Skip to content

Commit

Permalink
Code Cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
Simon Erkelens committed Aug 12, 2017
1 parent bc6e4fd commit 5949226
Show file tree
Hide file tree
Showing 2 changed files with 49 additions and 28 deletions.
3 changes: 3 additions & 0 deletions src/Authentication/JWTAuthenticationHandler.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,9 @@ public function authenticateRequest(HTTPRequest $request)
}

/**
* Authenticate on every run, based on the header, not relying on sessions or cookies
* JSON Web Tokens are stateless
*
* @param Member $member
* @param bool $persistent
* @param HTTPRequest|null $request
Expand Down
74 changes: 46 additions & 28 deletions src/Authentication/JWTAuthenticator.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,43 +36,17 @@ public function supportedServices()
* @param HTTPRequest $request
* @param ValidationResult|null $result
* @return Member|null
* @throws BadMethodCallException
* @throws \OutOfBoundsException
* @throws \BadMethodCallException
*/
public function authenticate(array $data, HTTPRequest $request, ValidationResult &$result = null)
{
if (!$result) {
$result = new ValidationResult();
}
$token = $data['token'];
$parser = new Parser();
$parsedToken = $parser->parse((string)$token);
$signer = new Sha256();
$signerKey = getenv('JWT_SIGNER_KEY');
$member = null;

// If the token is not verified, just give up
if (!$parsedToken->verify($signer, $signerKey)) {
$result->addError('Invalid token');
return null;
}
// An expired token can be renewed
if ($parsedToken->isExpired() && $result->isValid()) {
$result->addError('Token is expired, please renew your token with a refreshToken query');
}
// Everything seems fine, let's find a user
if ($parsedToken->getClaim('uid') > 0 && $parsedToken->getClaim('jti')) {
/** @var Member $member */
$member = Member::get()
->filter(['JWTUniqueID' => $parsedToken->getClaim('jti')])
->byID($parsedToken->getClaim('uid'));
}
// Or not entirely fine, do we allow anonymous users?
if ($parsedToken->getClaim('uid') === 0 && $this->config()->get('anonymous_allowed')) {
$member = Member::create(['ID' => 0, 'FirstName' => 'Anonymous']);
}

return $result->isValid() ? $member : null;
return $this->validateToken($token, $result);
}

/**
Expand Down Expand Up @@ -119,4 +93,48 @@ public function generateToken(Member $member)
// Return the token
return $token->getToken();
}

/**
* @param string $token
* @param ValidationResult $result
* @return null|Member
* @throws \OutOfBoundsException
* @throws \BadMethodCallException
*/
private function validateToken($token, &$result)
{
$parser = new Parser();
$parsedToken = $parser->parse((string)$token);
$signer = new Sha256();
$signerKey = getenv('JWT_SIGNER_KEY');
$member = null;

// If the token is not verified, just give up
if (!$parsedToken->verify($signer, $signerKey)) {
$result->addError('Invalid token');
}
// An expired token can be renewed
elseif ($parsedToken->isExpired()) {
$result->addError('Token is expired, please renew your token with a refreshToken query');
}
// Everything seems fine, let's find a user
elseif ($parsedToken->getClaim('uid') > 0 && $parsedToken->getClaim('jti')) {
/** @var Member $member */
$member = Member::get()
->filter(['JWTUniqueID' => $parsedToken->getClaim('jti')])
->byID($parsedToken->getClaim('uid'));
}
// Not entirely fine, do we allow anonymous users?
// Then, if the token is valid, return an anonymous user
if (
$result->isValid() &&
$parsedToken->getClaim('uid') === 0 &&
static::config()->get('anonymous_allowed')
) {
$member = Member::create(['ID' => 0, 'FirstName' => 'Anonymous']);
}

return $result->isValid() ? $member : null;

}
}

0 comments on commit 5949226

Please sign in to comment.