From a2e3959e138d938c2e25513457400aafaaa5a910 Mon Sep 17 00:00:00 2001 From: Cedric LOMBARDOT Date: Tue, 14 Apr 2020 11:59:20 +0200 Subject: [PATCH] Enable to keep the modified payload after decode --- Resources/doc/2-data-customization.md | 23 ++++++++++++++++++++++ Services/JWTManager.php | 2 +- Tests/Functional/GetTokenTest.php | 28 +++++++++++++++++++++++++++ 3 files changed, 52 insertions(+), 1 deletion(-) diff --git a/Resources/doc/2-data-customization.md b/Resources/doc/2-data-customization.md index 9334ee3f..660964fe 100644 --- a/Resources/doc/2-data-customization.md +++ b/Resources/doc/2-data-customization.md @@ -139,6 +139,29 @@ public function onJWTDecoded(JWTDecodedEvent $event) } ``` +#### Example: Add additional data to payload - to get it in your [custom UserProvider](8-jwt-user-provider.md) + +``` php +// src/App/EventListener/JWTDecodedListener.php + +use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTDecodedEvent; + +/** + * @param JWTDecodedEvent $event + * + * @return void + */ +public function onJWTDecoded(JWTDecodedEvent $event) +{ + $payload = $event->getPayload(); + $user = $this->userRepository->findOneByUsername($payload['username']); + + $payload['custom_user_data'] = $user->getCustomUserInformations(); + + $event->setPayload($user); // Don't forget to regive the payload for next event / step +} +``` + Events::JWT_AUTHENTICATED - Customizing your security token ------------------------------------------------------------ diff --git a/Services/JWTManager.php b/Services/JWTManager.php index 43d230a5..35a63f5a 100644 --- a/Services/JWTManager.php +++ b/Services/JWTManager.php @@ -108,7 +108,7 @@ public function decode(TokenInterface $token) return false; } - return $payload; + return $event->getPayload(); } /** diff --git a/Tests/Functional/GetTokenTest.php b/Tests/Functional/GetTokenTest.php index 70ac3907..0a9765d3 100644 --- a/Tests/Functional/GetTokenTest.php +++ b/Tests/Functional/GetTokenTest.php @@ -4,6 +4,8 @@ use Lcobucci\JWT\Parser; use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTCreatedEvent; +use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTDecodedEvent; +use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTAuthenticatedEvent; use Lexik\Bundle\JWTAuthenticationBundle\Events; use Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationSuccessResponse; @@ -24,6 +26,32 @@ public function testGetToken() $this->assertArrayHasKey('token', $body, 'The response should have a "token" key containing a JWT Token.'); } + public function testGetTokenWithListener() + { + static::$client = static::createClient(); + + $subscriber = static::$kernel->getContainer()->get('lexik_jwt_authentication.test.jwt_event_subscriber'); + $subscriber->setListener(Events::JWT_DECODED, function (JWTDecodedEvent $e) { + $payload = $e->getPayload(); + $payload['added_data'] = 'still visible after the event'; + $e->setPayload($payload); + }); + + $payloadTested = new \stdClass(); + $payloadTested->payload = []; + $subscriber->setListener(Events::JWT_AUTHENTICATED, function (JWTAuthenticatedEvent $e) use ($payloadTested) { + $payloadTested->payload = $e->getPayload(); + }); + + static::$client->request('POST', '/login_check', ['_username' => 'lexik', '_password' => 'dummy']); + $body = json_decode(static::$client->getResponse()->getContent(), true); + + static::$client->request('GET', '/api/secured', [], [], [ 'HTTP_AUTHORIZATION' => "Bearer ".$body['token'] ]); + + $this->assertArrayHasKey('added_data', $payloadTested->payload, 'The payload should contains a "added_data" claim.'); + $this->assertSame('still visible after the event', $payloadTested->payload['added_data'], 'The "added_data" claim should be equal to "still visible after the event".'); + } + public function testGetTokenWithCustomClaim() { static::$client = static::createClient();