Ejemplo n.º 1
0
 /**
  * Check security info and reject if invalid
  *
  * @param JWTDecodedEvent $event
  * @return void
  */
 public function onJWTDecoded(JWTDecodedEvent $event)
 {
     $request = $event->getRequest();
     $payload = $event->getPayload();
     if (empty($payload['username'])) {
         $event->markAsInvalid();
         return;
     }
     if (!($token = substr($request->headers->get('Authorization'), 7))) {
         $event->markAsInvalid();
         return;
     }
     if (!$this->validateUser($payload['username'], $token)) {
         $event->markAsInvalid();
         return;
     }
     $requestedDatabase = $request->headers->get('x-database');
     if (is_null($requestedDatabase)) {
         $event->markAsInvalid();
         return;
     }
     if (empty($payload['databases'])) {
         $event->markAsInvalid();
         return;
     }
     if (!$this->validateAttributes($requestedDatabase, $payload, $request->getClientIp())) {
         $event->markAsInvalid();
         return;
     }
 }
Ejemplo n.º 2
0
 /**
  * @param JWTDecodedEvent $event
  *
  * @return void
  */
 public function onJWTDecoded(JWTDecodedEvent $event)
 {
     if (!($request = $event->getRequest())) {
         return;
     }
     $payload = $event->getPayload();
     $request = $event->getRequest();
     if (!isset($payload['ip']) || $payload['ip'] !== $request->getClientIp()) {
         $event->markAsInvalid();
     }
 }