/**
* TokenValidator constructor.
* @param ValidationData $validationData
* @param Signer $signer
* @param string $secret
* @param array $config
*/
public function __construct(ValidationData $validationData, Signer $signer, string $secret, array $config)
{
$this->validationData = $validationData;
$this->signer = $signer;
$this->secret = $secret;
$this->validationData->setAudience($config['audience']);
$this->validationData->setIssuer($config['issuer']);
$this->validationData->setId($config['appid']);
}
public function checkCallbackSignature($token, $tokenId)
{
try {
$parser = new Parser();
$token = $parser->parse((string) $token);
} catch (\RuntimeException $exception) {
throw new Exception\InvalidToken();
}
$validation = new ValidationData();
$validation->setIssuer($this->gatewayUrl);
$validation->setAudience($this->key);
$validation->setId($tokenId);
if (!$token->validate($validation)) {
throw new Exception\TokenValidationFailed();
}
if (!$token->verify(new Sha256(), $this->secret)) {
throw new Exception\TokenVerificationFailed();
}
if (!$token->hasClaim('sub')) {
throw new Exception\SubjectClaimMissing();
}
$this->username = $token->getClaim('sub');
if (!$token->hasClaim('pass')) {
throw new Exception\PassClaimMissing();
}
$this->pass = $token->getClaim('pass');
}
public function findUserByTokenOrFail($token)
{
$parsedToken = $this->getParsedToken($token);
$userClass = app('config')->get('laravel-jwt.model');
$user = app($userClass)->findByQualifiedKeyForToken($this->getData($parsedToken, 'id'));
if (!$user) {
throw new UserNotFoundException();
}
$userHash = $this->generateHashForUser($user, $this->getData($parsedToken, 'iat'));
$validationData = new ValidationData();
$validationData->setIssuer(app('config')->get('laravel-jwt.issuer'));
$validationData->setId($userHash);
if ($parsedToken->validate($validationData)) {
return $user;
}
throw new UserNotFoundException();
}
/**
* @param Application $app
*/
public function register(Application $app)
{
$app['security.authentication_listener.factory.jwt'] = $app->protect(function ($name, $options) use($app) {
$app['security.validation_data.' . $name . '.jwt'] = $app->share(function () use($options) {
$validationData = new ValidationData();
$claims = isset($options['validation']) ? $options['validation'] : [];
foreach ($claims as $claim => $value) {
switch ($claim) {
case 'jti':
$validationData->setId($value);
break;
case 'iss':
$validationData->setIssuer($value);
break;
case 'aud':
$validationData->setAudience($value);
break;
case 'sub':
$validationData->setSubject($value);
break;
case 'current_time':
$validationData->setCurrentTime($value);
break;
}
}
return $validationData;
});
$app['security.public_key.' . $name . '.jwt'] = $app->share(function () use($options) {
return new Key($options['public_key']);
});
$app['security.token_decoder.' . $name . '.jwt'] = $app->share(function (Application $app) use($name, $options) {
return new JwtDecoderService(new Parser(), $app['security.validation_data.' . $name . '.jwt'], new Sha256(), $app['security.public_key.' . $name . '.jwt'], $options['required_claims']);
});
// define the authentication provider object
$app['security.authentication_provider.' . $name . '.jwt'] = $app->share(function () use($app, $name) {
return new JwtAuthenticationProvider($app['security.token_decoder.' . $name . '.jwt']);
});
// define the authentication listener object
$app['security.authentication_listener.' . $name . '.jwt'] = $app->share(function () use($app, $name) {
return new JwtListener($app['security.token_storage'], $app['security.authentication_manager'], $app['security.token_decoder.' . $name . '.jwt']);
});
return ['security.authentication_provider.' . $name . '.jwt', 'security.authentication_listener.' . $name . '.jwt', null, 'pre_auth'];
});
}
public function checkToken($token)
{
$fprikey = $this->app['BASE_DIR'] . "/app/config/key/private.pkey";
$fpubkey = $this->app['BASE_DIR'] . "/app/config/key/public.pkey";
if (!file_exists($fpubkey) || !file_exists($fprikey)) {
throw new \Exception('Chaves não configuradas!!!', 500);
}
$tkon = (new Parser())->parse((string) $token);
$uid = $tkon->getClaim('jti');
$data = new ValidationData();
// It will use the current time to validate (iat, nbf and exp)
$data->setIssuer($_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST']);
$data->setId($uid);
if (!$tkon->validate($data)) {
$this->logout();
throw new \Exception(_("Credentials incorrect"), 403);
}
$sign = new Sha512();
$publicKey = new Key("file://" . $fpubkey);
if (!$tkon->verify($sign, $publicKey)) {
throw new \Exception(_("Credentials incorrect"), 403);
}
$sessao = $this->db->doc()->getRepository(get_class($this->SessionEntity))->findOneBy(['uid' => $uid]);
if (empty($sessao)) {
throw new \Exception(_("Session not found"), 403);
}
if ($tkon->getClaim('sys') != md5($sessao->getBrowser())) {
throw new \Exception(_("Credentials incorrect"), 403);
}
$this->session->set('uid', $uid);
return ["cod" => base64_decode(Crypt::mycrypt_decrypt(md5(file_get_contents($fprikey)), $tkon->getClaim('cod'))), "id" => $tkon->getClaim('id'), "uid" => $uid];
}
/**
* @inheritdoc
*/
public function isValid(Token $token)
{
$signer = new Sha256();
$key = new Key($this->pathPublicKey);
if (!$token->verify($signer, $key)) {
throw new InvalidDefinitionException('Invalid token');
}
$data = new ValidationData();
$data->setIssuer($token->getClaim('iss'));
$data->setAudience($token->getClaim('aud'));
$data->setId($token->getClaim('jti'));
$isValid = $token->validate($data);
if (!$isValid) {
throw new AuthenticationExpiredException('The access token has expired');
}
return $isValid;
}
