dyb-tech.com/LaLiga-BackEnd
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

welcome back to dyb-tech

Browse Source
This commit is contained in:
Daniel Guzman
2024-05-18 02:28:01 +02:00
parent 9513cdba09
commit 9f30bc98c7
6149 changed files with 668407 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
vendor/lexik/jwt-authentication-bundle/DependencyInjection/Compiler/ApiPlatformOpenApiPass.php
Vendored
+52
View File
@@ -0,0 +1,52 @@
<?php
namespace Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Compiler;
use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
use Symfony\Component\DependencyInjection\ContainerBuilder;
class ApiPlatformOpenApiPass implements CompilerPassInterface
{
public function process(ContainerBuilder $container): void
{
if (!$container->hasDefinition('lexik_jwt_authentication.api_platform.openapi.factory') || !$container->hasParameter('security.firewalls')) {
return;
}
$checkPath = null;
$usernamePath = null;
$passwordPath = null;
$firewalls = $container->getParameter('security.firewalls');
foreach ($firewalls as $firewallName) {
if ($container->hasDefinition('security.authenticator.json_login.' . $firewallName)) {
$firewallOptions = $container->getDefinition('security.authenticator.json_login.' . $firewallName)->getArgument(4);
$checkPath = $firewallOptions['check_path'];
$usernamePath = $firewallOptions['username_path'];
$passwordPath = $firewallOptions['password_path'];
break;
}
}
$openApiFactoryDefinition = $container->getDefinition('lexik_jwt_authentication.api_platform.openapi.factory');
$checkPathArg = $openApiFactoryDefinition->getArgument(1);
$usernamePathArg = $openApiFactoryDefinition->getArgument(2);
$passwordPathArg = $openApiFactoryDefinition->getArgument(3);
if (!$checkPath && !$checkPathArg) {
$container->removeDefinition('lexik_jwt_authentication.api_platform.openapi.factory');
return;
}
if (!$checkPathArg) {
$openApiFactoryDefinition->replaceArgument(1, $checkPath);
}
if (!$usernamePathArg) {
$openApiFactoryDefinition->replaceArgument(2, $usernamePath ?? 'username');
}
if (!$passwordPathArg) {
$openApiFactoryDefinition->replaceArgument(3, $passwordPath ?? 'password');
}
}
}
vendor/lexik/jwt-authentication-bundle/DependencyInjection/Compiler/DeprecateLegacyGuardAuthenticatorPass.php
Vendored
+32
View File
@@ -0,0 +1,32 @@
<?php
namespace Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Compiler;
use Lexik\Bundle\JWTAuthenticationBundle\Security\Guard\JWTTokenAuthenticator;
use Symfony\Component\Config\Definition\BaseNode;
use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Reference;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
/**
* @internal
*/
class DeprecateLegacyGuardAuthenticatorPass implements CompilerPassInterface
{
public function process(ContainerBuilder $container): void
{
if (!$container->hasParameter('lexik_jwt_authentication.authenticator_manager_enabled') || !$container->getParameter('lexik_jwt_authentication.authenticator_manager_enabled')) {
return;
}
$deprecationArgs = ['The "%service_id%" service is deprecated and will be removed in 3.0, use the new "jwt" authenticator instead.'];
if (method_exists(BaseNode::class, 'getDeprecation')) {
$deprecationArgs = ['lexik/jwt-authentication-bundle', '2.7', 'The "%service_id%" service is deprecated and will be removed in 3.0, use the new "jwt" authenticator instead.'];
}
$container
->getDefinition('lexik_jwt_authentication.security.guard.jwt_token_authenticator')
->setDeprecated(...$deprecationArgs);
}
}
vendor/lexik/jwt-authentication-bundle/DependencyInjection/Compiler/WireGenerateTokenCommandPass.php
Vendored
+21
View File
@@ -0,0 +1,21 @@
<?php
namespace Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Compiler;
use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
use Symfony\Component\DependencyInjection\ContainerBuilder;
class WireGenerateTokenCommandPass implements CompilerPassInterface
{
public function process(ContainerBuilder $container): void
{
if (!$container->hasDefinition('lexik_jwt_authentication.generate_token_command') || !$container->hasDefinition('security.context_listener')) {
return;
}
$container
->getDefinition('lexik_jwt_authentication.generate_token_command')
->replaceArgument(1, $container->getDefinition('security.context_listener')->getArgument(1))
;
}
}
vendor/lexik/jwt-authentication-bundle/DependencyInjection/Configuration.php
Vendored
+318
View File
@@ -0,0 +1,318 @@
<?php
namespace Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection;
use ApiPlatform\Symfony\Bundle\ApiPlatformBundle;
use Symfony\Component\Config\Definition\BaseNode;
use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition;
use Symfony\Component\Config\Definition\Builder\TreeBuilder;
use Symfony\Component\Config\Definition\ConfigurationInterface;
use Symfony\Component\HttpFoundation\Cookie;
use Symfony\Component\Security\Core\User\UserInterface;
/**
* LexikJWTAuthenticationBundle Configuration.
