1+ <?php
2+
3+ namespace Kino \Auth \JWT \Auth ;
4+
5+ use Illuminate \Auth \GuardHelpers ;
6+ use Illuminate \Contracts \Auth \Authenticatable ;
7+ use Illuminate \Http \Request ;
8+ use Illuminate \Support \Str ;
9+ use Kino \Auth \JWT \Contracts \Auth \Guard as GuardContract ;
10+
11+ /**
12+ * JWT Guard class.
13+ *
14+ * This class is responsible for actually authenticating requests that
15+ * comes with a token (or denying those without a token or with a
16+ * invalid one).
17+ */
18+ class Guard implements GuardContract
19+ {
20+ // this trait bootstrap some common guard methods
21+ // so we just need to implement a few ones.
22+ use GuardHelpers;
23+
24+ /**
25+ * @var \Illuminate\Contracts\Foundation\Application
26+ */
27+ protected $ app
28+
29+ /**
30+ * Guard / Provider name.
31+ *
32+ * @var string
33+ */
34+ protected $ name
35+
36+ /**
37+ * The currently authenticated user.
38+ *
39+ * @var \Illuminate\Contracts\Auth\Authenticatable
40+ */
41+ protected $ user
42+
43+ /**
44+ * The user provider implementation.
45+ *
46+ * @var \Illuminate\Contracts\Auth\UserProvider
47+ */
48+ protected $ provider
49+
50+
51+ /**
52+ * The token manager implementation.
53+ *
54+ * @var \Kino\Auth\JWT\Contracts\Token\Manager
55+ */
56+ protected $ manager
57+
58+ /**
59+ * Used to allow checks just after logout.
60+ *
61+ * In a JWT scenario, logged out means there was an explicit action
62+ * to log out the user and the token has been blacklisted.
63+ *
64+ * @var bool
65+ */
66+ protected $ loggedOutfalse ;
67+
68+ /**
69+ * JWT Guard constructor.
70+ *
71+ * @param \Illuminate\Contracts\Foundation\Application $app
72+ * @param string $name
73+ * @param \Illuminate\Contracts\Auth\UserProvider $provider
74+ * @param \Kino\Auth\JWT\Contracts\Token\Manager $manager
75+ */
76+ public function __construct ($ app$ name$ provider$ manager
77+ {
78+ // assign constructor arguments into instance scope.
79+ $ this app = $ app
80+ $ this name = $ name
81+ $ this provider = $ provider
82+ $ this manager = $ manager
83+ }
84+
85+ public function validate (array $ credentials
86+ {
87+ // TODO: Implement validate() method.
88+ }
89+
90+ /**
91+ * Attempt to authenticate a user using the given credentials.
92+ *
93+ * @param array $credentials
94+ * @param bool $remember
95+ * @return bool
96+ */
97+ public function attempt (array $ credentials$ rememberfalse )
98+ {
99+ // $this->fireAttemptEvent($credentials, $remember);
100+ //
101+ // $this->lastAttempted = $user = $this->provider->retrieveByCredentials($credentials);
102+ //
103+ // // If an implementation of UserInterface was returned, we'll ask the provider
104+ // // to validate the user against the given credentials, and if they are in
105+ // // fact valid we'll log the users into the application and return true.
106+ // if ($this->hasValidCredentials($user, $credentials)) {
107+ // $this->login($user, $remember);
108+ //
109+ // return true;
110+ // }
111+ //
112+ // // If the authentication attempt fails we will fire an event so that the user
113+ // // may be notified of any suspicious attempts to access their account from
114+ // // an unrecognized user. A developer may listen to this event as needed.
115+ // $this->fireFailedEvent($user, $credentials);
116+ //
117+ // return false;
118+ }
119+
120+ /**
121+ * Login a given user. It means, generate a new token for a user.
122+ *
123+ * @param Authenticatable $user
124+ * @param array $customClaims
125+ * @return mixed
126+ */
127+ public function login (Authenticatable $ userarray $ customClaims
128+ {
129+ // try to generate a new token for the user.
130+ $ token$ this manager ->issue ($ user$ customClaims
131+
132+ if ($ token
133+ // set current user as authenticated.
134+ $ this setUser ($ user
135+ // returns the recently generated token.
136+ return $ token
137+ }
138+
139+ // no token could be generated.
140+ }
141+
142+ public function user ()
143+ {
144+ // if the user was explicitly marked as logged out.
145+ if ($ this loggedOut ) {
146+ // just return null.
147+ return null ;
148+ }
149+
150+ /** @var Request $request */
151+ $ request$ this app ->request ;
152+
153+ // if there is no Authorization header on the request.
154+ if (!$ requestheaders ->has ('Authorization ' )) {
155+ // also return null since no user can be determined.
156+ return null ;
157+ }
158+
159+ // gets the authorization header from the request.
160+ $ header$ requestheaders ->get ('Authorization ' );
161+
162+ // gets the token part of the authorization header, as string.
163+ $ tokenStringreplaceFirst ('Bearer ' , '' , $ header
164+
165+ // parse the string token into a Token object
166+ $ token$ this manager ->parseToken ($ tokenString
167+
168+ // if the received token is not actually valid.
169+ if (!$ this manager ->validToken ($ token
170+ // also return null since the token
171+ // signature could not be determined.
172+ return null ;
173+ }
174+
175+ // if the token has expired.
176+ if ($ this manager ->expired ($ token
177+ // you got right?
178+ return null ;
179+ }
180+
181+ // retrieves the user ID from the token.
182+ $ id$ tokengetClaim ('sub ' );
183+
184+ // use the users provider to find the token subject (user)
185+ // but it's id (subject)
186+ $ user$ this provider ->retrieveById ($ id
187+
188+ // if the user has not been found.
189+ if (!$ user
190+ // abort!
191+ return null ;
192+ }
193+
194+ // set the current user on the scope.
195+ $ this setUser ($ user
196+
197+ // return the scope user.
198+ return $ this user ;
199+ }
200+
201+ /**
202+ * Log the user out of the application.
203+ *
204+ * @return void
205+ */
206+ public function logout ()
207+ {
208+ $ user$ this user ();
209+
210+ // blacklist the user token.
211+
212+ $ this loggedOut = true ;
213+ }
214+ }
0 commit comments