/** * Get the currently authenticated user or null. * * @return Illuminate\Auth\UserInterface|null */ protected function user($request) { if (!($token = $this->auth->setRequest($request)->getToken())) { return 401; } try { $user = $this->auth->authenticate($token); } catch (JWTException $e) { return 401; } if (!$user) { return 401; } return $user; }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param Closure $next * @param string|null $guard * * @return \Illuminate\Http\RedirectResponse|\Symfony\Component\HttpFoundation\Response * * @fires JsonWebTokenExpired */ public function handle($request, Closure $next, $guard = null) { $autheticated_user = Auth::guard($guard)->user(); $has_valid_token = false; // Is the user has used "remember me" the token may not be in their session when they return if ($request->session()->has('jwt')) { $token = $request->session()->get('jwt'); try { $token_user = $this->auth->authenticate($token); if ($token_user->id !== $autheticated_user->id) { throw new JWTException('Token does not belong to the authenticated user'); } $has_valid_token = true; } catch (TokenExpiredException $e) { $has_valid_token = false; } catch (JWTException $e) { if ($request->ajax()) { return response('Unauthorized.', 401); } else { return redirect()->guest('login'); } } } // If there is no valid token, generate one if (!$has_valid_token) { event(new JsonWebTokenExpired($autheticated_user)); } return $next($request); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, \Closure $next) { if (!($token = $this->auth->setRequest($request)->getToken())) { return response()->json(\JsonHelper::getErrorResponse(\HttpResponse::HTTP_BAD_REQUEST, 'Token is missing.'), \HttpResponse::HTTP_BAD_REQUEST); } $user = $this->auth->authenticate($token); if (!$user) { return response()->json(\JsonHelper::getErrorResponse(\HttpResponse::HTTP_NOT_FOUND, 'User not found.'), \HttpResponse::HTTP_NOT_FOUND); } return $next($request); }
/** * Authenticate request with a JWT. * * @param \Illuminate\Http\Request $request * @param \Dingo\Api\Routing\Route $route * * @return mixed */ public function authenticate(Request $request, Route $route) { $token = $this->getToken($request); try { if (!($user = $this->auth->authenticate($token))) { throw new UnauthorizedHttpException('JWTAuth', 'Unable authenticate with invalid token.'); } } catch (JWTException $exception) { throw new UnauthorizedHttpException('JWTAuth', $exception->getMessage()); } return $user; }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { // Step 1. Fail immediately if we don't have a token in the request. if (!($token = $this->auth->setRequest($request)->getToken())) { return new JsonResponse(['error' => 'authorization required'], Response::HTTP_UNAUTHORIZED); } try { // Step 2. Validate the given token. $member = $this->auth->authenticate($token); $permissions = array_merge(['level' => 1000, 'roles' => []], array_get(config('route.permissions'), $request->route()->getName(), [])); // This ensures that super roles are not overwritten by // route permission configurations. $permissions['roles'] = array_merge($permissions['roles'], $this->roles); $level = $permissions['level']; // Step 3. Check the auth level encoded in the token. if ($this->auth->getPayload()->get('level') < $level) { return new JsonResponse(['error' => 'authentication level not high enough'], Response::HTTP_FORBIDDEN); } // Step 4. Verify the role(s) of the member. $roles = $permissions['roles']; if (!$member->hasRole($roles)) { return new JsonResponse(['error' => 'invalid permissions'], Response::HTTP_FORBIDDEN); } // Step 5. Attach member to the current request. $request->member = $member; } catch (TokenExpiredException $e) { return new JsonResponse(['error' => 'token has expired'], Response::HTTP_FORBIDDEN); } catch (TokenInvalidException $e) { return new JsonResponse(['error' => 'token is invalid'], Response::HTTP_FORBIDDEN); } catch (JWTException $e) { return new JsonResponse(['error' => 'unknown error'], Response::HTTP_INTERNAL_SERVER_ERROR); } // Step 6. ??? if (!$member) { return new JsonResponse(['error' => 'entity does not exist'], Response::HTTP_INTERNAL_SERVER_ERROR); } // Step 7. Profit! return $next($request); }
/** * Authenticate a user via a token. * * @param mixed $token * @return mixed * @static */ public static function authenticate($token = false) { return \Tymon\JWTAuth\JWTAuth::authenticate($token); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if (!($token = $this->auth->setRequest($request)->getToken())) { return $this->respond('tymon.jwt.absent', 'Token is not provided.', 400); } try { $user = $this->auth->authenticate($token); } catch (TokenExpiredException $e) { return $this->respond('tymon.jwt.expired', 'Token has expired.', $e->getStatusCode(), [$e]); } catch (JWTException $e) { return $this->respond('tymon.jwt.invalid', 'Token is invalid.', $e->getStatusCode(), [$e]); } if (!$user) { return $this->respond('tymon.jwt.user_not_found', 'User not found.', 404); } $this->events->fire('tymon.jwt.valid', $user); return $next($request); }