Introduce BlockedTokenManagerInterface

Author: ldaspt

EventListener/BlockJWTListener.php

@@ -4,7 +4,8 @@
 
 use Lexik\Bundle\JWTAuthenticationBundle\Exception\JWTDecodeFailureException;
 use Lexik\Bundle\JWTAuthenticationBundle\Exception\MissingClaimException;
-use Lexik\Bundle\JWTAuthenticationBundle\Services\BlockedTokenManager;
+use Lexik\Bundle\JWTAuthenticationBundle\Services\BlockedTokenManagerInterface;
+use Lexik\Bundle\JWTAuthenticationBundle\Services\CacheItemPoolBlockedTokenManager;
 use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
 use Lexik\Bundle\JWTAuthenticationBundle\TokenExtractor\TokenExtractorInterface;
 use Symfony\Component\HttpFoundation\Request;
@@ -14,16 +15,16 @@
 
 class BlockJWTListener
 {
-    private $jwtManager;
+    private $blockedTokenManager;
     private $tokenExtractor;
-    private $tokenManager;
+    private $jwtManager;
 
     public function __construct(
-        BlockedTokenManager $tokenManager,
-        TokenExtractorInterface $tokenExtractor,
-        JWTTokenManagerInterface $jwtManager,
+        BlockedTokenManagerInterface $blockedTokenManager,
+        TokenExtractorInterface      $tokenExtractor,
+        JWTTokenManagerInterface     $jwtManager
     ) {
-        $this->tokenManager = $tokenManager;
+        $this->blockedTokenManager = $blockedTokenManager;
         $this->tokenExtractor = $tokenExtractor;
         $this->jwtManager = $jwtManager;
     }
@@ -58,7 +59,7 @@ private function blockTokenFromRequest(Request $request): void
         }
 
         try {
-            $this->tokenManager->add($payload);
+            $this->blockedTokenManager->add($payload);
         } catch (MissingClaimException $e) {
             // We can't block a token missing the claims our system requires, so silently ignore this one
         }

EventListener/RejectBlockedTokenListener.php

@@ -5,12 +5,15 @@
 use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTAuthenticatedEvent;
 use Lexik\Bundle\JWTAuthenticationBundle\Exception\InvalidTokenException;
 use Lexik\Bundle\JWTAuthenticationBundle\Exception\MissingClaimException;
-use Lexik\Bundle\JWTAuthenticationBundle\Services\BlockedTokenManager;
+use Lexik\Bundle\JWTAuthenticationBundle\Services\BlockedTokenManagerInterface;
 
 class RejectBlockedTokenListener
 {
-    public function __construct(private BlockedTokenManager $tokenManager)
+    private $blockedTokenManager;
+
+    public function __construct(BlockedTokenManagerInterface $blockedTokenManager)
     {
+        $this->blockedTokenManager = $blockedTokenManager;
     }
 
     /**
@@ -19,7 +22,7 @@ public function __construct(private BlockedTokenManager $tokenManager)
     public function __invoke(JWTAuthenticatedEvent $event): void
     {
         try {
-            if ($this->tokenManager->has($event->getPayload())) {
+            if ($this->blockedTokenManager->has($event->getPayload())) {
                 throw new InvalidTokenException('JWT blocked');
             }
         } catch (MissingClaimException) {

Resources/config/blocklist_token.xml

@@ -22,10 +22,12 @@
             <tag name="kernel.event_listener" event="lexik_jwt_authentication.on_jwt_authenticated"/>
         </service>
 
-        <service id="lexik_jwt_authentication.blocked_token_manager" class="Lexik\Bundle\JWTAuthenticationBundle\Services\BlockedTokenManager">
+        <service id="lexik_jwt_authentication.blocked_token_manager" class="Lexik\Bundle\JWTAuthenticationBundle\Services\BlockedToken\CacheItemPoolBlockedTokenManager">
             <argument type="service" id="lexik_jwt_authentication.blocklist_token.cache"/>
         </service>
 
+        <service id="Lexik\Bundle\JWTAuthenticationBundle\Services\BlockedTokenManagerInterface" alias="lexik_jwt_authentication.blocked_token_manager" />
+
     </services>
 
 </container>

Services/BlockedTokenManager.php renamed to Services/BlockedToken/CacheItemPoolBlockedTokenManager.php

@@ -1,14 +1,15 @@
 <?php
 
-namespace Lexik\Bundle\JWTAuthenticationBundle\Services;
+namespace Lexik\Bundle\JWTAuthenticationBundle\Services\BlockedToken;
 
 use DateInterval;
 use DateTimeImmutable;
 use DateTimeZone;
 use Lexik\Bundle\JWTAuthenticationBundle\Exception\MissingClaimException;
+use Lexik\Bundle\JWTAuthenticationBundle\Services\BlockedTokenManagerInterface;
 use Psr\Cache\CacheItemPoolInterface;
 
-class BlockedTokenManager
+class CacheItemPoolBlockedTokenManager implements BlockedTokenManagerInterface
 {
     private $cacheJwt;
 
@@ -17,9 +18,6 @@ public function __construct(CacheItemPoolInterface $cacheJwt)
         $this->cacheJwt = $cacheJwt;
     }
 
-    /**
-     * @throws MissingClaimException if required claims do not exist in the payload
-     */
     public function add(array $payload): bool
     {
         if (!isset($payload['exp'])) {
@@ -48,9 +46,6 @@ public function add(array $payload): bool
         return true;
     }
 
