/**
* Get the currently authenticated user or null.
*
* @return Illuminate\Auth\UserInterface|null
*/
protected function user($request)
{
if (!($token = $this->auth->setRequest($request)->getToken())) {
return 401;
}
try {
$user = $this->auth->authenticate($token);
} catch (JWTException $e) {
return 401;
}
if (!$user) {
return 401;
}
return $user;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param Closure $next
* @param string|null $guard
*
* @return \Illuminate\Http\RedirectResponse|\Symfony\Component\HttpFoundation\Response
*
* @fires JsonWebTokenExpired
*/
public function handle($request, Closure $next, $guard = null)
{
$autheticated_user = Auth::guard($guard)->user();
$has_valid_token = false;
// Is the user has used "remember me" the token may not be in their session when they return
if ($request->session()->has('jwt')) {
$token = $request->session()->get('jwt');
try {
$token_user = $this->auth->authenticate($token);
if ($token_user->id !== $autheticated_user->id) {
throw new JWTException('Token does not belong to the authenticated user');
}
$has_valid_token = true;
} catch (TokenExpiredException $e) {
$has_valid_token = false;
} catch (JWTException $e) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('login');
}
}
}
// If there is no valid token, generate one
if (!$has_valid_token) {
event(new JsonWebTokenExpired($autheticated_user));
}
return $next($request);
}
/**
* Authenticate a user using JWT token.
*
* @return \Symfony\Component\HttpFoundation\Response
* @throws \Tymon\JWTAuth\Exceptions\JWTException
*/
public function verify()
{
if (!($user = $this->auth->parseToken()->authenticate())) {
return response()->json(['user_not_found'], 404);
}
// the token is valid and we have found the user via the sub claim
return response()->json(['data' => compact('user')]);
}
public function getRefresh(JWTAuth $jwt)
{
try {
$token = $jwt->refresh($jwt->getToken());
} catch (JWTException $e) {
return $this->jsonResponse(null, 401);
}
return $this->jsonResponse(['token' => $token]);
}
/**
* Authenticate request with a JWT.
*
* @param \Illuminate\Http\Request $request
* @param \Dingo\Api\Routing\Route $route
*
* @return mixed
*/
public function authenticate(Request $request, Route $route)
{
$token = $this->getToken($request);
try {
return $this->auth->setToken($token)->authenticate();
} catch (JWTException $e) {
throw new UnauthorizedHttpException('JWTAuth', $e->getMessage());
}
return $user;
}
/**
* Handle the event.
*
* @param Login|\REBELinBLUE\Deployer\Events\JsonWebTokenExpired $event
*/
public function handle(Login $event)
{
$tokenId = base64_encode(str_random(32));
$issuedAt = Carbon::now()->timestamp;
$notBefore = $issuedAt;
$expire = $notBefore + 3 * 60 * 60;
// Adding 3 hours
// Create the token
$config = ['iat' => $issuedAt, 'jti' => $tokenId, 'iss' => config('app.url'), 'nbf' => $notBefore, 'exp' => $expire, 'data' => ['userId' => $event->user->id]];
Session::put('jwt', $this->auth->fromUser($event->user, $config));
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, \Closure $next)
{
if (!($token = $this->auth->setRequest($request)->getToken())) {
return response()->json(\JsonHelper::getErrorResponse(\HttpResponse::HTTP_BAD_REQUEST, 'Token is missing.'), \HttpResponse::HTTP_BAD_REQUEST);
}
$user = $this->auth->authenticate($token);
if (!$user) {
return response()->json(\JsonHelper::getErrorResponse(\HttpResponse::HTTP_NOT_FOUND, 'User not found.'), \HttpResponse::HTTP_NOT_FOUND);
}
return $next($request);
}
/**
* Authenticate request with a JWT.