*/
class Configuration implements ConfigurationInterface
{
public const INVALID_KEY_PATH = "The file %s doesn't exist or is not readable.\nIf the configured encoder doesn't need this to be configured, please don't set this option or leave it null.";
/**
* {@inheritdoc}
*/
public function getConfigTreeBuilder(): TreeBuilder
{
$treeBuilder = new TreeBuilder('lexik_jwt_authentication');
$treeBuilder
->getRootNode()
->addDefaultsIfNotSet()
->children()
->scalarNode('private_key_path')
->setDeprecated(...$this->getDeprecationParameters('The "%path%.%node%" configuration key is deprecated since version 2.5. Use "%path%.secret_key" instead.', '2.5'))
->defaultNull()
->end()
->scalarNode('public_key_path')
->setDeprecated(...$this->getDeprecationParameters('The "%path%.%node%" configuration key is deprecated since version 2.5. Use "%path%.public_key" instead.', '2.5'))
->defaultNull()
->end()
->scalarNode('public_key')
->info('The key used to sign tokens (useless for HMAC). If not set, the key will be automatically computed from the secret key.')
->defaultNull()
->end()
->arrayNode('additional_public_keys')
->info('Multiple public keys to try to verify token signature. If none is given, it will use the key provided in "public_key".')
->scalarPrototype()->end()
->end()
->scalarNode('secret_key')
->info('The key used to sign tokens. It can be a raw secret (for HMAC), a raw RSA/ECDSA key or the path to a file itself being plaintext or PEM.')
->defaultNull()
->end()
->scalarNode('pass_phrase')
->info('The key passphrase (useless for HMAC)')
->defaultValue('')
->end()
->scalarNode('token_ttl')
->defaultValue(3600)
->end()
->booleanNode('allow_no_expiration')
->info('Allow tokens without "exp" claim (i.e. indefinitely valid, no lifetime) to be considered valid. Caution: usage of this should be rare.')
->defaultFalse()
->end()
->scalarNode('clock_skew')
->defaultValue(0)
->end()
->arrayNode('encoder')
->addDefaultsIfNotSet()
->children()
->scalarNode('service')
->defaultValue('lexik_jwt_authentication.encoder.lcobucci')
->end()
->scalarNode('signature_algorithm')
->defaultValue('RS256')
->cannotBeEmpty()
->end()
->enumNode('crypto_engine')
->values(['openssl', 'phpseclib'])
->defaultValue('openssl')
->setDeprecated(...$this->getDeprecationParameters('The "%path%.%node%" configuration key is deprecated since version 2.5, built-in encoders support OpenSSL only', '2.5'))
->end()
->end()
->end()
->scalarNode('user_identity_field')
->setDeprecated(...$this->getDeprecationParameters('The "%path%.%node%" configuration key is deprecated since version 2.16, use "%path%.user_id_claim" or implement "' . UserInterface::class . '::getUserIdentifier()" instead.', '2.16'))
->defaultValue('username')
->cannotBeEmpty()
->end()
->scalarNode('user_id_claim')
->defaultNull()
->info('If null, the user ID claim will have the same name as the one defined by the option "user_identity_field"')
->end()
->append($this->getTokenExtractorsNode())
->scalarNode('remove_token_from_body_when_cookies_used')
->defaultTrue()
->end()
->arrayNode('set_cookies')
->fixXmlConfig('set_cookie')
->normalizeKeys(false)
->useAttributeAsKey('name')
->prototype('array')
->children()
->scalarNode('lifetime')
->defaultNull()
->info('The cookie lifetime. If null, the "token_ttl" option value will be used')
->end()
->enumNode('samesite')
->values([Cookie::SAMESITE_NONE, Cookie::SAMESITE_LAX, Cookie::SAMESITE_STRICT])
->defaultValue(Cookie::SAMESITE_LAX)
->end()
->scalarNode('path')->defaultValue('/')->cannotBeEmpty()->end()
->scalarNode('domain')->defaultNull()->end()
->scalarNode('secure')->defaultTrue()->end()
->scalarNode('httpOnly')->defaultTrue()->end()
->scalarNode('partitioned')->defaultFalse()->end()
->arrayNode('split')
->scalarPrototype()->end()
->end()
->end()
->end()
->end()
->arrayNode('api_platform')
->canBeEnabled()
->info('API Platform compatibility: add check_path in OpenAPI documentation.')
