Update doc

Scrutinizer Fixes Fix segmentation fault (infinite loop)
lexik · Jun 3, 2016 · 2f2ee10 · 2f2ee10
1 parent 9069a5f
commit 2f2ee10
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 32 deletions.
diff --git a/Resources/doc/2-data-customization.md b/Resources/doc/2-data-customization.md
@@ -169,8 +169,6 @@ public function onAuthenticationSuccessResponse(AuthenticationSuccessEvent $even
         return;
     }
 
-    // $data['token'] contains the JWT
-
     $data['data'] = array(
         'roles' => $user->getRoles(),
     );
@@ -199,7 +197,7 @@ public function onJwtEncoded(JWTEncodedEvent $event)
 
 #### Events::AUTHENTICATION_FAILURE - customize the failure response
 
-By default, the response in case of failed authentication is just a json containing a "Bad credentials" message and a 401 status code, but you can set a custom response.
+By default, the response in case of failed authentication is just a json containing a failure message and a 401 status code, but you can set a custom response.
 
 ``` yaml
 # services.yml
@@ -214,6 +212,9 @@ Example 7: set a custom response on authentication failure
 
 ``` php
 // Acme\Bundle\ApiBundle\EventListener\AuthenticationFailureListener.php
+
+use Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationFailureResponse;
+
 /**
  * @param AuthenticationFailureEvent $event
  */
@@ -224,7 +225,7 @@ public function onAuthenticationFailureResponse(AuthenticationFailureEvent $even
         'message' => 'Bad credentials, please verify that your username/password are correctly set',
     ];
 
-    $response = new JsonResponse($data, 401);
+    $response = new JWTAuthenticationFailureResponse($data);
 
     $event->setResponse($response);
 }
@@ -243,21 +244,19 @@ services:
             - { name: kernel.event_listener, event: lexik_jwt_authentication.on_jwt_invalid, method: onJWTInvalid }
 ```
 
-Example 8: set a custom response message on invalid token
+Example 8: set a custom response message and status code on invalid token
 
 ``` php
 // Acme\Bundle\ApiBundle\EventListener\JWTInvalidListener.php
+
+use Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationFailureResponse;
+
 /**
  * @param JWTInvalidEvent $event
  */
 public function onJWTInvalid(JWTInvalidEvent $event)
 {
-    $data = [
-        'status'  => '403 Forbidden',
-        'message' => 'Your token is invalid, please login again to get a new one',
-    ];
-
-    $response = new JsonResponse($data, 403);
+    $response = new JWTAuthenticationFailureResponse('Your token is invalid, please login again to get a new one', 403);
 
     $event->setResponse($response);
 }

diff --git a/Response/JWTAuthenticationFailureResponse.php b/Response/JWTAuthenticationFailureResponse.php
@@ -25,15 +25,15 @@ final class JWTAuthenticationFailureResponse extends JsonResponse
     /**
      * @param string $message A failure message passed in the response body
      */
-    public function __construct($message = 'Bad credentials')
+    public function __construct($message = 'Bad credentials', $statusCode = JsonResponse::HTTP_UNAUTHORIZED)
     {
         $this->message = $message;
 
-        parent::__construct(null, self::HTTP_UNAUTHORIZED, ['WWW-Authenticate' => 'Bearer']);
+        parent::__construct(null, $statusCode, ['WWW-Authenticate' => 'Bearer']);
 
         $this->setData([
-            'code'    => $this->statusCode,
-            'message' => $this->message,
+            'code'    => $statusCode,
+            'message' => $message,
         ]);
     }
 

diff --git a/Response/JWTAuthenticationSuccessResponse.php b/Response/JWTAuthenticationSuccessResponse.php
@@ -23,9 +23,17 @@ final class JWTAuthenticationSuccessResponse extends JsonResponse
     private $token;
 
     /**
-     * @param string $token   Json Web Token
-     * @param array  $data    Extra data passed to the response body.
-     * @param array  $headers HTTP headers
+     * The Json Web Token.
+     *
+     * Immutable property.
+     *
+     * @var string
+     */
+    private $extraData;
+
+    /**
+     * @param string $token     Json Web Token
+     * @param array  $extraData Extra data passed to the response body.
      */
     public function __construct($token, array $extraData = [])
     {
@@ -34,7 +42,7 @@ public function __construct($token, array $extraData = [])
 
         parent::__construct();
 
-        $this->setBody();
+        $this->setData();
     }
 
     /**
@@ -66,23 +74,13 @@ public function getExtraData()
     }
 
     /**
-     * Prevents unexpected response content.
+     * {@inheritdoc}
      *
-     * @internal
+     * @param array $data Unused parameter for risks limitation
      *
-     * {@inheritdoc}
+     * @internal
      */
     public function setData($data = [])
-    {
-        return $this->setBody();
-    }
-
-    /**
-     * Creates the response body.
-     *
-     * @return JWTAuthenticationSuccessResponse
-     */
-    private function setBody()
     {
         parent::setData(['token' => $this->token] + $this->extraData);
     }