- WIP on v2.x authentication
This commit is contained in:
Dave Mc Nicoll
parent
0271aec31b
commit
0eaaf79ad8
@ -70,12 +70,12 @@ class JsonWebTokenDecoder
|
|||||||
public function isJWT() : bool
|
public function isJWT() : bool
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
return $this->parse();
|
return count(explode('.', $this->encoded)) === 3;
|
||||||
}
|
}
|
||||||
catch(\Throwable $t) {}
|
catch(\Throwable $t) {
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public function getPayload() : array
|
public function getPayload() : array
|
||||||
{
|
{
|
||||||
|
|||||||
@ -6,6 +6,7 @@ use Psr\Http\Message\ServerRequestInterface;
|
|||||||
use Ulmus\User\Authorize\Bearer\JsonWebTokenDecoder;
|
use Ulmus\User\Authorize\Bearer\JsonWebTokenDecoder;
|
||||||
use Ulmus\User\Entity\UserInterface;
|
use Ulmus\User\Entity\UserInterface;
|
||||||
use Ulmus\User\Lib\Authenticate;
|
use Ulmus\User\Lib\Authenticate;
|
||||||
|
use Ulmus\User\Lib\AuthenticationMethodEnum;
|
||||||
|
|
||||||
class BearerMethod implements MethodInterface
|
class BearerMethod implements MethodInterface
|
||||||
{
|
{
|
||||||
@ -23,10 +24,15 @@ class BearerMethod implements MethodInterface
|
|||||||
|
|
||||||
switch($this->autodetectTokenType()) {
|
switch($this->autodetectTokenType()) {
|
||||||
case BearerTokenTypeEnum::JsonWebToken:
|
case BearerTokenTypeEnum::JsonWebToken:
|
||||||
|
$this->jwt->decode();
|
||||||
|
|
||||||
$payload = $this->jwt->getPayload();
|
$payload = $this->jwt->getPayload();
|
||||||
|
|
||||||
if ( $payload['sub'] ?? false) {
|
if ( $payload['sub'] ?? false) {
|
||||||
$request = $request->withAttribute('authentication_middleware:user_id', $payload['sub']);
|
$request = $request
|
||||||
|
->withAttribute('authentication_middleware:method', AuthenticationMethodEnum::ForceLogin)
|
||||||
|
->withAttribute('authentication_middleware:jwt', $payload)
|
||||||
|
->withAttribute('authentication_middleware:user_id', $payload['sub']);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
throw new \InvalidArgumentException("Given JsonWebToken is missing a 'sub' key (which concords to user id)");
|
throw new \InvalidArgumentException("Given JsonWebToken is missing a 'sub' key (which concords to user id)");
|
||||||
@ -37,6 +43,8 @@ class BearerMethod implements MethodInterface
|
|||||||
case BearerTokenTypeEnum::UniqueKey:
|
case BearerTokenTypeEnum::UniqueKey:
|
||||||
# @TODO
|
# @TODO
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
}
|
}
|
||||||
|
|
||||||
return $request;
|
return $request;
|
||||||
|
|||||||
@ -48,12 +48,12 @@ abstract class User implements UserInterface {
|
|||||||
#[Field]
|
#[Field]
|
||||||
public string $password;
|
public string $password;
|
||||||
|
|
||||||
#[Field\UpdatedAt(name: "updated_at", readonly: true)]
|
|
||||||
public ? Datetime $updatedAt;
|
|
||||||
|
|
||||||
#[Field\CreatedAt(name: "created_at", readonly: true)]
|
#[Field\CreatedAt(name: "created_at", readonly: true)]
|
||||||
public Datetime $createdAt;
|
public Datetime $createdAt;
|
||||||
|
|
||||||
|
#[Field\UpdatedAt(name: "updated_at", readonly: true)]
|
||||||
|
public ? Datetime $updatedAt;
|
||||||
|
|
||||||
public bool $logged = false;
|
public bool $logged = false;
|
||||||
|
|
||||||
public function __toString() : string
|
public function __toString() : string
|
||||||
|
|||||||
5
src/Exception/InvalidUserException.php
Normal file
5
src/Exception/InvalidUserException.php
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Ulmus\User\Exception;
|
||||||
|
|
||||||
|
class InvalidUserException extends \Exception {}
|
||||||
@ -10,6 +10,7 @@ use Psr\Http\{
|
|||||||
};
|
};
|
||||||
use Ulmus\User\Entity\UserInterface;
|
use Ulmus\User\Entity\UserInterface;
|
||||||
use Ulmus\User\Authorize\PostRequestAuthentication;
|
use Ulmus\User\Authorize\PostRequestAuthentication;
|
||||||
|
use Ulmus\User\Exception\InvalidUserException;
|
||||||
use Ulmus\User\Lib\Authenticate;
|
use Ulmus\User\Lib\Authenticate;
|
||||||
use Ulmus\User\Lib\AuthenticationMethodEnum;
|
use Ulmus\User\Lib\AuthenticationMethodEnum;
|
||||||
|
|
||||||
@ -23,11 +24,23 @@ class AuthenticationMiddleware implements MiddlewareInterface
|
|||||||
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
|
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
|
$this->launchAuthentication($request);
|
||||||
|
}
|
||||||
|
catch(InvalidUserException $e) {
|
||||||
|
return call_user_func($this->loginFailedResponse, [ 'api.error_message' => $e->getMessage() ]);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $handler->handle($request);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function launchAuthentication(ServerRequestInterface $request) : void
|
||||||
|
{
|
||||||
if (null !== $id = $request->getAttribute('authentication_middleware:user_id')) {
|
if (null !== $id = $request->getAttribute('authentication_middleware:user_id')) {
|
||||||
|
|
||||||
$this->authenticator->loadUser($id);
|
$this->authenticator->loadUser($id);
|
||||||
|
|
||||||
if ( ! $this->authenticator->user->isLoaded() ) {
|
if ( ! $this->authenticator->user->isLoaded() ) {
|
||||||
throw new \Exception("Given user id do not match with an existing/active user");
|
throw new InvalidUserException("Given user id do not match with an existing/active user");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -41,10 +54,4 @@ class AuthenticationMiddleware implements MiddlewareInterface
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
catch(\Exception $e) {
|
|
||||||
return call_user_func($this->loginFailedResponse, [ 'api.error_message' => $e->getMessage() ]);
|
|
||||||
}
|
|
||||||
|
|
||||||
return $handler->handle($request);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user