->children()
->scalarNode('check_path')
->defaultNull()
->info('The login check path to add in OpenAPI.')
->end()
->scalarNode('username_path')
->defaultNull()
->info('The path to the username in the JSON body.')
->end()
->scalarNode('password_path')
->defaultNull()
->info('The path to the password in the JSON body.')
->end()
->end()
->end()
->arrayNode('access_token_issuance')
->fixXmlConfig('access_token_issuance')
->canBeEnabled()
->children()
->arrayNode('signature')
->fixXmlConfig('signature')
->addDefaultsIfNotSet()
->children()
->scalarNode('algorithm')
->isRequired()
->info('The algorithm use to sign the access tokens.')
->end()
->scalarNode('key')
->isRequired()
->info('The signature key. It shall be JWK encoded.')
->end()
->end()
->end()
->arrayNode('encryption')
->fixXmlConfig('encryption')
->canBeEnabled()
->children()
->scalarNode('key_encryption_algorithm')
->isRequired()
->cannotBeEmpty()
->info('The key encryption algorithm is used to encrypt the token.')
->end()
->scalarNode('content_encryption_algorithm')
->isRequired()
->cannotBeEmpty()
->info('The key encryption algorithm is used to encrypt the token.')
->end()
->scalarNode('key')
->isRequired()
->info('The encryption key. It shall be JWK encoded.')
->end()
->end()
->end()
->end()
->end()
->arrayNode('access_token_verification')
->fixXmlConfig('access_token_verification')
->canBeEnabled()
->children()
->arrayNode('signature')
->fixXmlConfig('signature')
->addDefaultsIfNotSet()
->children()
->arrayNode('header_checkers')
->fixXmlConfig('header_checkers')
->scalarPrototype()->end()
->defaultValue([])
->info('The headers to be checked for validating the JWS.')
->end()
->arrayNode('claim_checkers')
->fixXmlConfig('claim_checkers')
->scalarPrototype()->end()
->defaultValue(['exp_with_clock_skew', 'iat_with_clock_skew', 'nbf_with_clock_skew'])
->info('The claims to be checked for validating the JWS.')
->end()
->arrayNode('mandatory_claims')
->fixXmlConfig('mandatory_claims')
->scalarPrototype()->end()
->defaultValue([])
->info('The list of claims that shall be present in the JWS.')
->end()
->arrayNode('allowed_algorithms')
->fixXmlConfig('allowed_algorithms')
->scalarPrototype()->end()
->requiresAtLeastOneElement()
->info('The algorithms allowed to be used for token verification.')
->end()
->scalarNode('keyset')
->isRequired()
->info('The signature keyset. It shall be JWKSet encoded.')
->end()
->end()
->end()
->arrayNode('encryption')
->fixXmlConfig('encryption')
->canBeEnabled()
->children()
->booleanNode('continue_on_decryption_failure')
->defaultFalse()
->info('If enable, non-encrypted tokens or tokens that failed during decryption or verification processes are accepted.')
->end()
->arrayNode('header_checkers')
->fixXmlConfig('header_checkers')
->scalarPrototype()->end()
->defaultValue(['iat_with_clock_skew', 'nbf_with_clock_skew', 'exp_with_clock_skew'])
->info('The headers to be checked for validating the JWE.')
->end()
->arrayNode('allowed_key_encryption_algorithms')
->fixXmlConfig('allowed_key_encryption_algorithms')
->scalarPrototype()->end()
->requiresAtLeastOneElement()
->info('The key encryption algorithm is used to encrypt the token.')
->end()
->arrayNode('allowed_content_encryption_algorithms')
->fixXmlConfig('allowed_content_encryption_algorithms')
->scalarPrototype()->end()
->requiresAtLeastOneElement()
->info('The key encryption algorithm is used to encrypt the token.')
->end()
->scalarNode('keyset')
->isRequired()
->info('The encryption keyset. It shall be JWKSet encoded.')
->end()
->end()
->end()
->end()
->end()
->end()
->end();
return $treeBuilder;
}
private function getTokenExtractorsNode(): ArrayNodeDefinition
{
$builder = new TreeBuilder('token_extractors');
$node = $builder->getRootNode();
$node
->addDefaultsIfNotSet()
->children()
->arrayNode('authorization_header')
->addDefaultsIfNotSet()
->canBeDisabled()
->children()
->scalarNode('prefix')
->defaultValue('Bearer')
->end()
->scalarNode('name')
->defaultValue('Authorization')
->end()
->end()
->end()
->arrayNode('cookie')
->addDefaultsIfNotSet()
->canBeEnabled()
->children()
->scalarNode('name')
->defaultValue('BEARER')
->end()
->end()
->end()
->arrayNode('query_parameter')
->addDefaultsIfNotSet()
->canBeEnabled()
->children()
->scalarNode('name')
->defaultValue('bearer')
->end()
->end()
->end()
->arrayNode('split_cookie')
->canBeEnabled()
->children()
->arrayNode('cookies')
->scalarPrototype()->end()
->end()
->end()
->end()
->end()
;
return $node;
}
/**
* Returns the correct deprecation parameters for setDeprecated.
