miteshmap · miteshmap · Jan 16, 2022 · Jan 16, 2022
diff --git a/src/Authentication/Provider/AuthToken.php b/src/Authentication/Provider/AuthToken.php
diff --git a/src/EventSubscriber/TokenAuthyEventSubscriber.php b/src/EventSubscriber/TokenAuthyEventSubscriber.php
diff --git a/src/StackMiddleware/AuthTokenMiddleware.php b/src/StackMiddleware/AuthTokenMiddleware.php
@@ -0,0 +1,113 @@
+<?php
+
+namespace Drupal\tokenauthy\Stackmiddleware;
+
+use Drupal\Core\Entity\EntityTypeManagerInterface;
+use Drupal\Core\Session\SessionConfigurationInterface;
+use Drupal\tokenauthy\Services\TokenAuthy;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpFoundation\Session\SessionInterface;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+
+/**
+ * Middleware for the tokenauthy module.
+ */
+class AuthTokenMiddleware implements HttpKernelInterface {
+
+  /**
+   * The session.
+   *
+   * @var \Symfony\Component\HttpFoundation\Session\SessionInterface
+   */
+  protected $session;
+
+  /**
+   * The session configuration.
+   *
+   * @var \Drupal\Core\Session\SessionConfigurationInterface
+   */
+  protected $sessionConfiguration;
+
+
+  /**
+   * The entity type manager.
+   *
+   * @var \Drupal\Core\Entity\EntityTypeManagerInterface
+   */
+  protected $entityTypeManager;
+
+  /**
+   * The token service.
+   *
+   * @var \Drupal\tokenauthy\Services\TokenAuthy
+   */
+  protected $tokenAuthy;
+
+  /**
+   * Construct.
+   *
+   * @param \Symfony\Component\HttpKernel\HttpKernelInterface $http_kernel
+   *   The decorated kernel.
+   * @param \Symfony\Component\HttpFoundation\Session\SessionInterface $session
+   *   The session.
+   * @param \Drupal\Core\Session\SessionConfigurationInterface $session_configuration
+   *   The session configuration.
+   * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entityTypeManager
+   *   The entity type manager.
+   * @param \Drupal\tokenauthy\Services\TokenAuthy $tokenauthy
+   *   The token authy service.
+   */
+  public function __construct(
+    HttpKernelInterface $http_kernel,
+    SessionInterface $session,
+    SessionConfigurationInterface $session_configuration,
+    EntityTypeManagerInterface $entityTypeManager,
+    TokenAuthy $tokenauthy
+  ) {
+    $this->httpKernel = $http_kernel;
+    $this->session = $session;
+    $this->sessionConfiguration = $session_configuration;
+    $this->entityTypeManager = $entityTypeManager;
+    $this->tokenAuthy = $tokenauthy;
+  }
+
+
+  /**
+   * {@inheritdoc}
+   */
+  public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = TRUE) {
+    if (!$request->query->has('authtoken')
+      || $type != self::MASTER_REQUEST
+      || (PHP_SAPI === 'cli')
+      || ($request->hasSession() && $request->getSession()->has('uid'))
+    ) {
+      return $this->httpKernel->handle($request, $type, $catch);
+    }
+    else {
+      // Get the provided token.
+      if ($token = $request->query->get('authtoken')) {
+        // Find the user by given token.
+        if ($user = $this->tokenAuthy->getUserByToken($token)) {
+          // Check if the user is not blocked and is authenticated.
+          if ($user->isBlocked() && $user->isAuthenticated()) {
+            $response = new Response();
+            $response->headers->add([
+              'WWW-Authenticate' => 'Unauthorised user.',
+            ]);
+            $response->setStatusCode(401);
+            return $response;
+          }
+          $request->getSession()->set('uid', $user->id());
+          // As the cookies are not set when we are setting the uid in session.
+          // "cookie" authentication does not authenticate user.
+          // that's why getting the session name and setting it in cookie here.
+          $options = $this->sessionConfiguration->getOptions($request);
+          $request->cookies->set($options['name'], '');
+        }
+      }
+      return $this->httpKernel->handle($request, $type, $catch);
+    }
+  }
+
+}
diff --git a/tokenauthy.services.yml b/tokenauthy.services.yml
@@ -1,23 +1,18 @@
 services:
-  tokenauthy.authentication.auth_token:
-    class: Drupal\tokenauthy\Authentication\Provider\AuthToken
+  tokenauthy.middleware:
+    class: Drupal\tokenauthy\Stackmiddleware\AuthTokenMiddleware
     arguments:
       - '@session'
+      - '@session_configuration'
       - '@entity_type.manager'
       - '@tokenauthy'
     tags:
-      - { name: authentication_provider, provider_id: 'auth_token', priority: 50, global: TRUE }
+      - { name: http_middleware, priority: 20 }
   tokenauthy.page_cache_request_policy.by_pass_auth_token:
     class: Drupal\tokenauthy\PageCache\AllowAuthTokenRequests
     public: false
     tags:
       - { name: page_cache_request_policy }
-  tokenauthy.event_subscriber:
-    class: Drupal\tokenauthy\EventSubscriber\TokenAuthyEventSubscriber
-    arguments:
-      - '@session'
-    tags:
-      - { name: event_subscriber }
   tokenauthy:
     class: Drupal\tokenauthy\Services\TokenAuthy
     arguments: