/**
* Get the currently authenticated user or null.
*
* @return Illuminate\Auth\UserInterface|null
*/
protected function user($request)
{
if (!($token = $this->auth->setRequest($request)->getToken())) {
return 401;
}
try {
$user = $this->auth->authenticate($token);
} catch (JWTException $e) {
return 401;
}
if (!$user) {
return 401;
}
return $user;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param Closure $next
* @param string|null $guard
*
* @return \Illuminate\Http\RedirectResponse|\Symfony\Component\HttpFoundation\Response
*
* @fires JsonWebTokenExpired
*/
public function handle($request, Closure $next, $guard = null)
{
$autheticated_user = Auth::guard($guard)->user();
$has_valid_token = false;
// Is the user has used "remember me" the token may not be in their session when they return
if ($request->session()->has('jwt')) {
$token = $request->session()->get('jwt');
try {
$token_user = $this->auth->authenticate($token);
if ($token_user->id !== $autheticated_user->id) {
throw new JWTException('Token does not belong to the authenticated user');
}
$has_valid_token = true;
} catch (TokenExpiredException $e) {
$has_valid_token = false;
} catch (JWTException $e) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('login');
}
}
}
// If there is no valid token, generate one
if (!$has_valid_token) {
event(new JsonWebTokenExpired($autheticated_user));
}
return $next($request);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, \Closure $next)
{
if (!($token = $this->auth->setRequest($request)->getToken())) {
return response()->json(\JsonHelper::getErrorResponse(\HttpResponse::HTTP_BAD_REQUEST, 'Token is missing.'), \HttpResponse::HTTP_BAD_REQUEST);
}
$user = $this->auth->authenticate($token);
if (!$user) {
return response()->json(\JsonHelper::getErrorResponse(\HttpResponse::HTTP_NOT_FOUND, 'User not found.'), \HttpResponse::HTTP_NOT_FOUND);
}
return $next($request);
}
/**
* Authenticate request with a JWT.
*
* @param \Illuminate\Http\Request $request
* @param \Dingo\Api\Routing\Route $route
*
* @return mixed
*/
public function authenticate(Request $request, Route $route)
{
$token = $this->getToken($request);
try {
if (!($user = $this->auth->authenticate($token))) {
throw new UnauthorizedHttpException('JWTAuth', 'Unable authenticate with invalid token.');
}
} catch (JWTException $exception) {
throw new UnauthorizedHttpException('JWTAuth', $exception->getMessage());
}
return $user;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
// Step 1. Fail immediately if we don't have a token in the request.
if (!($token = $this->auth->setRequest($request)->getToken())) {
return new JsonResponse(['error' => 'authorization required'], Response::HTTP_UNAUTHORIZED);
}
try {
// Step 2. Validate the given token.
$member = $this->auth->authenticate($token);
$permissions = array_merge(['level' => 1000, 'roles' => []], array_get(config('route.permissions'), $request->route()->getName(), []));
// This ensures that super roles are not overwritten by
// route permission configurations.
$permissions['roles'] = array_merge($permissions['roles'], $this->roles);
$level = $permissions['level'];
// Step 3. Check the auth level encoded in the token.
if ($this->auth->getPayload()->get('level') < $level) {
return new JsonResponse(['error' => 'authentication level not high enough'], Response::HTTP_FORBIDDEN);
}
// Step 4. Verify the role(s) of the member.
$roles = $permissions['roles'];
if (!$member->hasRole($roles)) {
return new JsonResponse(['error' => 'invalid permissions'], Response::HTTP_FORBIDDEN);
}
// Step 5. Attach member to the current request.
$request->member = $member;
} catch (TokenExpiredException $e) {
return new JsonResponse(['error' => 'token has expired'], Response::HTTP_FORBIDDEN);
} catch (TokenInvalidException $e) {
return new JsonResponse(['error' => 'token is invalid'], Response::HTTP_FORBIDDEN);
} catch (JWTException $e) {
return new JsonResponse(['error' => 'unknown error'], Response::HTTP_INTERNAL_SERVER_ERROR);
}
// Step 6. ???
if (!$member) {
return new JsonResponse(['error' => 'entity does not exist'], Response::HTTP_INTERNAL_SERVER_ERROR);
}
// Step 7. Profit!
return $next($request);
}
/**
* Authenticate a user via a token.
*
* @param mixed $token
* @return mixed
* @static
*/
public static function authenticate($token = false)
{
return \Tymon\JWTAuth\JWTAuth::authenticate($token);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!($token = $this->auth->setRequest($request)->getToken())) {
return $this->respond('tymon.jwt.absent', 'Token is not provided.', 400);
}
try {
$user = $this->auth->authenticate($token);
} catch (TokenExpiredException $e) {
return $this->respond('tymon.jwt.expired', 'Token has expired.', $e->getStatusCode(), [$e]);
} catch (JWTException $e) {
return $this->respond('tymon.jwt.invalid', 'Token is invalid.', $e->getStatusCode(), [$e]);
}
if (!$user) {
return $this->respond('tymon.jwt.user_not_found', 'User not found.', 404);
}
$this->events->fire('tymon.jwt.valid', $user);
return $next($request);
}
