/** * @param JWTDecodedEvent $event * * @return void */ public function onJWTDecoded(JWTDecodedEvent $event) { if (!($request = $event->getRequest())) { return; } $payload = $event->getPayload(); $request = $event->getRequest(); if (!isset($payload['ip']) || $payload['ip'] !== $request->getClientIp()) { $event->markAsInvalid(); } }
/** * Check security info and reject if invalid * * @param JWTDecodedEvent $event * @return void */ public function onJWTDecoded(JWTDecodedEvent $event) { $request = $event->getRequest(); $payload = $event->getPayload(); if (empty($payload['username'])) { $event->markAsInvalid(); return; } if (!($token = substr($request->headers->get('Authorization'), 7))) { $event->markAsInvalid(); return; } if (!$this->validateUser($payload['username'], $token)) { $event->markAsInvalid(); return; } $requestedDatabase = $request->headers->get('x-database'); if (is_null($requestedDatabase)) { $event->markAsInvalid(); return; } if (empty($payload['databases'])) { $event->markAsInvalid(); return; } if (!$this->validateAttributes($requestedDatabase, $payload, $request->getClientIp())) { $event->markAsInvalid(); return; } }