vendor/lexik/jwt-authentication-bundle/Services/JWTManager.php line 138

Open in your IDE?
  1. <?php
  3. namespace Lexik\Bundle\JWTAuthenticationBundle\Services;
  5. use Lexik\Bundle\JWTAuthenticationBundle\Encoder\HeaderAwareJWTEncoderInterface;
  6. use Lexik\Bundle\JWTAuthenticationBundle\Encoder\JWTEncoderInterface;
  7. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTCreatedEvent;
  8. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTDecodedEvent;
  9. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTEncodedEvent;
  10. use Lexik\Bundle\JWTAuthenticationBundle\Events;
  11. use Lexik\Bundle\JWTAuthenticationBundle\Exception\JWTDecodeFailureException;
  12. use Lexik\Bundle\JWTAuthenticationBundle\Services\PayloadEnrichment\NullEnrichment;
  13. use Symfony\Component\PropertyAccess\PropertyAccess;
  14. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  15. use Symfony\Component\Security\Core\User\InMemoryUser;
  16. use Symfony\Component\Security\Core\User\UserInterface;
  17. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  19. /**
  20.  * Provides convenient methods to manage JWT creation/verification.
  21.  *
  22.  * @author Nicolas Cabot <n.cabot@lexik.fr>
  23.  * @author Robin Chalas <robin.chalas@gmail.com>
  24.  */
  25. class JWTManager implements JWTManagerInterfaceJWTTokenManagerInterface
  26. {
  27.     /**
  28.      * @var JWTEncoderInterface
  29.      */
  30.     protected $jwtEncoder;
  32.     /**
  33.      * @var EventDispatcherInterface
  34.      */
  35.     protected $dispatcher;
  37.     /**
  38.      * @var string
  39.      *
  40.      * @deprecated since v2.15
  41.      */
  42.     protected $userIdentityField;
  44.     /**
  45.      * @var string
  46.      */
  47.     protected $userIdClaim;
  49.     /**
  50.      * @var PayloadEnrichmentInterface
  51.     */
  52.     private $payloadEnrichment;
  54.     /**
  55.      * @param string|null $userIdClaim
  56.      */
  57.     public function __construct(JWTEncoderInterface $encoderEventDispatcherInterface $dispatcher$userIdClaim nullPayloadEnrichmentInterface $payloadEnrichment null)
  58.     {
  59.         $this->jwtEncoder $encoder;
  60.         $this->dispatcher $dispatcher;
  61.         $this->userIdentityField 'username';
  62.         $this->userIdClaim $userIdClaim;
  63.         $this->payloadEnrichment $payloadEnrichment ?? new NullEnrichment();
  64.     }
  66.     /**
  67.      * @return string The JWT token
  68.      */
  69.     public function create(UserInterface $user): string
  70.     {
  71.         $payload = ['roles' => $user->getRoles()];
  72.         $this->addUserIdentityToPayload($user$payload);
  74.         $this->payloadEnrichment->enrich($user$payload);
  76.         return $this->generateJwtStringAndDispatchEvents($user$payload);
  77.     }
  79.     /**
  80.      * @return string The JWT token
  81.      */
  82.     public function createFromPayload(UserInterface $user, array $payload): string
  83.     {
  84.         $payload array_merge(['roles' => $user->getRoles()], $payload);
  85.         $this->addUserIdentityToPayload($user$payload);
  87.         $this->payloadEnrichment->enrich($user$payload);
  89.         return $this->generateJwtStringAndDispatchEvents($user$payload);
  90.     }
  92.     /**
  93.      * @return string The JWT token
  94.      */
  95.     private function generateJwtStringAndDispatchEvents(UserInterface $user, array $payload): string
  96.     {
  97.         $jwtCreatedEvent = new JWTCreatedEvent($payload$user);
  98.         $this->dispatcher->dispatch($jwtCreatedEventEvents::JWT_CREATED);
  100.         if ($this->jwtEncoder instanceof HeaderAwareJWTEncoderInterface) {
  101.             $jwtString $this->jwtEncoder->encode($jwtCreatedEvent->getData(), $jwtCreatedEvent->getHeader());
  102.         } else {
  103.             $jwtString $this->jwtEncoder->encode($jwtCreatedEvent->getData());
  104.         }
  106.         $jwtEncodedEvent = new JWTEncodedEvent($jwtString);
  108.         $this->dispatcher->dispatch($jwtEncodedEventEvents::JWT_ENCODED);
  110.         return $jwtString;
  111.     }
  113.     /**
  114.      * {@inheritdoc}
  115.      * @throws JWTDecodeFailureException
  116.      */
  117.     public function decode(TokenInterface $token)
  118.     {
  119.         if (!($payload $this->jwtEncoder->decode($token->getCredentials()))) {
  120.             return false;
  121.         }
  123.         $event = new JWTDecodedEvent($payload);
  124.         $this->dispatcher->dispatch($eventEvents::JWT_DECODED);
  126.         if (!$event->isValid()) {
  127.             return false;
  128.         }
  130.         return $event->getPayload();
  131.     }
  133.     /**
  134.      * {@inheritdoc}
  135.      */
  136.     public function parse(string $jwtToken): array
  137.     {
  138.         $payload $this->jwtEncoder->decode($jwtToken);
  140.         $event = new JWTDecodedEvent($payload);
  141.         $this->dispatcher->dispatch($eventEvents::JWT_DECODED);
  143.         if (!$event->isValid()) {
  144.             throw new JWTDecodeFailureException(JWTDecodeFailureException::INVALID_TOKEN'The token was marked as invalid by an event listener after successful decoding.');
  145.         }
  147.         return $event->getPayload();
  148.     }
  150.     /**
  151.      * Add user identity to payload, username by default.
  152.      * Override this if you need to identify it by another property.
  153.      *
  154.      * @param array &$payload
  155.      */
  156.     protected function addUserIdentityToPayload(UserInterface $user, array &$payload)
  157.     {
  158.         $accessor PropertyAccess::createPropertyAccessor();
  159.         $identityField $this->userIdClaim ?: $this->userIdentityField;
  161.         if ($user instanceof InMemoryUser && 'username' === $identityField) {
  162.             $payload[$identityField] = $accessor->getValue($user'userIdentifier');
  164.             return;
  165.         }
  167.         $payload[$identityField] = $accessor->getValue($user$accessor->isReadable($user$identityField) ? $identityField 'user_identifier');
  168.     }
  170.     /**
  171.      * {@inheritdoc}
  172.      */
  173.     public function getUserIdentityField(): string
  174.     {
  175.         if (=== func_num_args() || func_get_arg(0)) {
  176.             trigger_deprecation('lexik/jwt-authentication-bundle''2.15''The "%s()" method is deprecated.'__METHOD__);
  177.         }
  179.         return $this->userIdentityField;
  180.     }
  182.     /**
  183.      * {@inheritdoc}
  184.      */
  185.     public function setUserIdentityField($field)
  186.     {
  187.         if (>= func_num_args() || func_get_arg(1)) {
  188.             trigger_deprecation('lexik/jwt-authentication-bundle''2.15''The "%s()" method is deprecated.'__METHOD__);
  189.         }
  191.         $this->userIdentityField $field;
  192.     }
  194.     /**
  195.      * @return string
  196.      */
  197.     public function getUserIdClaim(): ?string
  198.     {
  199.         return $this->userIdClaim;
  200.     }
  201. }