Больше не игнорируем JWT InvalidSubjectException

UnauthorizedHttpException в User/Component больше не логгируется
This commit is contained in:
ErickSkrauch 2017-12-02 21:04:48 +03:00
parent 868ee1c61c
commit 9356ad24b3
3 changed files with 19 additions and 10 deletions

View File

@ -17,6 +17,7 @@ use Emarref\Jwt\Verification\Context as VerificationContext;
use Exception; use Exception;
use Yii; use Yii;
use yii\base\InvalidConfigException; use yii\base\InvalidConfigException;
use yii\web\UnauthorizedHttpException;
use yii\web\User as YiiUserComponent; use yii\web\User as YiiUserComponent;
/** /**
@ -28,11 +29,11 @@ use yii\web\User as YiiUserComponent;
*/ */
class Component extends YiiUserComponent { class Component extends YiiUserComponent {
const KEEP_MINECRAFT_SESSIONS = 1; public const KEEP_MINECRAFT_SESSIONS = 1;
const KEEP_SITE_SESSIONS = 2; public const KEEP_SITE_SESSIONS = 2;
const KEEP_CURRENT_SESSION = 4; public const KEEP_CURRENT_SESSION = 4;
const JWT_SUBJECT_PREFIX = 'ely|'; public const JWT_SUBJECT_PREFIX = 'ely|';
public $enableSession = false; public $enableSession = false;
@ -59,7 +60,7 @@ class Component extends YiiUserComponent {
} }
public function findIdentityByAccessToken($accessToken): ?IdentityInterface { public function findIdentityByAccessToken($accessToken): ?IdentityInterface {
if ($accessToken === null) { if (empty($accessToken)) {
return null; return null;
} }
@ -67,10 +68,13 @@ class Component extends YiiUserComponent {
$identityClass = $this->identityClass; $identityClass = $this->identityClass;
try { try {
return $identityClass::findIdentityByAccessToken($accessToken); return $identityClass::findIdentityByAccessToken($accessToken);
} catch (UnauthorizedHttpException $e) {
// Do nothing. It's okay to catch this.
} catch (Exception $e) { } catch (Exception $e) {
Yii::error($e); Yii::error($e);
return null;
} }
return null;
} }
public function createJwtAuthenticationToken(Account $account, bool $rememberMe): AuthenticationResult { public function createJwtAuthenticationToken(Account $account, bool $rememberMe): AuthenticationResult {
@ -223,7 +227,7 @@ class Component extends YiiUserComponent {
*/ */
protected function getClaims(Account $account): array { protected function getClaims(Account $account): array {
$currentTime = new DateTime(); $currentTime = new DateTime();
$hostInfo = Yii::$app->request->hostInfo; $hostInfo = Yii::$app->request->hostIHttpExceptionnfo;
return [ return [
new ScopesClaim([R::ACCOUNTS_WEB_USER]), new ScopesClaim([R::ACCOUNTS_WEB_USER]),

View File

@ -5,6 +5,13 @@ use common\models\Account;
interface IdentityInterface extends \yii\web\IdentityInterface { interface IdentityInterface extends \yii\web\IdentityInterface {
/**
* @param string $token
* @param string $type
*
* @throws \yii\web\UnauthorizedHttpException
* @return IdentityInterface
*/
public static function findIdentityByAccessToken($token, $type = null): IdentityInterface; public static function findIdentityByAccessToken($token, $type = null): IdentityInterface;
/** /**

View File

@ -4,7 +4,6 @@ namespace api\components\User;
use common\models\Account; use common\models\Account;
use Emarref\Jwt\Claim\Subject; use Emarref\Jwt\Claim\Subject;
use Emarref\Jwt\Exception\ExpiredException; use Emarref\Jwt\Exception\ExpiredException;
use Emarref\Jwt\Exception\InvalidSubjectException;
use Emarref\Jwt\Token; use Emarref\Jwt\Token;
use Exception; use Exception;
use Yii; use Yii;
@ -29,8 +28,7 @@ class JwtIdentity implements IdentityInterface {
$component = Yii::$app->user; $component = Yii::$app->user;
try { try {
$token = $component->parseToken($rawToken); $token = $component->parseToken($rawToken);
} catch (ExpiredException | InvalidSubjectException $e) { } catch (ExpiredException $e) {
// InvalidSubjectException is temporary solution and should be removed in the next release
throw new UnauthorizedHttpException('Token expired'); throw new UnauthorizedHttpException('Token expired');
} catch (Exception $e) { } catch (Exception $e) {
Yii::error($e); Yii::error($e);