bug #922 Fix error when trying to decode token using new authenticator system (fd6130)

This PR was squashed before being merged into the 2.x branch.

Discussion
----------

Fix error when trying to decode token using new authenticator system

If you are using new authenticator system, you cannot decode the token in a service or controller using `$jwtManager->decode($token->getToken());` because the Token Class `getCredentials()` return empty array instead of token.

Now i'm not sure about the `public function createToken(Passport $passport, string $firewallName): TokenInterface` in JwtAuthenticator. Do i need to adjust that one as well?

Anyways, this Fix #921.

Commits
-------

d73d1b8 Fix error when trying to decode token using new authenticator system

Author: chalasr

Security/Authenticator/JWTAuthenticator.php

@@ -117,6 +117,7 @@ function ($userIdentifier) use($payload) {
         );
 
         $passport->setAttribute('payload', $payload);
+        $passport->setAttribute('token', $token);
 
         return $passport;
     }
@@ -234,20 +235,24 @@ protected function loadUser(array $payload, string $identity): UserInterface
 
     public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
     {
-        $token = parent::createAuthenticatedToken($passport, $firewallName);
-
         if (!$passport instanceof SelfValidatingPassport) {
             throw new \LogicException(sprintf('Expected "%s" but got "%s".', SelfValidatingPassport::class, get_debug_type($passport)));
         }
-
+        
+        $token = new JWTPostAuthenticationToken($passport->getUser(), $firewallName, $passport->getUser()->getRoles(), $passport->getAttribute('token'));
+        
         $this->eventDispatcher->dispatch(new JWTAuthenticatedEvent($passport->getAttribute('payload'), $token), Events::JWT_AUTHENTICATED);
 
         return $token;
     }
 
     public function createToken(Passport $passport, string $firewallName): TokenInterface
     {
-        $token = parent::createToken($passport, $firewallName);
+        if (!$passport instanceof SelfValidatingPassport) {
+            throw new \LogicException(sprintf('Expected "%s" but got "%s".', SelfValidatingPassport::class, get_debug_type($passport)));
+        }
+        
+        $token = new JWTPostAuthenticationToken($passport->getUser(), $firewallName, $passport->getUser()->getRoles(), $passport->getAttribute('token'));
 
         $this->eventDispatcher->dispatch(new JWTAuthenticatedEvent($passport->getAttribute('payload'), $token), Events::JWT_AUTHENTICATED);
 

Security/Authenticator/Token/JWTPostAuthenticationToken.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace Lexik\Bundle\JWTAuthenticationBundle\Security\Authenticator\Token;
+
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\Authenticator\Token\PostAuthenticationToken;
+
+class JWTPostAuthenticationToken extends PostAuthenticationToken
+{
+    private $token;
+
+    public function __construct(UserInterface $user, string $firewallName, array $roles, string $token)
+    {
+        parent::__construct($user, $firewallName, $roles);
+
+        $this->token = $token;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getCredentials(): string
+    {
+        return $this->token;
+    }
+}

Tests/Security/Authenticator/JWTAuthenticatorTest.php

@@ -14,6 +14,7 @@
 use Lexik\Bundle\JWTAuthenticationBundle\Exception\MissingTokenException;
 use Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationFailureResponse;
 use Lexik\Bundle\JWTAuthenticationBundle\Security\Authenticator\JWTAuthenticator;
+use Lexik\Bundle\JWTAuthenticationBundle\Security\Authenticator\Token\JWTPostAuthenticationToken;
 use Lexik\Bundle\JWTAuthenticationBundle\Security\User\PayloadAwareUserProviderInterface;
 use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
 use Lexik\Bundle\JWTAuthenticationBundle\Tests\Stubs\User as AdvancedUserStub;
@@ -214,7 +215,7 @@ public function testCreateAuthenticatedToken()
         $user->method('getRoles')->willReturn(['ROLE_USER']);
 
         $dispatcher = $this->getEventDispatcherMock();
-        $dispatcher->expects($this->once())->method('dispatch')->with($this->equalTo(new JWTAuthenticatedEvent(['claim' => 'val'], new PostAuthenticationToken($user, 'dummy', ['ROLE_USER']))), Events::JWT_AUTHENTICATED);
+        $dispatcher->expects($this->once())->method('dispatch')->with($this->equalTo(new JWTAuthenticatedEvent(['claim' => 'val'], new JWTPostAuthenticationToken($user, 'dummy', ['ROLE_USER'], 'dummytoken'))), Events::JWT_AUTHENTICATED);
 
         $authenticator = new JWTAuthenticator(
             $this->getJWTManagerMock(),
@@ -225,13 +226,18 @@ public function testCreateAuthenticatedToken()
 
         $passport = $this->createMock(SelfValidatingPassport::class);
         $passport->method('getUser')->willReturn($user);
-        $passport->method('getAttribute')->with('payload')->willReturn(['claim' => 'val']);
-
+        $passport->method('getAttribute')
+            ->withConsecutive(['token', null], ['payload', null])
+            ->willReturnOnConsecutiveCalls('dummytoken', ['claim' => 'val']);
+        
         if (method_exists(FormLoginAuthenticator::class, 'createToken')) {
-            $authenticator->createToken($passport, 'dummy');
+            $token = $authenticator->createToken($passport, 'dummy');
         } else {
-            $authenticator->createAuthenticatedToken($passport, 'dummy');
+            $token = $authenticator->createAuthenticatedToken($passport, 'dummy');
         }
+
+        $this->assertInstanceOf(JWTPostAuthenticationToken::class, $token);
+        $this->assertSame('dummytoken', $token->getCredentials());
     }
 
     private function getJWTManagerMock($userIdentityField = null, $userIdClaim = null)