lexik · slashfan · Jul 24, 2015 · Jul 22, 2015
diff --git a/DependencyInjection/Security/Factory/JWTFactory.php b/DependencyInjection/Security/Factory/JWTFactory.php
@@ -62,6 +62,19 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
 
         }
 
+        if ($config['cookie']['enabled']) {
+
+            $cookieExtractorId = 'lexik_jwt_authentication.extractor.cookie_extractor.' . $id;
+            $container
+                ->setDefinition($cookieExtractorId, new DefinitionDecorator('lexik_jwt_authentication.extractor.cookie_extractor'))
+                ->replaceArgument(0, $config['cookie']['name']);
+
+            $container
+                ->getDefinition($listenerId)
+                ->addMethodCall('addTokenExtractor', array(new Reference($cookieExtractorId)));
+
+        }
+
         return array($providerId, $listenerId, $entryPointId);
     }
 
@@ -99,6 +112,17 @@ public function addConfiguration(NodeDefinition $node)
                         ->end()
                     ->end()
                 ->end()
+                ->arrayNode('cookie')
+                ->addDefaultsIfNotSet()
+                    ->children()
+                        ->booleanNode('enabled')
+                            ->defaultFalse()
+                        ->end()
+                        ->scalarNode('name')
+                            ->defaultValue('BEARER')
+                        ->end()
+                    ->end()
+                ->end()
                 ->arrayNode('query_parameter')
                     ->addDefaultsIfNotSet()
                     ->children()

diff --git a/Resources/config/services.xml b/Resources/config/services.xml
@@ -14,6 +14,7 @@
         <parameter key="lexik_jwt_authentication.security.authentication.entry_point.class">Lexik\Bundle\JWTAuthenticationBundle\Security\Http\EntryPoint\JWTEntryPoint</parameter>
         <parameter key="lexik_jwt_authentication.extractor.authorization_header_extractor.class">Lexik\Bundle\JWTAuthenticationBundle\TokenExtractor\AuthorizationHeaderTokenExtractor</parameter>
         <parameter key="lexik_jwt_authentication.extractor.query_parameter_extractor.class">Lexik\Bundle\JWTAuthenticationBundle\TokenExtractor\QueryParameterTokenExtractor</parameter>
+        <parameter key="lexik_jwt_authentication.extractor.cookie_extractor.class">Lexik\Bundle\JWTAuthenticationBundle\TokenExtractor\CookieTokenExtractor</parameter>
     </parameters>
 
     <services>
@@ -68,6 +69,10 @@
         <service id="lexik_jwt_authentication.extractor.query_parameter_extractor" class="%lexik_jwt_authentication.extractor.query_parameter_extractor.class%" public="false">
             <argument /> <!-- Parameter Name -->
         </service>
+        <!-- Cookie Token Extractor -->
+        <service id="lexik_jwt_authentication.extractor.cookie_extractor" class="%lexik_jwt_authentication.extractor.cookie_extractor.class%" public="false">
+            <argument /> <!-- Name -->
+        </service>
         <!-- JWT Security Authentication Entry Point -->
         <service id="lexik_jwt_authentication.security.authentication.entry_point" class="%lexik_jwt_authentication.security.authentication.entry_point.class%" public="false"></service>
     </services>

diff --git a/Resources/doc/1-configuration-reference.md b/Resources/doc/1-configuration-reference.md
@@ -43,8 +43,11 @@ firewalls:
             authorization_header: # check token in Authorization Header
                 enabled: true
                 prefix:  Bearer
+            cookie:               # check token in a cookie
+                enabled: false
+                name:    BEARER
             query_parameter:      # check token in query string parameter
-                enabled: true
+                enabled: false
                 name:    bearer
             throw_exceptions:        false     # When an authentication failure occurs, return a 401 response immediately
             create_entry_point:      true      # When no authentication details are provided, create a default entry point that returns a 401 response

diff --git a/Tests/TokenExtractor/CookieTokenExtractorTest.php b/Tests/TokenExtractor/CookieTokenExtractorTest.php
@@ -0,0 +1,33 @@
+<?php
+
+namespace Lexik\Bundle\JWTAuthenticationBundle\Tests\TokenExtractor;
+
+use Lexik\Bundle\JWTAuthenticationBundle\TokenExtractor\CookieTokenExtractor;
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * CookieTokenExtractorTest
+ *
+ * @author Nicolas Cabot <[email protected]>
+ */
+class CookieTokenExtractorTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * test getRequestToken
+     */
+    public function testGetTokenRequest()
+    {
+        $extractor = new CookieTokenExtractor('BEARER');
+
+        $request = new Request();
+        $this->assertFalse($extractor->extract($request));
+
+        $request = new Request();
+        $request->cookies->add(array('BEAR' => 'testtoken'));
+        $this->assertFalse($extractor->extract($request));
+
+        $request = new Request();
+        $request->cookies->add(array('BEARER' => 'testtoken'));
+        $this->assertEquals('testtoken', $extractor->extract($request));
+    }
+}
diff --git a/TokenExtractor/CookieTokenExtractor.php b/TokenExtractor/CookieTokenExtractor.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace Lexik\Bundle\JWTAuthenticationBundle\TokenExtractor;
+
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * CookieTokenExtractor
+ *
+ * @author Nicolas Cabot <[email protected]>
+ */
+class CookieTokenExtractor implements TokenExtractorInterface
+{
+    /**
+     * @var string
+     */
+    protected $name;
+
+    /**
+     * @param string $name
+     */
+    public function __construct($name)
+    {
+        $this->name = $name;
+    }
+
+    /**
+     * @param Request $request
+     * @return string
+     */
+    public function extract(Request $request)
+    {
+        if (!$request->cookies->has($this->name)) {
+            return false;
+        }
+
+        return $request->cookies->get($this->name);
+    }
+}