public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
if (!$userProvider instanceof EntityUserProvider) {
throw new \InvalidArgumentException(sprintf('The user provider must be an instance of EntityUserProvider (%s was given).', get_class($userProvider)));
}
try {
$jwt = $token->getCredentials();
$username = $this->jwtManager->getUserIdFromToken($jwt);
$issuedAt = $this->jwtManager->getIssuedAtFromToken($jwt);
} catch (\UnexpectedValueException $e) {
throw new BadCredentialsException('Invalid JSON Web Token: ' . $e->getMessage());
} catch (\Exception $e) {
throw new BadCredentialsException('Invalid JSON Web Token');
}
$user = $userProvider->loadUserByUsername($username);
$authentication = $user->getAuthentication();
if ($authentication) {
$tokenNotValidBefore = $authentication->getInvalidateTokenIssuedBefore();
if ($tokenNotValidBefore) {
if ($tokenNotValidBefore > $issuedAt) {
throw new BadCredentialsException('Invalid JSON Web Token: Not issued before ' . $tokenNotValidBefore->format('c'));
}
}
}
$authenticatedToken = new PreAuthenticatedToken($user, $jwt, $providerKey);
$authenticatedToken->setAuthenticated(true);
return $authenticatedToken;
}
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
if (!$userProvider instanceof WebserviceUserProvider) {
throw new \InvalidArgumentException(sprintf('The user provider must be an instance of ApiKeyUserProvider (%s was given).', get_class($userProvider)));
}
$apiKey = $token->getCredentials();
$user = $token->getUser();
if ($user instanceof User) {
return new PreAuthenticatedToken($user, $apiKey, $providerKey, $user->getRoles());
}
$user = $userProvider->loadUserByUsername($apiKey);
$newToken = new PreAuthenticatedToken($user, $apiKey, $providerKey, $user->getRoles());
if (!is_null($user)) {
$newToken->setAuthenticated(true);
}
return $newToken;
}
/**
* Update users to the new password encoding when they login
* @param AuthenticationEntityInterface $authEntity
* @param string $password
*/
protected function updateLegacyPassword(AuthenticationEntityInterface $authEntity, $password)
{
if ($authEntity->isLegacyAccount()) {
//we have to have a valid token to update the user because the audit log requires it
$authenticatedToken = new PreAuthenticatedToken($authEntity->getUser(), 'fakekey', 'fakeProvider');
$authenticatedToken->setAuthenticated(true);
$this->tokenStorage->setToken($authenticatedToken);
$authEntity->setPasswordSha256(null);
$encodedPassword = $this->encoder->encodePassword($authEntity->getUser(), $password);
$authEntity->setPasswordBcrypt($encodedPassword);
$this->authManager->updateAuthentication($authEntity);
}
}
