/**
* @param User $user
* @return Token
*/
public function createToken(User $user) : Token
{
$issued = Carbon::now();
$expire = Carbon::now()->addSeconds((int) $this->config['expire']);
$notBefore = Carbon::now()->addSeconds((int) $this->config['notbefore']);
return $this->tokenBuilder->setIssuer($this->config['issuer'])->setAudience($this->config['audience'])->setId($this->config['appid'], true)->setIssuedAt($issued->getTimestamp())->setNotBefore($notBefore->getTimestamp())->setExpiration($expire->getTimestamp())->set('data', ["uid" => $user->getId(), "uidentifier" => $user->getUsername()])->sign($this->signer, $this->secret)->getToken();
}
/**
* @param Application $app
*/
public function register(Application $app)
{
$app['jwt.builder'] = $app->share(function (Application $app) {
$builder = new Builder();
$builder->setIssuer($app['config']['jwt']['iss']);
return $builder;
});
$app['jwt.signer'] = $app->share(function () {
return new Sha256();
});
$app['jwt.keys.private'] = $app->share(function (Application $app) {
$file = __DIR__ . '/../../' . $app['config']['jwt']['keys']['private']['file'];
return new Key('file://' . $file, $app['config']['jwt']['keys']['private']['passphrase']);
});
$app['jwt.keys.public'] = $app->share(function (Application $app) {
$file = __DIR__ . '/../../' . $app['config']['jwt']['keys']['public']['file'];
return new Key('file://' . $file);
});
$app['jwt.validation_data'] = $app->share(function (Application $app) {
$data = new ValidationData();
$data->setIssuer($app['config']['jwt']['iss']);
return $data;
});
$app['jwt.encoder'] = $app->share(function (Application $app) {
return new JwtEncoderService($app['jwt.builder'], $app['jwt.signer'], $app['jwt.keys.private'], $app['clock'], new Integer($app['config']['jwt']['exp']), new Integer($app['config']['jwt']['nbf']));
});
$app['jwt.decoder'] = $app->share(function (Application $app) {
return new JwtDecoderService(new Parser(), $app['jwt.validation_data'], $app['jwt.signer'], $app['jwt.keys.public']);
});
}
/**
* @return Builder
*/
protected function builder()
{
$builder = new Builder();
$time = time();
$builder->setIssuedAt($time)->setExpiration($time + config('jwt.ttl'));
return $builder;
}
public function generateUrl($username = null)
{
$now = time();
$builder = new Builder();
$token = $builder->setIssuer($this->key)->setAudience($this->gatewayUrl)->setSubject($username)->setId($this->generateTokenId())->set('url', $this->callbackUrl)->set('tpl', $this->templateName)->setIssuedAt($now)->setNotBefore($now)->setExpiration($now + $this->signatureTtl)->sign(new Sha256(), $this->secret)->getToken();
return sprintf('%s?token=%s', $this->gatewayUrl, $token);
}
/**
* create token with socketId
*
* @param [string] $socketId
* @return [string]
*/
private function createToken()
{
// builder for jwt
$builder = new Builder();
// current time
$time = time();
return $builder->setIssuedAt($time)->setNotBefore($time)->setExpiration($time + 10000)->getToken();
}
/**
* @param array $claims
* @return string
*/
public function getToken(array $claims = [])
{
$issuer = (string) $this->request->getUri();
$issued_at = $this->config->getTimestamp();
$expiration = $issued_at + $this->config->getTtl();
$key = $this->config->getPrivateKey();
foreach ($claims as $name => $value) {
$this->builder->set($name, $value);
}
$token = $this->builder->setIssuer($issuer)->setIssuedAt($issued_at)->setExpiration($expiration)->sign($this->signer, $key)->getToken();
return (string) $token;
}
function setVAPIDInfo($privateKey, $audience, $subject)
{
if (!USE_VAPID || !$privateKey || !$audience || !$subject) {
return;
}
$builder = new Builder();
$token = $builder->setAudience($audience)->setExpiration(time() + 86400)->setSubject($subject)->sign(new Sha256(), new Key($privateKey))->getToken();
$this->additionalHeaders['Authorization'] = 'Bearer ' . $token;
$privKeySerializer = new PemPrivateKeySerializer(new DerPrivateKeySerializer());
$privateKeyObject = $privKeySerializer->parse($privateKey);
$publicKeyObject = $privateKeyObject->getPublicKey();
$pointSerializer = new UncompressedPointSerializer(EccFactory::getAdapter());
$this->additionalHeaders['Crypto-Key'] = 'p256ecdsa=' . Base64Url::encode(hex2bin($pointSerializer->serialize($publicKeyObject->getPoint())));
}
public function createToken(AuthenticatableContract $user)
{
$payload = $this->buildTokenPayload($user);
$this->builder->unsign();
// set additional payload data
foreach ($payload as $key => $value) {
$this->builder->set($key, $value);
}
$now = time();
$lifespanSecs = $this->config['lifespan'] * 60;
return $this->builder->setIssuedAt($now)->setExpiration($now + $lifespanSecs)->sign(new $this->signer(), $this->secret)->getToken();
// Retrieves the generated token
}
/**
* Apply claims to builder.
