|
1 |
|
public function supportsToken(TokenInterface $token, $providerKey) |
|
72
|
|
|
{ |
|
73
|
1 |
|
return $token instanceof PreAuthenticatedToken && $token->getProviderKey() === $providerKey; |
|
74
|
|
|
} |
|
75
|
|
|
|
|
76
|
1 |
|
public function onAuthenticationFailure(Request $request, AuthenticationException $exception) |
|
77
|
|
|
{ |
|
78
|
1 |
|
return new Response('Refresh token authentication failed.', 403); |
|
79
|
|
|
} |
|
80
|
|
|
} |
|
81
|
|
|
|
gesdinet /
JWTRefreshTokenBundle
This class, trait or interface has been deprecated. The supplier of the file has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the type will be removed from the class and what other constant to use instead.