/** * TokenValidator constructor. * @param ValidationData $validationData * @param Signer $signer * @param string $secret * @param array $config */ public function __construct(ValidationData $validationData, Signer $signer, string $secret, array $config) { $this->validationData = $validationData; $this->signer = $signer; $this->secret = $secret; $this->validationData->setAudience($config['audience']); $this->validationData->setIssuer($config['issuer']); $this->validationData->setId($config['appid']); }
public function checkCallbackSignature($token, $tokenId) { try { $parser = new Parser(); $token = $parser->parse((string) $token); } catch (\RuntimeException $exception) { throw new Exception\InvalidToken(); } $validation = new ValidationData(); $validation->setIssuer($this->gatewayUrl); $validation->setAudience($this->key); $validation->setId($tokenId); if (!$token->validate($validation)) { throw new Exception\TokenValidationFailed(); } if (!$token->verify(new Sha256(), $this->secret)) { throw new Exception\TokenVerificationFailed(); } if (!$token->hasClaim('sub')) { throw new Exception\SubjectClaimMissing(); } $this->username = $token->getClaim('sub'); if (!$token->hasClaim('pass')) { throw new Exception\PassClaimMissing(); } $this->pass = $token->getClaim('pass'); }
public function findUserByTokenOrFail($token) { $parsedToken = $this->getParsedToken($token); $userClass = app('config')->get('laravel-jwt.model'); $user = app($userClass)->findByQualifiedKeyForToken($this->getData($parsedToken, 'id')); if (!$user) { throw new UserNotFoundException(); } $userHash = $this->generateHashForUser($user, $this->getData($parsedToken, 'iat')); $validationData = new ValidationData(); $validationData->setIssuer(app('config')->get('laravel-jwt.issuer')); $validationData->setId($userHash); if ($parsedToken->validate($validationData)) { return $user; } throw new UserNotFoundException(); }
/** * @param Application $app */ public function register(Application $app) { $app['security.authentication_listener.factory.jwt'] = $app->protect(function ($name, $options) use($app) { $app['security.validation_data.' . $name . '.jwt'] = $app->share(function () use($options) { $validationData = new ValidationData(); $claims = isset($options['validation']) ? $options['validation'] : []; foreach ($claims as $claim => $value) { switch ($claim) { case 'jti': $validationData->setId($value); break; case 'iss': $validationData->setIssuer($value); break; case 'aud': $validationData->setAudience($value); break; case 'sub': $validationData->setSubject($value); break; case 'current_time': $validationData->setCurrentTime($value); break; } } return $validationData; }); $app['security.public_key.' . $name . '.jwt'] = $app->share(function () use($options) { return new Key($options['public_key']); }); $app['security.token_decoder.' . $name . '.jwt'] = $app->share(function (Application $app) use($name, $options) { return new JwtDecoderService(new Parser(), $app['security.validation_data.' . $name . '.jwt'], new Sha256(), $app['security.public_key.' . $name . '.jwt'], $options['required_claims']); }); // define the authentication provider object $app['security.authentication_provider.' . $name . '.jwt'] = $app->share(function () use($app, $name) { return new JwtAuthenticationProvider($app['security.token_decoder.' . $name . '.jwt']); }); // define the authentication listener object $app['security.authentication_listener.' . $name . '.jwt'] = $app->share(function () use($app, $name) { return new JwtListener($app['security.token_storage'], $app['security.authentication_manager'], $app['security.token_decoder.' . $name . '.jwt']); }); return ['security.authentication_provider.' . $name . '.jwt', 'security.authentication_listener.' . $name . '.jwt', null, 'pre_auth']; }); }
public function checkToken($token) { $fprikey = $this->app['BASE_DIR'] . "/app/config/key/private.pkey"; $fpubkey = $this->app['BASE_DIR'] . "/app/config/key/public.pkey"; if (!file_exists($fpubkey) || !file_exists($fprikey)) { throw new \Exception('Chaves não configuradas!!!', 500); } $tkon = (new Parser())->parse((string) $token); $uid = $tkon->getClaim('jti'); $data = new ValidationData(); // It will use the current time to validate (iat, nbf and exp) $data->setIssuer($_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST']); $data->setId($uid); if (!$tkon->validate($data)) { $this->logout(); throw new \Exception(_("Credentials incorrect"), 403); } $sign = new Sha512(); $publicKey = new Key("file://" . $fpubkey); if (!$tkon->verify($sign, $publicKey)) { throw new \Exception(_("Credentials incorrect"), 403); } $sessao = $this->db->doc()->getRepository(get_class($this->SessionEntity))->findOneBy(['uid' => $uid]); if (empty($sessao)) { throw new \Exception(_("Session not found"), 403); } if ($tkon->getClaim('sys') != md5($sessao->getBrowser())) { throw new \Exception(_("Credentials incorrect"), 403); } $this->session->set('uid', $uid); return ["cod" => base64_decode(Crypt::mycrypt_decrypt(md5(file_get_contents($fprikey)), $tkon->getClaim('cod'))), "id" => $tkon->getClaim('id'), "uid" => $uid]; }
/** * @inheritdoc */ public function isValid(Token $token) { $signer = new Sha256(); $key = new Key($this->pathPublicKey); if (!$token->verify($signer, $key)) { throw new InvalidDefinitionException('Invalid token'); } $data = new ValidationData(); $data->setIssuer($token->getClaim('iss')); $data->setAudience($token->getClaim('aud')); $data->setId($token->getClaim('jti')); $isValid = $token->validate($data); if (!$isValid) { throw new AuthenticationExpiredException('The access token has expired'); } return $isValid; }