Add decoded token to request as attribute when requested

$app->add(new \Slim\Middleware\JwtAuthentication([ "secret" => "supersecretkeyyoushouldnotcommittogithub", ])); $decoded = $request->getAttribute("token"); You can change attribute name via attribute option. Set to null or false to disable this feature. $app->add(new \Slim\Middleware\JwtAuthentication([ "secret" => "supersecretkeyyoushouldnotcommittogithub", "attribute" => "jwt" ])); $decoded = $request->getAttribute("jwt");
tuupola · Mar 15, 2016 · fb8541c · fb8541c
1 parent d96ef57
commit fb8541c
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 0 deletions.
diff --git a/src/JwtAuthentication.php b/src/JwtAuthentication.php
@@ -33,6 +33,7 @@ class JwtAuthentication
         "relaxed" => ["localhost", "127.0.0.1"],
         "environment" => "HTTP_AUTHORIZATION",
         "cookie" => "token",
+        "attribute" => "token",
         "path" => null,
         "callback" => null,
         "error" => null
@@ -112,6 +113,11 @@ public function __invoke(RequestInterface $request, ResponseInterface $response,
             }
         }
 
+        /* Add decoded token to request as attribute when requested. */
+        if ($this->options["attribute"]) {
+            $request = $request->withAttribute($this->options["attribute"], $decoded);
+        }
+
         /* Everything ok, call next middleware and return. */
         return $next($request, $response);
     }
@@ -487,4 +493,26 @@ public function setMessage($message)
         $this->message = $message;
         return $this;
     }
+
+    /**
+     * Get the attribute name used to attach decoded token to request
+     *
+     * @return String
+     */
+    public function getAttribute()
+    {
+        return $this->options["attribute"];
+    }
+
+    /**
+     * Set the attribute name used to attach decoded token to request
+     *
+     * @param String
+     * @return self
+     */
+    public function setAttribute($attribute)
+    {
+        $this->options["attribute"] = $attribute;
+        return $this;
+    }
 }
diff --git a/tests/JwtAuthenticationTest.php b/tests/JwtAuthenticationTest.php
@@ -506,4 +506,40 @@ public function testShouldAllowUnauthenticatedHttp()
         $this->assertEquals(200, $response->getStatusCode());
         $this->assertEquals("Success", $response->getBody());
     }
+
+    public function testShouldAttachDecodedTokenToRequest()
+    {
+        $uri = Uri::createFromString("https://example.com/api?abc=123");
+        $headers = new Headers();
+        $cookies = [];
+        $server = ["HTTP_AUTHORIZATION" => "Bearer " . self::$token];
+        $body = new Body(fopen("php://temp", "r+"));
+        $request = new Request("GET", $uri, $headers, $cookies, $server, $body);
+
+        $response = new Response();
+
+        $dummy = null;
+        $auth = new JwtAuthentication([
+            "secret" => "supersecretkeyyoushouldnotcommittogithub"
+        ]);
+
+        $next = function (Request $request, Response $response) use (&$dummy) {
+            $dummy = $request->getAttribute("token");
+            return $response->write("Foo");
+        };
+
+        $response = $auth($request, $response, $next);
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $this->assertEquals("Foo", $response->getBody());
+        $this->assertTrue(is_object($dummy));
+        $this->assertEquals(self::$token_as_array, (array)$dummy);
+    }
+
+    public function testShouldGetAndSetAttributeName()
+    {
+        $auth = new \Slim\Middleware\JwtAuthentication;
+        $auth->setAttribute("nekot");
+        $this->assertEquals("nekot", $auth->getAttribute());
+    }
 }