*/
private function getDeprecationParameters(string $message, string $version): array
{
if (method_exists(BaseNode::class, 'getDeprecation')) {
return ['lexik/jwt-authentication-bundle', $version, $message];
}
return [$message];
}
}
vendor/lexik/jwt-authentication-bundle/DependencyInjection/LexikJWTAuthenticationExtension.php
Vendored
+262
View File
@@ -0,0 +1,262 @@
<?php
namespace Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection;
use ApiPlatform\Symfony\Bundle\ApiPlatformBundle;
use Lexik\Bundle\JWTAuthenticationBundle\Encoder\JWTEncoderInterface;
use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
use Symfony\Component\Config\FileLocator;
use Symfony\Component\Config\Loader\LoaderInterface;
use Symfony\Component\Console\Application;
use Symfony\Component\DependencyInjection\Alias;
use Symfony\Component\DependencyInjection\Argument\IteratorArgument;
use Symfony\Component\DependencyInjection\ChildDefinition;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Exception\LogicException;
use Symfony\Component\DependencyInjection\Loader\XmlFileLoader;
use Symfony\Component\DependencyInjection\Reference;
use Symfony\Component\HttpKernel\DependencyInjection\Extension;
use Symfony\Component\HttpKernel\Kernel;
/**
* This is the class that loads and manages your bundle configuration.
*
* To learn more see {@link http://symfony.com/doc/current/cookbook/bundles/extension.html}
*/
class LexikJWTAuthenticationExtension extends Extension
{
/**
* {@inheritdoc}
*/
public function load(array $configs, ContainerBuilder $container): void
{
$configuration = new Configuration();
$config = $this->processConfiguration($configuration, $configs);
$loader = new XmlFileLoader($container, new FileLocator(__DIR__ . '/../Resources/config'));
if (method_exists(Alias::class, 'getDeprecation')) {
$loader->load('deprecated_51.xml');
} else {
$loader->load('deprecated.xml');
}
$loader->load('jwt_manager.xml');
$loader->load('key_loader.xml');
$loader->load('namshi.xml');
$loader->load('lcobucci.xml');
$loader->load('response_interceptor.xml');
$loader->load('token_authenticator.xml');
$loader->load('token_extractor.xml');
$loader->load('guard_authenticator.xml');
if (isset($config['private_key_path'])) {
$config['secret_key'] = $config['private_key_path'];
$container->setParameter('lexik_jwt_authentication.private_key_path', $config['secret_key']);
}
if (isset($config['public_key_path'])) {
$config['public_key'] = $config['public_key_path'];
$container->setParameter('lexik_jwt_authentication.public_key_path', $config['public_key']);
}
if (empty($config['public_key']) && empty($config['secret_key'])) {
$e = new InvalidConfigurationException('You must either configure a "public_key" or a "secret_key".');
$e->setPath('lexik_jwt_authentication');
throw $e;
}
$container->setParameter('lexik_jwt_authentication.pass_phrase', $config['pass_phrase']);
$container->setParameter('lexik_jwt_authentication.token_ttl', $config['token_ttl']);
$container->setParameter('lexik_jwt_authentication.clock_skew', $config['clock_skew']);
$container->setParameter('lexik_jwt_authentication.user_identity_field', $config['user_identity_field']);
$container->setParameter('lexik_jwt_authentication.allow_no_expiration', $config['allow_no_expiration']);
$user_id_claim = $config['user_id_claim'] ?: $config['user_identity_field'];
$container->setParameter('lexik_jwt_authentication.user_id_claim', $user_id_claim);
$encoderConfig = $config['encoder'];
if ('lexik_jwt_authentication.encoder.default' === $encoderConfig['service']) {
@trigger_error('Using "lexik_jwt_authentication.encoder.default" as encoder service is deprecated since LexikJWTAuthenticationBundle 2.5, use "lexik_jwt_authentication.encoder.lcobucci" (default) or your own encoder service instead.', E_USER_DEPRECATED);
}
$container->setAlias('lexik_jwt_authentication.encoder', new Alias($encoderConfig['service'], true));
$container->setAlias(JWTEncoderInterface::class, 'lexik_jwt_authentication.encoder');
$container->setAlias(
'lexik_jwt_authentication.key_loader',
new Alias('lexik_jwt_authentication.key_loader.' . ('openssl' === $encoderConfig['crypto_engine'] && 'lexik_jwt_authentication.encoder.default' === $encoderConfig['service'] ? $encoderConfig['crypto_engine'] : 'raw'), true)
);
$container
->findDefinition('lexik_jwt_authentication.key_loader')
->replaceArgument(0, $config['secret_key'])
