fixup! updated lcobucci/jwt to version 4.1.5

shopsys · Apr 12, 2022 · 5de6486 · 5de6486
1 parent 95c0ff6
commit 5de6486
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/packages/frontend-api/src/Model/Mutation/Login/RefreshTokensMutation.php b/packages/frontend-api/src/Model/Mutation/Login/RefreshTokensMutation.php
@@ -5,6 +5,7 @@
 namespace Shopsys\FrontendApiBundle\Model\Mutation\Login;
 
 use GraphQL\Error\UserError;
+use Lcobucci\JWT\Token\DataSet;
 use Overblog\GraphQLBundle\Definition\Argument;
 use Overblog\GraphQLBundle\Definition\Resolver\AliasedInterface;
 use Overblog\GraphQLBundle\Definition\Resolver\MutationInterface;
@@ -55,6 +56,8 @@ public function refreshTokens(Argument $argument): array
         $refreshToken = $argument['input']['refreshToken'];
         $token = $this->tokenFacade->getTokenByString($refreshToken);
 
+        $this->assertClaimsExists($token->claims());
+
         $userUuid = $token->claims()->get('uuid');
 
         try {
@@ -64,6 +67,7 @@ public function refreshTokens(Argument $argument): array
         }
 
         $tokenSecretChain = $token->claims()->get('secretChain');
+
         $customerUserValidRefreshTokenChain = $this->customerUserRefreshTokenChainFacade->findCustomersTokenChainByCustomerUserAndSecretChain(
             $customerUser,
             $tokenSecretChain
@@ -85,6 +89,17 @@ public function refreshTokens(Argument $argument): array
         ];
     }
 
+    /**
+     * @param \Lcobucci\JWT\Token\DataSet $claims
+     * @return void
+     */
+    private function assertClaimsExists(DataSet $claims): void
+    {
+        if (!$claims->has('uuid') || !$claims->has('secretChain')) {
+            throw new UserError('Token is not valid.');
+        }
+    }
+
     /**
      * @return string[]
      */