*
* @param \Illuminate\Http\Request $request
* @param \Dingo\Api\Routing\Route $route
*
* @return mixed
*/
public function authenticate(Request $request, Route $route)
{
$token = $this->getToken($request);
try {
if (!($user = $this->auth->authenticate($token))) {
throw new UnauthorizedHttpException('JWTAuth', 'Unable authenticate with invalid token.');
}
} catch (JWTException $exception) {
throw new UnauthorizedHttpException('JWTAuth', $exception->getMessage());
}
return $user;
}
public function signUp(SignUpRequest $request, JWTAuth $JWTAuth)
{
$user = new User($request->all());
if (!$user->save()) {
throw new HttpException(500);
}
if (!Config::get('boilerplate.sign_up.release_token')) {
return response()->json(['status' => 'ok'], 201);
}
$token = $JWTAuth->fromUser($user);
return response()->json(['status' => 'ok', 'token' => $token], 201);
}
public function login(LoginRequest $request, JWTAuth $JWTAuth)
{
$credentials = $request->only(['email', 'password']);
try {
$token = $JWTAuth->attempt($credentials);
if (!$token) {
throw new AccessDeniedHttpException();
}
} catch (JWTException $e) {
throw new HttpException(500);
}
return response()->json(['status' => 'ok', 'token' => $token]);
}
public function resetPassword(ResetPasswordRequest $request, JWTAuth $JWTAuth)
{
$response = $this->broker()->reset($this->credentials($request), function ($user, $password) {
$this->reset($user, $password);
});
if ($response !== Password::PASSWORD_RESET) {
throw new HttpException(500);
}
if (!Config::get('boilerplate.reset_password.release_token')) {
return response()->json(['status' => 'ok']);
}
$user = User::where('email', '=', $request->get('email'))->first();
return response()->json(['status' => 'ok', 'token' => $JWTAuth->fromUser($user)]);
}
/**
* Validate Token
*
* returns Illuminate\Http\JsonResponse
*/
public function validate()
{
try {
if (!($user = $this->jwt->parseToken()->authenticate())) {
return $this->returnUnauthenticatedUserResponse();
}
} catch (TokenExpiredException $exception) {
return $this->returnTokenExceptionResponse('token_expired', 401);
} catch (TokenInvalidException $exception) {
return $this->returnTokenExceptionResponse('token_invalid', 401);
} catch (JWTException $exception) {
return $this->returnTokenExceptionResponse('token_absent', 401);
}
return $this->returnAuthenticatedUserResponse(compact('user'));
}
/**
* Action to authenticate existing user
*
* @param Request $request
* @return \Illuminate\Http\JsonResponse
*/
public function authenticate(Request $request)
{
$credentials = $request->only('email', 'password');
try {
// verify the credentials and create a token for the user
if (!($token = $this->jwtAuth->attempt($credentials))) {
abort(401);
}
} catch (JWTException $e) {
// something went wrong
abort(500);
}
// if no errors are encountered we can return a JWT
return response()->json(compact('token'));
}
/**
* Authenticate the user to get a token.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse
*/
public function authenticate(Request $request)
{
try {
if (Auth::check()) {
$token = $this->jwt->fromUser(Auth::user());
} else {
$credentials = $request->only('email', 'password');
if (!($token = $this->jwt->attempt($credentials))) {
return response()->json(['error' => 'invalid_credentials'], 401);
}
}
} catch (JWTException $e) {
return response()->json(['error' => 'could_not_create_token'], 500);
}
return response()->json(compact('token'));
}
public function handle($request, Closure $next)
{
$jwt = new JWTAuth();
try {
if (!($user = $jwt->parseToken()->authenticate())) {
return response()->json(['user_not_found'], 404);
}
} catch (TokenExpiredException $e) {
return response()->json(['token_expired'], $e->getStatusCode());
} catch (TokenInvalidException $e) {
return response()->json(['token_invalid'], $e->getStatusCode());
} catch (JWTException $e) {
return response()->json(['token_absent'], $e->getStatusCode());
}
// the token is valid and we have found the user via the sub claim
return $next($request, $user);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
// Step 1. Fail immediately if we don't have a token in the request.
if (!($token = $this->auth->setRequest($request)->getToken())) {
return new JsonResponse(['error' => 'authorization required'], Response::HTTP_UNAUTHORIZED);
}
try {
// Step 2. Validate the given token.
$member = $this->auth->authenticate($token);
$permissions = array_merge(['level' => 1000, 'roles' => []], array_get(config('route.permissions'), $request->route()->getName(), []));
// This ensures that super roles are not overwritten by
// route permission configurations.
$permissions['roles'] = array_merge($permissions['roles'], $this->roles);
$level = $permissions['level'];
// Step 3. Check the auth level encoded in the token.
if ($this->auth->getPayload()->get('level') < $level) {
return new JsonResponse(['error' => 'authentication level not high enough'], Response::HTTP_FORBIDDEN);
}
// Step 4. Verify the role(s) of the member.
$roles = $permissions['roles'];
if (!$member->hasRole($roles)) {
return new JsonResponse(['error' => 'invalid permissions'], Response::HTTP_FORBIDDEN);
}
// Step 5. Attach member to the current request.
$request->member = $member;
} catch (TokenExpiredException $e) {
return new JsonResponse(['error' => 'token has expired'], Response::HTTP_FORBIDDEN);
} catch (TokenInvalidException $e) {
return new JsonResponse(['error' => 'token is invalid'], Response::HTTP_FORBIDDEN);
} catch (JWTException $e) {
return new JsonResponse(['error' => 'unknown error'], Response::HTTP_INTERNAL_SERVER_ERROR);
}
// Step 6. ???
if (!$member) {
return new JsonResponse(['error' => 'entity does not exist'], Response::HTTP_INTERNAL_SERVER_ERROR);
}
// Step 7. Profit!