->replaceArgument(1, $config['public_key']);
if (isset($config['additional_public_keys'])) {
$container
->findDefinition('lexik_jwt_authentication.key_loader')
->replaceArgument(3, $config['additional_public_keys']);
}
$container->setParameter('lexik_jwt_authentication.encoder.signature_algorithm', $encoderConfig['signature_algorithm']);
$container->setParameter('lexik_jwt_authentication.encoder.crypto_engine', $encoderConfig['crypto_engine']);
$tokenExtractors = $this->createTokenExtractors($container, $config['token_extractors']);
$container
->getDefinition('lexik_jwt_authentication.extractor.chain_extractor')
->replaceArgument(0, $tokenExtractors);
if (isset($config['remove_token_from_body_when_cookies_used'])) {
$container
->getDefinition('lexik_jwt_authentication.handler.authentication_success')
->replaceArgument(3, $config['remove_token_from_body_when_cookies_used']);
}
if ($config['set_cookies']) {
$loader->load('cookie.xml');
$cookieProviders = [];
foreach ($config['set_cookies'] as $name => $attributes) {
if ($attributes['partitioned'] && Kernel::VERSION < '6.4') {
throw new \LogicException(sprintf('The `partitioned` option for cookies is only available for Symfony 6.4 and above. You are currently on version %s', Kernel::VERSION));
}
$container
->setDefinition($id = "lexik_jwt_authentication.cookie_provider.$name", new ChildDefinition('lexik_jwt_authentication.cookie_provider'))
->replaceArgument(0, $name)
->replaceArgument(1, $attributes['lifetime'] ?? ($config['token_ttl'] ?: 0))
->replaceArgument(2, $attributes['samesite'])
->replaceArgument(3, $attributes['path'])
->replaceArgument(4, $attributes['domain'])
->replaceArgument(5, $attributes['secure'])
->replaceArgument(6, $attributes['httpOnly'])
->replaceArgument(7, $attributes['split'])
->replaceArgument(8, $attributes['partitioned']);
$cookieProviders[] = new Reference($id);
}
$container
->getDefinition('lexik_jwt_authentication.handler.authentication_success')
->replaceArgument(2, new IteratorArgument($cookieProviders));
}
if (class_exists(Application::class)) {
$loader->load('console.xml');
$container
->getDefinition('lexik_jwt_authentication.generate_keypair_command')
->replaceArgument(1, $config['secret_key'])
->replaceArgument(2, $config['public_key'])
->replaceArgument(3, $config['pass_phrase'])
->replaceArgument(4, $encoderConfig['signature_algorithm']);
if (!$container->hasParameter('kernel.debug') || !$container->getParameter('kernel.debug')) {
$container->removeDefinition('lexik_jwt_authentication.migrate_config_command');
}
}
if ($this->isConfigEnabled($container, $config['api_platform'])) {
if (!class_exists(ApiPlatformBundle::class)) {
throw new LogicException('API Platform cannot be detected. Try running "composer require api-platform/core".');
}
$loader->load('api_platform.xml');
$container
->getDefinition('lexik_jwt_authentication.api_platform.openapi.factory')
->replaceArgument(1, $config['api_platform']['check_path'] ?? null)
->replaceArgument(2, $config['api_platform']['username_path'] ?? null)
->replaceArgument(3, $config['api_platform']['password_path'] ?? null);
}
$this->processWithWebTokenConfig($config, $container, $loader);
}
private function createTokenExtractors(ContainerBuilder $container, array $tokenExtractorsConfig): array
{
$map = [];
if ($this->isConfigEnabled($container, $tokenExtractorsConfig['authorization_header'])) {
$authorizationHeaderExtractorId = 'lexik_jwt_authentication.extractor.authorization_header_extractor';
$container
->getDefinition($authorizationHeaderExtractorId)
->replaceArgument(0, $tokenExtractorsConfig['authorization_header']['prefix'])
->replaceArgument(1, $tokenExtractorsConfig['authorization_header']['name']);
$map[] = new Reference($authorizationHeaderExtractorId);
}
if ($this->isConfigEnabled($container, $tokenExtractorsConfig['query_parameter'])) {
$queryParameterExtractorId = 'lexik_jwt_authentication.extractor.query_parameter_extractor';
$container
->getDefinition($queryParameterExtractorId)
->replaceArgument(0, $tokenExtractorsConfig['query_parameter']['name']);
$map[] = new Reference($queryParameterExtractorId);
}
if ($this->isConfigEnabled($container, $tokenExtractorsConfig['cookie'])) {
$cookieExtractorId = 'lexik_jwt_authentication.extractor.cookie_extractor';
$container
->getDefinition($cookieExtractorId)
->replaceArgument(0, $tokenExtractorsConfig['cookie']['name']);
$map[] = new Reference($cookieExtractorId);
