src/EventListener/JWTListener.php line 82

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\EventListener;
  7. use App\Entity\MobileJwtToken;
  8. use App\Entity\User\ShopUser;
  9. use App\Repository\MobileJwtTokenRepository;
  10. use Doctrine\ORM\EntityManagerInterface;
  11. use Lexik\Bundle\JWTAuthenticationBundle\Encoder\JWTEncoderInterface;
  12. use Lexik\Bundle\JWTAuthenticationBundle\Event\AuthenticationSuccessEvent;
  13. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTAuthenticatedEvent;
  14. use Safe\DateTime;
  15. use Symfony\Component\HttpFoundation\JsonResponse;
  16. use Symfony\Component\HttpFoundation\RequestStack;
  17. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  19. use function in_array;
  20. use function is_array;
  21. use function substr;
  23. class JWTListener
  24. {
  25.     public function __construct(private RequestStack $requestStack, private EntityManagerInterface $entityManagerInterface, private JWTEncoderInterface $jWTEncoderInterface, private MobileJwtTokenRepository $mobileJwtTokenRepository)
  26.     {
  27.     }
  29.     public function onJWTAuthenticated(JWTAuthenticatedEvent $event): void
  30.     {
  31.         //this is triggered when a protected route is accessed with a valid JWT token in the header,
  32.         //we need to check if this token exists in our mobile_jwt_token table first. Only if it exists, we consider this token valid
  34.         $payload $event->getPayload();
  36.         if (isset($payload)) {
  37.             if (isset($payload['roles'])) {
  38.                 if (in_array('ROLE_ADMINISTRATION_ACCESS'$payload['roles'])) {
  39.                       return;
  40.                 }
  41.             }
  42.         }
  44.         $currentRequest $this->requestStack->getCurrentRequest();
  46.         if ($currentRequest === null) {
  47.             $event->stopPropagation();
  49.             throw new AuthenticationException('token invalid (failed to access request header)');
  50.         }
  52.         $authorizationInHeader $currentRequest->headers->get('authorization');
  54.         if ($authorizationInHeader === null) {
  55.             $event->stopPropagation();
  57.             throw new AuthenticationException('token invalid (failed to access request header)');
  58.         }
  60.         $tokenString substr($authorizationInHeader7);
  62.         /** @var ShopUser|null $shopUser */
  63.         $shopUser $this->entityManagerInterface->getRepository(ShopUser::class)->findOneBy(['username' => $payload['username']]);
  65.         if ($shopUser === null) {
  66.             $event->stopPropagation();
  68.             throw new AuthenticationException('token invalid (shopUser was not found)');
  69.         }
  71.          $mobileJwtToken $this->mobileJwtTokenRepository->findOneBy(['token' => $tokenString'shopUser' => $shopUser->getId()]);
  73.         if ($mobileJwtToken === null) {
  74.             $event->stopPropagation();
  76.             throw new AuthenticationException('token invalid (token not found in db)');
  77.         }
  79.         return;
  80.     }
  82.     public function onAuthenticationSuccess(AuthenticationSuccessEvent $event): void
  83.     {
  84.         //When a user logs in successfully from the API, a JWT is created and saved in the mobile_JWT_token table
  85.         $payload $event->getData();
  87.         $userData $event->getUser();
  88.         if ($userData !== null) {
  89.             $userRoles $userData->getRoles();
  90.             if ($userRoles !== null && is_array($userRoles)) {
  91.                 if (in_array('ROLE_ADMINISTRATION_ACCESS'$userRoles)) {
  92.                     return;
  93.                 }
  94.             }
  95.         }
  97.         $token $payload['token'];
  99.         /** @var ShopUser $shopUser */
  100.         $shopUser $event->getUser();
  102.         $error false;
  103.         if ($token === null || empty($token)) {
  104.             $error true;
  105.         }
  107.         $decodedToken $this->jWTEncoderInterface->decode($token);
  109.         if (! isset($decodedToken['exp'])) {
  110.             $error true;
  111.         } else {
  112.             if (empty($decodedToken['exp'])) {
  113.                 $error true;
  114.             }
  115.         }
  117.         if ($error) {
  118.             $event->stopPropagation();
  119.             $response $event->getResponse();
  121.             if ($response instanceof JsonResponse) {
  122.                 $responseData = ['code' => 401'message' => 'token invalid / failed to parse token'];
  123.                 $response->setData($responseData);
  124.                 $response->setStatusCode(401);
  125.             }
  127.             return;
  128.         }
  130.         $tokenExpiresOn DateTime::createFromFormat('U'$decodedToken['exp']);
  131.         $currentDateTime = new DateTime();
  133.         $mobileJwtToken = new MobileJwtToken($currentDateTime);
  134.         $mobileJwtToken->setToken($token);
  135.         $mobileJwtToken->setExpiresOn($tokenExpiresOn);
  136.         $mobileJwtToken->setShopUser($shopUser);
  138.         $this->entityManagerInterface->persist($mobileJwtToken);
  139.         $this->entityManagerInterface->flush();
  140.     }
  141. }