*
* @param array $claims
* @param bool $protect
* @param \Lcobucci\JWT\Builder|null $builder
* @return \Lcobucci\JWT\Builder
*/
protected function applyClaims(array $claims, $protect = false, Builder $builder = null)
{
if (is_null($builder)) {
$builder = new Builder();
}
foreach ($claims as $key => $value) {
if ($value instanceof Claim) {
$key = $value->getName();
$value = $value->getValue();
}
if (array_key_exists($key, $this->claims)) {
if (!$protect) {
$builder->{'set' . $this->claims[$key]}($value);
}
} else {
$builder->set($key, $value);
}
}
return $builder;
}
/**
* Create object of a token.
*
* @param array $user
*
* @return Lcobucci\JWT\Token
*/
public function generateTokenByUser($user)
{
return $this->builder->set('user', $user)->sign(new Sha256(), env('JWT_SECRET'))->getToken();
}
public function generate($email, Signer $signer, $key)
{
$token = $this->tokenBuilder->setId(Uuid::uuid4(), true)->setIssuedAt(time())->setExpiration(time() + 3600)->set('email', $email)->sign($signer, $key)->getToken();
return (string) $token;
}
/**
* @param \Lcobucci\JWT\Builder $builder
* @return \Lcobucci\JWT\Builder
*/
public function sign(Builder $builder)
{
return $builder->sign($this->signer, $this->key);
}
error_log(sprintf("Response\r\n\033[1;%dmHTTP/%s %s %s\e[0;%1\$dm\r\n%s[0m", $color, $response->getProtocolVersion(), $response->getStatusCode(), Response::$statusTexts[$response->getStatusCode()], $response->headers));
});
// Routes
$app->post('/login', function(Request $request) use($users, $privateKey) {
$name = $request->get('name');
$user = $users->findOne(['name' => $name]);
$password = $request->get('password');
if (null === $user || $password !== $user['password']) {
throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid username or password.');
}
// Generate new JSON Web Token.
$builder = new JWT\Builder();
$builder
->setNotBefore(time())
->setIssuer($request->getSchemeAndHttpHost())
->setId($user['_id']->{'$id'})
;
foreach (['name', 'email', 'given_name', 'family_name', 'email_verified', 'gender'] as $field) {
$builder->set($field, $user[$field]);
}
$builder->sign(new JWT\Signer\Rsa\Sha256(), $privateKey);
$token = $builder->getToken();
return new Response($token, 200, ['Access-Control-Allow-Origin' => '*', 'Content-Type' => 'application/jwt']);
});
/**
* Returns Builder/ValidationData with "iss" and "aud" claims set.
*
* @param Builder|ValidationData $object
* @param string $issuer
* @param string $audience
*
* @return Builder|ValidationData
*/
private function initClaims($object, $issuer = null, $audience = null)
{
if ($object instanceof Builder) {
$object->setIssuer(isset($issuer) ? $issuer : \Yii::$app->getRequest()->getHostInfo());
}
$object->setAudience(isset($audience) ? $audience : $this->getAudience());
return $object;
}
/**
* @test
*
* @depends signMustKeepAFluentInterface
*
* @covers Lcobucci\JWT\Builder::unsign
*/
public function unsignMustRemoveTheSignature(Builder $builder)
{
$builder->unsign();
$this->assertAttributeSame(null, 'signature', $builder);
}
public function __toString()
{
return $this->token->getToken()->__toString();
}
/**
* @return string JWT string
*/
public function getTokenString() : string
{
/**
* Build Token
*/
$builder = new Builder();
$builder->setIssuer(self::ISSUER);
$builder->setExpiration((new \DateTime($this->configuration->get('Cookie.TTL')))->getTimestamp());
foreach ($this->values as $key => $value) {
$builder->set($key, $value);
}
/**
* Sign and generate new token
*/
$builder->sign(new Sha256(), $this->configuration->get('Cookie.Signer.Key'));
$token = $builder->getToken();
return (string) $token;
}
private function generateToken(UserView $user)
{
$signer = new Sha256();
$issuedAt = time();
$key = $this->configuration->get('auth-key');
$ttl = $this->configuration->get('auth-ttl');
$expiration = is_null($ttl) ? (int) $ttl : 3600;
$builder = new Builder();
$builder->setIssuedAt($issuedAt)->setNotBefore($issuedAt + 1)->setExpiration($issuedAt + $expiration)->set('uid', $user->getId());
$issuer = $this->configuration->get('auth-issuer');
$audience = $this->configuration->get('auth-audience');
if ($issuer != null) {
$builder->setIssuer($issuer);
}
if ($audience != null) {
$builder->setAudience($audience);
}
$token = $builder->sign($signer, $key)->getToken();
return (string) $token;
}
/**
* Generates a user token
* @return string
*/
public function getToken($data = null)
{
$time = time();
$signer = new Sha256();
$token = new Builder();
$token->setIssuer(Router::url('/', true));
$token->setAudience($this->request->clientIp());
$token->setIssuedAt($time);
$token->setNotBefore($time);
$token->setExpiration($time + Configure::read('Security.timeout'));
$token->set('data', json_encode($data));
return (string) $token->sign($signer, Configure::read('Security.salt'))->getToken();
}