return $next($request);
}
public function getAuthenticatedUser(Request $request)
{
try {
if (!($user = JWTAuth::parseToken()->authenticate())) {
return response()->json(['error' => 'user_not_found'], 404);
}
} catch (Tymon\JWTAuth\Exceptions\TokenExpiredException $e) {
return response()->json(['error' => 'token_expired'], $e->getStatusCode());
} catch (Tymon\JWTAuth\Exceptions\TokenInvalidException $e) {
return response()->json(['error' => 'token_invalid'], $e->getStatusCode());
} catch (Tymon\JWTAuth\Exceptions\JWTException $e) {
return response()->json(['error' => 'token_absent'], $e->getStatusCode());
}
return response()->json(compact('user'));
}
public function getAuthenticatedUser()
{
try {
if (!($user = JWTAuth::parseToken()->authenticate())) {
return response()->json(['user_not_found'], 404);
}
} catch (Tymon\JWTAuth\Exceptions\TokenExpiredException $e) {
return response()->json(['token_expired'], $e->getStatusCode());
} catch (Tymon\JWTAuth\Exceptions\TokenInvalidException $e) {
return response()->json(['token_invalid'], $e->getStatusCode());
} catch (Tymon\JWTAuth\Exceptions\JWTException $e) {
return response()->json(['token_absent'], $e->getStatusCode());
}
// the token is valid and we have found the user via the sub claim
return response()->json(compact('user'));
}
/**
* Register the bindings for the main JWTAuth class.
*/
protected function registerJWTAuth()
{
$this->app['tymon.jwt.auth'] = $this->app->share(function ($app) {
$auth = new JWTAuth($app['tymon.jwt.manager'], $app['tymon.jwt.provider.user'], $app['tymon.jwt.provider.auth'], $app['request']);
return $auth->setIdentifier($this->config('identifier'));
});
}
public function __construct(JWTAuth $auth)
{
$this->auth = $auth;
$this->currentUser = $auth->toUser();
}
/**
* Get the JWTManager instance.
*
* @return \Tymon\JWTAuth\JWTManager
* @static
*/
public static function manager()
{
return \Tymon\JWTAuth\JWTAuth::manager();
}
/**
* @param JWTAuth $jwt
* @param \Laravel\Socialite\Contracts\User $login
* @param string $provider
* @return \Illuminate\Http\Response
*/
private function handleSocialLogin(JWTAuth $jwt, $login, $provider)
{
$token = UserSocialLogin::firstOrNew(['token' => $login->getId(), 'provider' => $provider]);
if (!$token->exists) {
$user = $this->createOrFindUser($login);
$token->user_id = $user->id;
$token->data = json_encode($login);
} else {
$user = $token->user;
}
$token->save();
try {
if ($token = $jwt->fromUser($user)) {
return redirect("/login/handle/{$token}");
}
} catch (JWTException $e) {
// return error on exception or empty token
}
return new JsonResponse(['Error creating JWT token'], 401);
}
/**
* Check the request for the presence of a token.
*
* @param \Illuminate\Http\Request $request
*
* @throws \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
*/
public function checkForToken(Request $request)
{
if (!$this->auth->parser()->setRequest($request)->hasToken()) {
throw new BadRequestHttpException('Token not provided');
}
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @return int
*/
public function handle($request)
{
$token = $this->auth->setRequest($request)->getToken();
$owner_id = env('acl.middleware.owner_id', 'owner_id');
return $this->auth->getPayload($token)->get($owner_id);
}
/** @test */
public function it_should_throw_an_exception_when_token_not_present_in_request()
{
$this->setExpectedException('Tymon\\JWTAuth\\Exceptions\\JWTException');
$request = Request::create('/foo', 'GET');
$jwtAuth = new JWTAuth($this->manager, $this->user, $this->auth, $request);
$jwtAuth->parseToken();
}
public function refresh(JWTAuth $auth)
{
$token = $auth->parseToken()->refresh();
return $this->response->success($token);
}
/**
* @param $user
* @return string
*/
protected function getUserToken($user)
{
return $this->jwt->fromUser($user, $this->createClaims($user));
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$this->jwt->setRequest($request)->parseToken()->invalidate();
return $next($request);
}
/**
* Generate token from Eloquent Model.
*
* @param array $claims
* @param Model|null $user
*
* @return string
*/
public function generateToken(array $claims = [], Model $user = null)
{
$user = $user ?: $this->request->user();
$subject = new JWTSubject($user, $claims);
return $this->auth->fromUser($subject);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!($token = $this->auth->setRequest($request)->getToken())) {
return $this->respond('tymon.jwt.absent', 'Token is not provided.', 400);
}
try {
$user = $this->auth->authenticate($token);
} catch (TokenExpiredException $e) {
return $this->respond('tymon.jwt.expired', 'Token has expired.', $e->getStatusCode(), [$e]);
} catch (JWTException $e) {
return $this->respond('tymon.jwt.invalid', 'Token is invalid.', $e->getStatusCode(), [$e]);
}
if (!$user) {
return $this->respond('tymon.jwt.user_not_found', 'User not found.', 404);
}
$this->events->fire('tymon.jwt.valid', $user);
return $next($request);
}