}
if ($this->isConfigEnabled($container, $tokenExtractorsConfig['split_cookie'])) {
$cookieExtractorId = 'lexik_jwt_authentication.extractor.split_cookie_extractor';
$container
->getDefinition($cookieExtractorId)
->replaceArgument(0, $tokenExtractorsConfig['split_cookie']['cookies']);
$map[] = new Reference($cookieExtractorId);
}
return $map;
}
private function processWithWebTokenConfig(array $config, ContainerBuilder $container, LoaderInterface $loader): void
{
if ($config['access_token_issuance']['enabled'] === false && $config['access_token_verification']['enabled'] === false) {
return;
}
$loader->load('web_token.xml');
if ($config['access_token_issuance']['enabled'] === true) {
$loader->load('web_token_issuance.xml');
$accessTokenBuilder = 'lexik_jwt_authentication.access_token_builder';
$accessTokenBuilderDefinition = $container->getDefinition($accessTokenBuilder);
$accessTokenBuilderDefinition
->replaceArgument(3, $config['access_token_issuance']['signature']['algorithm'])
->replaceArgument(4, $config['access_token_issuance']['signature']['key'])
;
if ($config['access_token_issuance']['encryption']['enabled'] === true) {
$accessTokenBuilderDefinition
->replaceArgument(5, $config['access_token_issuance']['encryption']['key_encryption_algorithm'])
->replaceArgument(6, $config['access_token_issuance']['encryption']['content_encryption_algorithm'])
->replaceArgument(7, $config['access_token_issuance']['encryption']['key'])
;
}
}
if ($config['access_token_verification']['enabled'] === true) {
$loader->load('web_token_verification.xml');
$accessTokenLoader = 'lexik_jwt_authentication.access_token_loader';
$accessTokenLoaderDefinition = $container->getDefinition($accessTokenLoader);
$accessTokenLoaderDefinition
->replaceArgument(3, $config['access_token_verification']['signature']['claim_checkers'])
->replaceArgument(4, $config['access_token_verification']['signature']['header_checkers'])
->replaceArgument(5, $config['access_token_verification']['signature']['mandatory_claims'])
->replaceArgument(6, $config['access_token_verification']['signature']['allowed_algorithms'])
->replaceArgument(7, $config['access_token_verification']['signature']['keyset'])
;
if ($config['access_token_verification']['encryption']['enabled'] === true) {
$accessTokenLoaderDefinition
->replaceArgument(8, $config['access_token_verification']['encryption']['continue_on_decryption_failure'])
->replaceArgument(9, $config['access_token_verification']['encryption']['header_checkers'])
->replaceArgument(10, $config['access_token_verification']['encryption']['allowed_key_encryption_algorithms'])
->replaceArgument(11, $config['access_token_verification']['encryption']['allowed_content_encryption_algorithms'])
->replaceArgument(12, $config['access_token_verification']['encryption']['keyset'])
;
}
}
}
}
vendor/lexik/jwt-authentication-bundle/DependencyInjection/Security/Factory/JWTAuthenticatorFactory.php
Vendored
+53
View File
@@ -0,0 +1,53 @@
<?php
namespace Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Security\Factory;
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AuthenticatorFactoryInterface;
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
if (interface_exists(SecurityFactoryInterface::class) && !interface_exists(AuthenticatorFactoryInterface::class)) {
eval('
namespace Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Security\Factory;
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AuthenticatorFactoryInterface;
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
/**
* Wires the "jwt" authenticator from user configuration.
*
* @author Robin Chalas <robin.chalas@gmail.com>
*/
class JWTAuthenticatorFactory implements SecurityFactoryInterface
{
use JWTAuthenticatorFactoryTrait;
}
');
} elseif (!method_exists(SecurityExtension::class, 'addAuthenticatorFactory')) {
eval('
namespace Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Security\Factory;
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AuthenticatorFactoryInterface;
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
/**
* Wires the "jwt" authenticator from user configuration.
*
* @author Robin Chalas <robin.chalas@gmail.com>
*/
class JWTAuthenticatorFactory implements AuthenticatorFactoryInterface, SecurityFactoryInterface
{
use JWTAuthenticatorFactoryTrait;
}
');
} else {
/**
* Wires the "jwt" authenticator from user configuration.
