2017-09-19 22:36:16 +05:30
|
|
|
<?php
|
2019-08-01 14:47:12 +05:30
|
|
|
declare(strict_types=1);
|
|
|
|
|
2017-09-19 22:36:16 +05:30
|
|
|
namespace api\components\User;
|
|
|
|
|
2019-08-01 14:47:12 +05:30
|
|
|
use api\components\Tokens\TokensFactory;
|
2017-09-19 22:36:16 +05:30
|
|
|
use common\models\Account;
|
|
|
|
use Exception;
|
2019-08-01 14:47:12 +05:30
|
|
|
use Lcobucci\JWT\Token;
|
|
|
|
use Lcobucci\JWT\ValidationData;
|
|
|
|
use Webmozart\Assert\Assert;
|
2017-09-19 22:36:16 +05:30
|
|
|
use Yii;
|
|
|
|
use yii\base\NotSupportedException;
|
|
|
|
use yii\web\UnauthorizedHttpException;
|
|
|
|
|
|
|
|
class JwtIdentity implements IdentityInterface {
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var Token
|
|
|
|
*/
|
|
|
|
private $token;
|
|
|
|
|
2019-08-01 14:47:12 +05:30
|
|
|
private function __construct(Token $token) {
|
2018-04-18 02:17:25 +05:30
|
|
|
$this->token = $token;
|
|
|
|
}
|
|
|
|
|
2017-09-19 22:36:16 +05:30
|
|
|
public static function findIdentityByAccessToken($rawToken, $type = null): IdentityInterface {
|
|
|
|
try {
|
2019-08-01 14:47:12 +05:30
|
|
|
$token = Yii::$app->tokens->parse($rawToken);
|
2017-09-19 22:36:16 +05:30
|
|
|
} catch (Exception $e) {
|
|
|
|
Yii::error($e);
|
|
|
|
throw new UnauthorizedHttpException('Incorrect token');
|
|
|
|
}
|
|
|
|
|
2019-08-01 14:47:12 +05:30
|
|
|
if (!Yii::$app->tokens->verify($token)) {
|
|
|
|
throw new UnauthorizedHttpException('Incorrect token');
|
|
|
|
}
|
2017-09-19 22:36:16 +05:30
|
|
|
|
2019-08-01 14:47:12 +05:30
|
|
|
if ($token->isExpired()) {
|
|
|
|
throw new UnauthorizedHttpException('Token expired');
|
2017-09-19 22:36:16 +05:30
|
|
|
}
|
|
|
|
|
2019-08-01 14:47:12 +05:30
|
|
|
if (!$token->validate(new ValidationData())) {
|
|
|
|
throw new UnauthorizedHttpException('Incorrect token');
|
|
|
|
}
|
|
|
|
|
|
|
|
$sub = $token->getClaim('sub', false);
|
|
|
|
if ($sub !== false && strpos($sub, TokensFactory::SUB_ACCOUNT_PREFIX) !== 0) {
|
|
|
|
throw new UnauthorizedHttpException('Incorrect token');
|
2017-09-19 22:36:16 +05:30
|
|
|
}
|
|
|
|
|
2019-08-01 14:47:12 +05:30
|
|
|
return new self($token);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getAccount(): ?Account {
|
|
|
|
$subject = $this->token->getClaim('sub', false);
|
|
|
|
if ($subject === false) {
|
2017-09-19 22:36:16 +05:30
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
2019-08-01 14:47:12 +05:30
|
|
|
Assert::startsWith($subject, TokensFactory::SUB_ACCOUNT_PREFIX);
|
|
|
|
$accountId = (int)mb_substr($subject, mb_strlen(TokensFactory::SUB_ACCOUNT_PREFIX));
|
|
|
|
|
|
|
|
return Account::findOne(['id' => $accountId]);
|
2017-09-19 22:36:16 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
public function getAssignedPermissions(): array {
|
2019-08-01 14:47:12 +05:30
|
|
|
$scopesClaim = $this->token->getClaim('ely-scopes', false);
|
|
|
|
if ($scopesClaim === false) {
|
2017-09-19 22:36:16 +05:30
|
|
|
return [];
|
|
|
|
}
|
|
|
|
|
2019-08-01 14:47:12 +05:30
|
|
|
return explode(',', $scopesClaim);
|
2017-09-19 22:36:16 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
public function getId(): string {
|
2019-08-01 14:47:12 +05:30
|
|
|
return (string)$this->token;
|
2017-09-19 22:36:16 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
public function getAuthKey() {
|
|
|
|
throw new NotSupportedException('This method used for cookie auth, except we using Bearer auth');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function validateAuthKey($authKey) {
|
|
|
|
throw new NotSupportedException('This method used for cookie auth, except we using Bearer auth');
|
|
|
|
}
|
|
|
|
|
|
|
|
public static function findIdentity($id) {
|
|
|
|
throw new NotSupportedException('This method used for cookie auth, except we using Bearer auth');
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|