/** * @test */ public function it_returns_an_authenticated_token_when_the_jwt_is_valid() { $jwt = new Jwt(); $token = new JwtUserToken($jwt); $this->decoderService->expects($this->once())->method('verifySignature')->with($jwt)->willReturn(true); $this->decoderService->expects($this->once())->method('validateData')->with($jwt)->willReturn(true); $this->decoderService->expects($this->once())->method('validateRequiredClaims')->with($jwt)->willReturn(true); $authToken = $this->authenticationProvider->authenticate($token); $this->assertEquals($jwt, $authToken->getCredentials()); $this->assertTrue($authToken->isAuthenticated()); }
/** * @param GetResponseEvent $event */ public function handle(GetResponseEvent $event) { $request = $event->getRequest(); $jwtString = $this->getJwtString($request); if (empty($jwtString)) { return; } $jwt = $this->decoderService->parse(new StringLiteral($jwtString)); $token = new JwtUserToken($jwt); try { $authenticatedToken = $this->authenticationManager->authenticate($token); $this->tokenStorage->setToken($authenticatedToken); } catch (AuthenticationException $e) { $event->setResponse(new Response($e->getMessage(), 401)); } }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { /* @var JwtUserToken $token */ if (!$this->supports($token)) { throw new AuthenticationException("Token type " . get_class($token) . " not supported."); } $jwt = $token->getCredentials(); if (!$this->decoderService->verifySignature($jwt)) { throw new AuthenticationException("Token signature verification failed. The token is likely forged or manipulated."); } if (!$this->decoderService->validateData($jwt)) { throw new AuthenticationException("Token claims validation failed. This most likely means the token is expired."); } if (!$this->decoderService->validateRequiredClaims($jwt)) { throw new AuthenticationException("Token is missing one of its required claims."); } return new JwtUserToken($jwt, true); }
/** * @test */ public function it_returns_an_unauthorized_response_if_jwt_authentication_fails() { $tokenString = 'headers.payload.signature'; $jwt = new Jwt(['alg' => 'none'], [], null, ['headers', 'payload']); $token = new JwtUserToken($jwt); $request = new Request([], [], [], [], [], ['HTTP_AUTHORIZATION' => 'Bearer ' . $tokenString], ''); $this->getResponseEvent->expects($this->any())->method('getRequest')->willReturn($request); $this->jwtDecoderService->expects($this->once())->method('parse')->with(new StringLiteral($tokenString))->willReturn($jwt); $authenticationException = new AuthenticationException('Authentication failed', 666); $this->authenticationManager->expects($this->once())->method('authenticate')->with($token)->willThrowException($authenticationException); $this->getResponseEvent->expects($this->once())->method('setResponse')->willReturnCallback(function (Response $response) { $this->assertEquals('Authentication failed', $response->getContent()); $this->assertEquals(401, $response->getStatusCode()); }); $this->listener->handle($this->getResponseEvent); }