*
* @author Robin Chalas <robin.chalas@gmail.com>
*/
class JWTAuthenticatorFactory implements AuthenticatorFactoryInterface
{
use JWTAuthenticatorFactoryTrait;
}
}
vendor/lexik/jwt-authentication-bundle/DependencyInjection/Security/Factory/JWTAuthenticatorFactoryTrait.php
Vendored
+82
View File
@@ -0,0 +1,82 @@
<?php
namespace Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Security\Factory;
use Symfony\Component\Config\Definition\Builder\NodeDefinition;
use Symfony\Component\DependencyInjection\ChildDefinition;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Reference;
/**
* Wires the "jwt" authenticator from user configuration.
*
* @author Robin Chalas <robin.chalas@gmail.com>
*/
trait JWTAuthenticatorFactoryTrait
{
/**
* @throws \LogicException
*
* @return array
*/
public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint)
{
throw new \LogicException('This method is implemented for BC purpose and should never be called.');
}
/**
* {@inheritdoc}
*/
public function getPriority(): int
{
return -10;
}
public function getPosition(): string
{
return 'pre_auth';
}
/**
* {@inheritdoc}
*/
public function getKey(): string
{
return 'jwt';
}
/**
* {@inheritdoc}
*/
public function addConfiguration(NodeDefinition $node): void
{
$node
->children()
->scalarNode('provider')
->defaultNull()
->end()
->scalarNode('authenticator')
->defaultValue('lexik_jwt_authentication.security.jwt_authenticator')
->end()
->end()
;
}
public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId): string
{
$authenticatorId = 'security.authenticator.jwt.' . $firewallName;
$userProviderId = empty($config['provider']) ? $userProviderId : 'security.user.provider.concrete.' . $config['provider'];
$container
->setDefinition($authenticatorId, new ChildDefinition($config['authenticator']))
->replaceArgument(3, new Reference($userProviderId))
;
// Compile-time parameter removed by RemoveLegacyAuthenticatorPass
// Stop setting it when guard support gets removed (aka when removing Symfony<5.3 support)
$container->setParameter('lexik_jwt_authentication.authenticator_manager_enabled', true);
return $authenticatorId;
}
}
vendor/lexik/jwt-authentication-bundle/DependencyInjection/Security/Factory/JWTFactory.php
Vendored
+182
View File
@@ -0,0 +1,182 @@
<?php
namespace Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Security\Factory;
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
use Symfony\Component\Config\Definition\BaseNode;
use Symfony\Component\Config\Definition\Builder\NodeDefinition;
use Symfony\Component\DependencyInjection\ChildDefinition;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Reference;
/**
* JWTFactory.
*
* @deprecated since 2.0, use the "lexik_jwt_authentication.jwt_token_authenticator" Guard
* authenticator instead
*
* @author Nicolas Cabot <n.cabot@lexik.fr>
*/
class JWTFactory implements SecurityFactoryInterface
{
public function __construct($triggerDeprecation = true)
{
if ($triggerDeprecation) {
trigger_deprecation('lexik/jwt-authentication-bundle', '2.0', 'Class "%s" is deprecated, use "%s" instead.', self::class, JWTAuthenticatorFactory::class);
}
}
/**
* {@inheritdoc}
*
* @return array
*/
public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint)
{
$providerId = 'security.authentication.provider.jwt.' . $id;
$container
->setDefinition($providerId, new ChildDefinition($config['authentication_provider']))
->replaceArgument(0, new Reference($userProvider));
$listenerId = 'security.authentication.listener.jwt.' . $id;
$container
->setDefinition($listenerId, new ChildDefinition($config['authentication_listener']))
->replaceArgument(2, $config);
$entryPointId = $defaultEntryPoint;
if ($config['create_entry_point']) {
$entryPointId = $this->createEntryPoint($container, $id, $defaultEntryPoint);
}
if ($config['authorization_header']['enabled']) {
$authorizationHeaderExtractorId = 'lexik_jwt_authentication.extractor.authorization_header_extractor.' . $id;
$container
->setDefinition($authorizationHeaderExtractorId, new ChildDefinition('lexik_jwt_authentication.extractor.authorization_header_extractor'))
->replaceArgument(0, $config['authorization_header']['prefix'])
->replaceArgument(1, $config['authorization_header']['name']);
$container
->getDefinition($listenerId)
->addMethodCall('addTokenExtractor', [new Reference($authorizationHeaderExtractorId)]);
}
if ($config['query_parameter']['enabled']) {
$queryParameterExtractorId = 'lexik_jwt_authentication.extractor.query_parameter_extractor.' . $id;
