From 2ba412d99cab96edc84efdd8f39881687c233b0e Mon Sep 17 00:00:00 2001 From: Robin Chalas Date: Thu, 8 Sep 2016 20:01:08 +0200 Subject: [PATCH] Stop extending AbstractGuardAuthenticator since no benefit --- Security/Guard/JWTTokenAuthenticator.php | 28 ++++++++++-------------- UPGRADE.md | 2 +- 2 files changed, 13 insertions(+), 17 deletions(-) diff --git a/Security/Guard/JWTTokenAuthenticator.php b/Security/Guard/JWTTokenAuthenticator.php index e4b1c73f..49deb68a 100644 --- a/Security/Guard/JWTTokenAuthenticator.php +++ b/Security/Guard/JWTTokenAuthenticator.php @@ -27,17 +27,17 @@ use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; -use Symfony\Component\Security\Guard\AbstractGuardAuthenticator; +use Symfony\Component\Security\Guard\GuardAuthenticatorInterface; /** - * JWTTokenAuthenticator (Guard implementation). + * JWTTokenAuthenticator (Guard strict implementation). * * @see http://knpuniversity.com/screencast/symfony-rest4/jwt-guard-authenticator * * @author Nicolas Cabot * @author Robin Chalas */ -class JWTTokenAuthenticator extends AbstractGuardAuthenticator +class JWTTokenAuthenticator implements GuardAuthenticatorInterface { /** * @var JWTTokenManagerInterface @@ -82,7 +82,7 @@ public function __construct( * * @return PreAuthenticationJWTUserToken * - * @throws InvalidTokenException If the request token cannot be decoded + * @throws InvalidTokenException If an error occur while decoding the token * @throws ExpiredTokenException If the request token is expired */ public function getCredentials(Request $request) @@ -95,7 +95,7 @@ public function getCredentials(Request $request) try { if (!$payload = $this->jwtManager->decode($preAuthToken)) { - throw new InvalidTokenException(); + throw new InvalidTokenException('Invalid JWT Token'); } $preAuthToken->setPayload($payload); @@ -117,8 +117,9 @@ public function getCredentials(Request $request) * * @param PreAuthenticationJWTUserToken Implementation of the (Security) TokenInterface * - * @throws InvalidPayloadException If the user identity field is not a key of the payload - * @throws UserNotFoundException If no user can be loaded from the given token + * @throws \InvalidArgumentException If preAuthToken is not of the good type + * @throws InvalidPayloadException If the user identity field is not a key of the payload + * @throws UserNotFoundException If no user can be loaded from the given token */ public function getUser($preAuthToken, UserProviderInterface $userProvider) { @@ -178,8 +179,6 @@ public function onAuthenticationSuccess(Request $request, TokenInterface $token, * {@inheritdoc} * * @return JWTAuthenticationFailureResponse - * - * @throws MissingTokenException */ public function start(Request $request, AuthenticationException $authException = null) { @@ -201,21 +200,18 @@ public function checkCredentials($credentials, UserInterface $user) /** * {@inheritdoc} + * + * @throws \RuntimeException If there is no pre-authenticated token previously stored */ public function createAuthenticatedToken(UserInterface $user, $providerKey) { $preAuthToken = $this->preAuthenticationTokenStorage->getToken(); if (null === $preAuthToken) { - return parent::createAuthenticatedToken($user, $providerKey); + throw new \RuntimeException('Unable to return an post authentication token since there is no pre authentication token in %s::$preAuthenticationTokenStorage'); } - $authToken = new JWTUserToken( - $user->getRoles(), - $user, - $preAuthToken->getCredentials(), - $providerKey - ); + $authToken = new JWTUserToken($user->getRoles(), $user, $preAuthToken->getCredentials(), $providerKey); $this->dispatcher->dispatch(Events::JWT_AUTHENTICATED, new JWTAuthenticatedEvent($preAuthToken->getPayload(), $authToken)); $this->preAuthenticationTokenStorage->setToken(null); diff --git a/UPGRADE.md b/UPGRADE.md index a2441e92..e57dc66e 100644 --- a/UPGRADE.md +++ b/UPGRADE.md @@ -15,7 +15,7 @@ Configuration If a firewall allows anonymous, the entry point will not be called at all, letting the request continue. If it doesn't, the entry point will dispatch a `on_jwt_not_found` event that can be subscribed to customize the default failure response that will be returned by the entry point. - `throw_exceptions`: This option doesn't make sense anymore as the exceptions thrown during the authentication process are needed, involving call of the good method in the good time, dispatching the good events, so a custom response can be easily set, as its content no more depends on the exception thrown. - - `authentication_provider` and `authentication_listener`: It's now part of the authenticator role, simplifiying a lot the corresponding code that can now be found/overrided from one place. + - `authentication_provider` and `authentication_listener`: It's now part of the authenticator role, simplifiying a lot the corresponding code that can now be found/overriden from one place. __Before__