/**
* @test
*/
public function it_returns_an_authenticated_token_when_the_jwt_is_valid()
{
$jwt = new Jwt();
$token = new JwtUserToken($jwt);
$this->decoderService->expects($this->once())->method('verifySignature')->with($jwt)->willReturn(true);
$this->decoderService->expects($this->once())->method('validateData')->with($jwt)->willReturn(true);
$this->decoderService->expects($this->once())->method('validateRequiredClaims')->with($jwt)->willReturn(true);
$authToken = $this->authenticationProvider->authenticate($token);
$this->assertEquals($jwt, $authToken->getCredentials());
$this->assertTrue($authToken->isAuthenticated());
}
/**
* @param GetResponseEvent $event
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$jwtString = $this->getJwtString($request);
if (empty($jwtString)) {
return;
}
$jwt = $this->decoderService->parse(new StringLiteral($jwtString));
$token = new JwtUserToken($jwt);
try {
$authenticatedToken = $this->authenticationManager->authenticate($token);
$this->tokenStorage->setToken($authenticatedToken);
} catch (AuthenticationException $e) {
$event->setResponse(new Response($e->getMessage(), 401));
}
}
/**
* {@inheritdoc}
*/
public function authenticate(TokenInterface $token)
{
/* @var JwtUserToken $token */
if (!$this->supports($token)) {
throw new AuthenticationException("Token type " . get_class($token) . " not supported.");
}
$jwt = $token->getCredentials();
if (!$this->decoderService->verifySignature($jwt)) {
throw new AuthenticationException("Token signature verification failed. The token is likely forged or manipulated.");
}
if (!$this->decoderService->validateData($jwt)) {
throw new AuthenticationException("Token claims validation failed. This most likely means the token is expired.");
}
if (!$this->decoderService->validateRequiredClaims($jwt)) {
throw new AuthenticationException("Token is missing one of its required claims.");
}
return new JwtUserToken($jwt, true);
}
/**
* @test
*/
public function it_returns_an_unauthorized_response_if_jwt_authentication_fails()
{
$tokenString = 'headers.payload.signature';
$jwt = new Jwt(['alg' => 'none'], [], null, ['headers', 'payload']);
$token = new JwtUserToken($jwt);
$request = new Request([], [], [], [], [], ['HTTP_AUTHORIZATION' => 'Bearer ' . $tokenString], '');
$this->getResponseEvent->expects($this->any())->method('getRequest')->willReturn($request);
$this->jwtDecoderService->expects($this->once())->method('parse')->with(new StringLiteral($tokenString))->willReturn($jwt);
$authenticationException = new AuthenticationException('Authentication failed', 666);
$this->authenticationManager->expects($this->once())->method('authenticate')->with($token)->willThrowException($authenticationException);
$this->getResponseEvent->expects($this->once())->method('setResponse')->willReturnCallback(function (Response $response) {
$this->assertEquals('Authentication failed', $response->getContent());
$this->assertEquals(401, $response->getStatusCode());
});
$this->listener->handle($this->getResponseEvent);
}