$container
->setDefinition($queryParameterExtractorId, new ChildDefinition('lexik_jwt_authentication.extractor.query_parameter_extractor'))
->replaceArgument(0, $config['query_parameter']['name']);
$container
->getDefinition($listenerId)
->addMethodCall('addTokenExtractor', [new Reference($queryParameterExtractorId)]);
}
if ($config['cookie']['enabled']) {
$cookieExtractorId = 'lexik_jwt_authentication.extractor.cookie_extractor.' . $id;
$container
->setDefinition($cookieExtractorId, new ChildDefinition('lexik_jwt_authentication.extractor.cookie_extractor'))
->replaceArgument(0, $config['cookie']['name']);
$container
->getDefinition($listenerId)
->addMethodCall('addTokenExtractor', [new Reference($cookieExtractorId)]);
}
return [$providerId, $listenerId, $entryPointId];
}
/**
* {@inheritdoc}
*
* @return string
*/
public function getPosition()
{
return 'pre_auth';
}
/**
* {@inheritdoc}
*
* @return string
*/
public function getKey()
{
return 'lexik_jwt';
}
/**
* {@inheritdoc}
*/
public function addConfiguration(NodeDefinition $node)
{
$deprecationArgs = ['The "%path%.%node%" configuration key is deprecated. Use the "lexik_jwt_authentication.jwt_token_authenticator" Guard authenticator instead.'];
if (method_exists(BaseNode::class, 'getDeprecation')) {
$deprecationArgs = ['lexik/jwt-authentication-bundle', '2.7', 'The "%path%.%node%" configuration key is deprecated. Use the "lexik_jwt_authentication.jwt_token_authenticator" Guard authenticator instead.'];
}
$node
->setDeprecated(...$deprecationArgs)
->children()
->arrayNode('authorization_header')
->addDefaultsIfNotSet()
->canBeDisabled()
->children()
->scalarNode('prefix')
->defaultValue('Bearer')
->end()
->scalarNode('name')
->defaultValue('Authorization')
->end()
->end()
->end()
->arrayNode('cookie')
->addDefaultsIfNotSet()
->canBeEnabled()
->children()
->scalarNode('name')
->defaultValue('BEARER')
->end()
->end()
->end()
->arrayNode('query_parameter')
->canBeEnabled()
->addDefaultsIfNotSet()
->children()
->scalarNode('name')
->defaultValue('bearer')
->end()
->end()
->end()
->booleanNode('throw_exceptions')
->defaultFalse()
->end()
->booleanNode('create_entry_point')
->defaultTrue()
->end()
->scalarNode('authentication_provider')
->defaultValue('lexik_jwt_authentication.security.authentication.provider')
->end()
->scalarNode('authentication_listener')
->defaultValue('lexik_jwt_authentication.security.authentication.listener')
->end()
->end();
}
/**
* Create an entry point, by default it sends a 401 header and ends the request.
*
* @param string $id
* @param mixed $defaultEntryPoint
*
* @return string
*/
protected function createEntryPoint(ContainerBuilder $container, $id, $defaultEntryPoint)
{
$entryPointId = 'lexik_jwt_authentication.security.authentication.entry_point.' . $id;
$container->setDefinition($entryPointId, new ChildDefinition('lexik_jwt_authentication.security.authentication.entry_point'));
return $entryPointId;
}
}
vendor/lexik/jwt-authentication-bundle/DependencyInjection/Security/Factory/JWTUserFactory.php
Vendored
+49
View File
@@ -0,0 +1,49 @@
<?php
namespace Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Security\Factory;
use Lexik\Bundle\JWTAuthenticationBundle\Security\User\JWTUser;
use Lexik\Bundle\JWTAuthenticationBundle\Security\User\JWTUserInterface;
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\UserProvider\UserProviderFactoryInterface;
use Symfony\Component\Config\Definition\Builder\NodeDefinition;
use Symfony\Component\DependencyInjection\ChildDefinition;
use Symfony\Component\DependencyInjection\ContainerBuilder;
/**
* Creates the `lexik_jwt` user provider.
*
* @internal
*
* @author Robin Chalas <robin.chalas@gmail.com>
*/
final class JWTUserFactory implements UserProviderFactoryInterface
{
public function create(ContainerBuilder $container, $id, $config): void
{
$container->setDefinition($id, new ChildDefinition('lexik_jwt_authentication.security.jwt_user_provider'))
->replaceArgument(0, $config['class']);
}
public function getKey(): string
{
return 'lexik_jwt';
}
public function addConfiguration(NodeDefinition $node): void
{
$node
->children()
->scalarNode('class')
->cannotBeEmpty()
->defaultValue(JWTUser::class)
->validate()
->ifTrue(function ($class) {
return !(new \ReflectionClass($class))->implementsInterface(JWTUserInterface::class);
})
->thenInvalid('The %s class must implement ' . JWTUserInterface::class . ' for using the "lexik_jwt" user provider.')
->end()
->end()
->end()
;
}
}