vendor/gesdinet/jwt-refresh-token-bundle/EventListener/AttachRefreshTokenOnSuccessListener.php line 103

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the GesdinetJWTRefreshTokenBundle package.
  5.  *
  6.  * (c) Gesdinet <http://www.gesdinet.com/>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Gesdinet\JWTRefreshTokenBundle\EventListener;
  14. use Gesdinet\JWTRefreshTokenBundle\Generator\RefreshTokenGeneratorInterface;
  15. use Gesdinet\JWTRefreshTokenBundle\Model\RefreshTokenInterface;
  16. use Gesdinet\JWTRefreshTokenBundle\Model\RefreshTokenManagerInterface;
  17. use Gesdinet\JWTRefreshTokenBundle\Request\Extractor\ExtractorInterface;
  18. use Lexik\Bundle\JWTAuthenticationBundle\Event\AuthenticationSuccessEvent;
  19. use Symfony\Component\HttpFoundation\Cookie;
  20. use Symfony\Component\Security\Core\User\UserInterface;
  21. use Symfony\Component\HttpFoundation\RequestStack;
  23. class AttachRefreshTokenOnSuccessListener
  24. {
  25.     /**
  26.      * @var RefreshTokenManagerInterface
  27.      */
  28.     protected $refreshTokenManager;
  30.     /**
  31.      * @var int
  32.      */
  33.     protected $ttl;
  35.     /**
  36.      * @var RequestStack
  37.      */
  38.     protected $requestStack;
  40.     /**
  41.      * @var string
  42.      */
  43.     protected $tokenParameterName;
  45.     /**
  46.      * @var bool
  47.      */
  48.     protected $singleUse;
  50.     /**
  51.      * @var RefreshTokenGeneratorInterface
  52.      */
  53.     protected $refreshTokenGenerator;
  55.     /**
  56.      * @var ExtractorInterface
  57.      */
  58.     protected $extractor;
  60.     protected array $cookieSettings;
  62.     protected bool $returnExpiration;
  64.     protected string $returnExpirationParameterName;
  66.     /**
  67.      * @param int    $ttl
  68.      * @param string $tokenParameterName
  69.      * @param bool   $singleUse
  70.      */
  71.     public function __construct(
  72.         RefreshTokenManagerInterface $refreshTokenManager,
  73.         $ttl,
  74.         RequestStack $requestStack,
  75.         $tokenParameterName,
  76.         $singleUse,
  77.         RefreshTokenGeneratorInterface $refreshTokenGenerator,
  78.         ExtractorInterface $extractor,
  79.         array $cookieSettings,
  80.         bool $returnExpiration false,
  81.         string $returnExpirationParameterName 'refresh_token_expiration'
  82.     ) {
  83.         $this->refreshTokenManager $refreshTokenManager;
  84.         $this->ttl $ttl;
  85.         $this->requestStack $requestStack;
  86.         $this->tokenParameterName $tokenParameterName;
  87.         $this->singleUse $singleUse;
  88.         $this->refreshTokenGenerator $refreshTokenGenerator;
  89.         $this->extractor $extractor;
  90.         $this->cookieSettings array_merge([
  91.             'enabled' => false,
  92.             'same_site' => 'lax',
  93.             'path' => '/',
  94.             'domain' => null,
  95.             'http_only' => true,
  96.             'secure' => true,
  97.             'remove_token_from_body' => true,
  98.         ], $cookieSettings);
  99.         $this->returnExpiration $returnExpiration;
  100.         $this->returnExpirationParameterName $returnExpirationParameterName;
  101.     }
  103.     public function attachRefreshToken(AuthenticationSuccessEvent $event): void
  104.     {
  105.         $user $event->getUser();
  107.         if (!$user instanceof UserInterface) {
  108.             return;
  109.         }
  111.         $data $event->getData();
  112.         $request $this->requestStack->getCurrentRequest();
  114.         if (null === $request) {
  115.             return;
  116.         }
  118.         // Extract refreshToken from the request
  119.         $refreshTokenString $this->extractor->getRefreshToken($request$this->tokenParameterName);
  121.         // Remove the current refreshToken if it is single-use
  122.         if ($refreshTokenString && true === $this->singleUse) {
  123.             $refreshToken $this->refreshTokenManager->get($refreshTokenString);
  124.             $refreshTokenString null;
  126.             if ($refreshToken instanceof RefreshTokenInterface) {
  127.                 $this->refreshTokenManager->delete($refreshToken);
  128.             }
  129.         }
  131.         // Set or create the refreshTokenString
  132.         if ($refreshTokenString) {
  133.             $data[$this->tokenParameterName] = $refreshTokenString;
  134.         } else {
  135.             $refreshToken $this->refreshTokenGenerator->createForUserWithTtl($user$this->ttl);
  137.             $this->refreshTokenManager->save($refreshToken);
  138.             $refreshTokenString $refreshToken->getRefreshToken();
  139.             $data[$this->tokenParameterName] = $refreshTokenString;
  140.         }
  142.         if ($this->returnExpiration) {
  143.             $data[$this->returnExpirationParameterName] = time() + $this->ttl;
  144.         }
  146.         // Add a response cookie if enabled
  147.         if ($this->cookieSettings['enabled']) {
  148.             $event->getResponse()->headers->setCookie(
  149.                 new Cookie(
  150.                     $this->tokenParameterName,
  151.                     $refreshTokenString,
  152.                     time() + $this->ttl,
  153.                     $this->cookieSettings['path'],
  154.                     $this->cookieSettings['domain'],
  155.                     $this->cookieSettings['secure'],
  156.                     $this->cookieSettings['http_only'],
  157.                     false,
  158.                     $this->cookieSettings['same_site']
  159.                 )
  160.             );
  162.             // Remove the refreshTokenString from the response body
  163.             if (isset($this->cookieSettings['remove_token_from_body']) && $this->cookieSettings['remove_token_from_body']) {
  164.                 unset($data[$this->tokenParameterName]);
  165.             }
  166.         }
  168.         // Set response data
  169.         $event->setData($data);
  170.     }
  171. }