-    /**
-     * @throws MissingClaimException if required claims do not exist in the payload
-     */
     public function has(array $payload): bool
     {
         if (!isset($payload['jti'])) {
@@ -60,9 +55,6 @@ public function has(array $payload): bool
         return $this->cacheJwt->hasItem($payload['jti']);
     }
 
-    /**
-     * @throws MissingClaimException if required claims do not exist in the payload
-     */
     public function remove(array $payload): void
     {
         if (!isset($payload['jti'])) {

Services/BlockedTokenManagerInterface.php

@@ -0,0 +1,23 @@
+<?php
+
+namespace Lexik\Bundle\JWTAuthenticationBundle\Services;
+
+use Lexik\Bundle\JWTAuthenticationBundle\Exception\MissingClaimException;
+
+interface BlockedTokenManagerInterface
+{
+    /**
+     * @throws MissingClaimException if required claims do not exist in the payload
+     */
+    public function add(array $payload): bool;
+
+    /**
+     * @throws MissingClaimException if required claims do not exist in the payload
+     */
+    public function has(array $payload): bool;
+
+    /**
+     * @throws MissingClaimException if required claims do not exist in the payload
+     */
+    public function remove(array $payload): void;
+}

Tests/Functional/BlocklistTokenTest.php

@@ -2,7 +2,7 @@
 
 namespace Lexik\Bundle\JWTAuthenticationBundle\Tests\Functional;
 
-use Lexik\Bundle\JWTAuthenticationBundle\Services\BlockedTokenManager;
+use Lexik\Bundle\JWTAuthenticationBundle\Services\CacheItemPoolBlockedTokenManager;
 use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTManager;
 use Lexik\Bundle\JWTAuthenticationBundle\Tests\Stubs\UserProvider;
 use Psr\Cache\CacheItemPoolInterface;

Tests/Services/BlockedTokenManagerTest.php renamed to Tests/Services/BlockedToken/CacheItemPoolBlockedTokenManagerTest.php

@@ -1,16 +1,16 @@
 <?php
 
-namespace Lexik\Bundle\JWTAuthenticationBundle\Tests\Services;
+namespace Lexik\Bundle\JWTAuthenticationBundle\Tests\Services\BlockedToken;
 
 use DateTime;
 use DateTimeImmutable;
 use Lexik\Bundle\JWTAuthenticationBundle\Exception\MissingClaimException;
-use Lexik\Bundle\JWTAuthenticationBundle\Services\BlockedTokenManager;
+use Lexik\Bundle\JWTAuthenticationBundle\Services\BlockedToken\CacheItemPoolBlockedTokenManager;
 use PHPUnit\Framework\TestCase;
 use Symfony\Bridge\PhpUnit\ClockMock;
 use Symfony\Component\Cache\Adapter\ArrayAdapter;
 
-class BlockedTokenManagerTest extends TestCase
+class CacheItemPoolBlockedTokenManagerTest extends TestCase
 {
     private const JTI = '3de41d11099ed70e23e634eb32c959da';
     private const IAT = 1699455323;
@@ -19,7 +19,7 @@ public function testAddPayloadWithoutExpirationShouldThrowsAnException()
     {
         $this->expectException(MissingClaimException::class);
         $cacheAdapter = new ArrayAdapter();
-        $blockedTokenManager = new BlockedTokenManager($cacheAdapter);
+        $blockedTokenManager = new CacheItemPoolBlockedTokenManager($cacheAdapter);
         $blockedTokenManager->add(
             [
                 'iat' => self::IAT,
@@ -36,7 +36,7 @@ public function testAddPayloadWithoutJitShouldThrowsAnException()
     {
         $this->expectException(MissingClaimException::class);
         $cacheAdapter = new ArrayAdapter();
-        $blockedTokenManager = new BlockedTokenManager($cacheAdapter);
+        $blockedTokenManager = new CacheItemPoolBlockedTokenManager($cacheAdapter);
         $blockedTokenManager->add(
             [
                 'iat' => self::IAT,
@@ -52,7 +52,7 @@ public function testAddPayloadWithoutJitShouldThrowsAnException()
     public function testShouldNotAddPayloadIfItHasExpired()
     {
         $cacheAdapter = new ArrayAdapter();
-        $blockedTokenManager = new BlockedTokenManager($cacheAdapter);
+        $blockedTokenManager = new CacheItemPoolBlockedTokenManager($cacheAdapter);
         self::assertFalse(
             $blockedTokenManager->add(
                 [
@@ -74,7 +74,7 @@ public function testShouldBlockTokenIfPaylaodHasNotExpired()
         ClockMock::register(ArrayAdapter::class);
 
         $cacheAdapter = new ArrayAdapter();
-        $blockedTokenManager = new BlockedTokenManager($cacheAdapter);
+        $blockedTokenManager = new CacheItemPoolBlockedTokenManager($cacheAdapter);
 
         $expirationDateTime = new DateTimeImmutable('2050-01-01 00:00:00');
         self::assertTrue(
@@ -103,7 +103,7 @@ public function testShouldBlockTokenIfPaylaodHasNotExpired()
     public function testHasToken()
     {
         $cacheAdapter = new ArrayAdapter();
-        $blockedTokenManager = new BlockedTokenManager($cacheAdapter);
+        $blockedTokenManager = new CacheItemPoolBlockedTokenManager($cacheAdapter);
 
         $expirationDateTime = new DateTimeImmutable('2050-01-01 00:00:00');
         $payload = [