Passed
Pull Request — master (#52)
by Matthieu
04:23
created

LegacyJWTAuthenticator::getUser()   A

Complexity

Conditions 5
Paths 6

Size

Total Lines 31
Code Lines 16

Duplication

Lines 0
Ratio 0 %

Importance

Changes 1
Bugs 0 Features 0
Metric Value
cc 5
eloc 16
nc 6
nop 2
dl 0
loc 31
rs 9.4222
c 1
b 0
f 0
1
<?php declare(strict_types = 1);
2
3
namespace AtlassianConnectBundle\Security;
4
5
use AtlassianConnectBundle\Entity\TenantInterface;
6
use InvalidArgumentException;
7
use Symfony\Component\HttpFoundation\Request;
8
use Symfony\Component\HttpFoundation\Response;
9
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
10
use Symfony\Component\Security\Core\Exception\AuthenticationException;
11
use Symfony\Component\Security\Core\User\UserInterface;
12
use Symfony\Component\Security\Core\User\UserProviderInterface;
13
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
14
15
/**
16
 * Class LegacyJWTAuthenticator
17
 */
18
class LegacyJWTAuthenticator extends AbstractGuardAuthenticator
0 ignored issues
show
Deprecated Code introduced by
The class Symfony\Component\Securi...tractGuardAuthenticator has been deprecated: since Symfony 5.3, use the new authenticator system instead ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-deprecated  annotation

18
class LegacyJWTAuthenticator extends /** @scrutinizer ignore-deprecated */ AbstractGuardAuthenticator
Loading history...
19
{
20
    /**
21
     * @var JWTSecurityHelperInterface
22
     */
23
    private $securityHelper;
24
25
    /**
26
     * LegacyJWTAuthenticator constructor.
27
     *
28
     * @param JWTSecurityHelperInterface $securityHelper
29
     */
30
    public function __construct(JWTSecurityHelperInterface $securityHelper)
31
    {
32
        $this->securityHelper = $securityHelper;
33
    }
34
35
    /**
36
     * @param Request                      $request
37
     * @param AuthenticationException|null $authException
38
     *
39
     * @return Response
40
     */
41
    public function start(Request $request, ?AuthenticationException $authException = null): Response
42
    {
43
        return new Response('Authentication header required', 401);
44
    }
45
46
    /**
47
     * @param Request $request
48
     *
49
     * @return bool
50
     */
51
    public function supports(Request $request): bool
52
    {
53
        return $this->securityHelper->supportsRequest($request);
54
    }
55
56
    /**
57
     * @param Request $request
58
     *
59
     * @return mixed Any non-null value
60
     */
61
    public function getCredentials(Request $request)
62
    {
63
        $jwt = $this->securityHelper->getJWTToken($request);
64
65
        if (!$jwt) {
66
            return null;
67
        }
68
69
        return ['jwt' => $jwt];
70
    }
71
72
    /**
73
     * @param mixed                 $credentials
74
     * @param UserProviderInterface $userProvider
75
     *
76
     * @return UserInterface|null
77
     */
78
    public function getUser($credentials, UserProviderInterface $userProvider): ?UserInterface
79
    {
80
        if (!$userProvider instanceof JWTUserProviderInterface) {
81
            throw new InvalidArgumentException(\sprintf(
82
                'UserProvider must implement %s',
83
                JWTUserProviderInterface::class
84
            ));
85
        }
86
87
        $token = $userProvider->getDecodedToken($credentials['jwt']);
88
        $clientKey = $token->iss;
89
90
        if (!$clientKey) {
91
            throw new AuthenticationException(
92
                \sprintf('API Key "%s" does not exist.', $credentials['jwt'])
93
            );
94
        }
95
96
        /** @var TenantInterface|UserInterface $user */
97
        $loadUserMethod = \method_exists($userProvider, 'loadUserByIdentifier')
98
            ? 'loadUserByIdentifier'
99
            : 'loadUserByUsername'
100
        ;
101
        $user = $userProvider->$loadUserMethod($clientKey);
102
103
        if (\property_exists($token, 'sub')) {
104
            // for some reasons, when webhooks are called - field sub is undefined
105
            $user->setUsername($token->sub);
106
        }
107
108
        return $user;
109
    }
110
111
    /**
112
     * @param mixed         $credentials
113
     * @param UserInterface $user
114
     *
115
     * @return bool
116
     */
117
    public function checkCredentials($credentials, UserInterface $user): bool
118
    {
119
        return true;
120
    }
121
122
    /**
123
     * @param Request                 $request
124
     * @param AuthenticationException $exception
125
     *
126
     * @return Response|null
127
     */
128
    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
129
    {
130
        return new Response('Authentication Failed: '.$exception->getMessage(), 403);
131
    }
132
133
    /**
134
     * @param Request        $request
135
     * @param TokenInterface $token
136
     * @param mixed|string   $providerKey The provider (i.e. firewall) key
137
     *
138
     * @return Response|null
139
     */
140
    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey): ?Response
141
    {
142
        return null;
143
    }
144
145
    /**
146
     * @return bool
147
     */
148
    public function supportsRememberMe(): bool
149
    {
150
        return false;
151
    }
152
}
153