From e8999695834a4df7a31cb56470103df3f64e2b69 Mon Sep 17 00:00:00 2001 From: Peter Rauber Date: Tue, 26 Oct 2021 07:41:38 +0200 Subject: [PATCH 1/3] Intercept JWT authentication when party object is not to be found --- .../Authentication/Provider/JwtAuthenticationProvider.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Classes/Security/Authentication/Provider/JwtAuthenticationProvider.php b/Classes/Security/Authentication/Provider/JwtAuthenticationProvider.php index 9c1084b..360137e 100644 --- a/Classes/Security/Authentication/Provider/JwtAuthenticationProvider.php +++ b/Classes/Security/Authentication/Provider/JwtAuthenticationProvider.php @@ -9,6 +9,7 @@ use Neos\Flow\Security\Authentication\TokenInterface; use Neos\Flow\Security\Exception\UnsupportedAuthenticationTokenException; use Neos\Flow\Security\Policy\PolicyService; +use Neos\Party\Domain\Model\AbstractParty; use RFY\JWT\Security\Authentication\Token\JwtToken; use RFY\JWT\Security\JwtAccount; use RFY\JWT\Service\JwtService; @@ -89,7 +90,12 @@ public function authenticate(TokenInterface $authenticationToken) $account = new JwtAccount(); $account->setClaims($claims); $account->setAuthenticationProviderName('JwtAuthenticationProvider'); - $account->setParty($this->partyRepository->findByIdentifier($claims->{'identifier'})); + $party = $this->partyRepository->findByIdentifier($claims->{'identifier'}); + if (!$party instanceof AbstractParty) { + $authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS); + return; + } + $account->setParty($party); $rolesClaim = $this->claimMapping['roles']; foreach ($rolesClaim as $key => $roleClaim) { From 17dbf40ec1151e1486b425abb13ae5bd6dc851af Mon Sep 17 00:00:00 2001 From: Peter Rauber Date: Tue, 26 Oct 2021 07:46:28 +0200 Subject: [PATCH 2/3] Add package dependency neos/party --- composer.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 26e8c8d..a4109ee 100644 --- a/composer.json +++ b/composer.json @@ -5,7 +5,8 @@ "license": "MIT", "require": { "neos/flow": "^7.0", - "firebase/php-jwt": "^5.2" + "firebase/php-jwt": "^5.2", + "neos/party": "^7.0" }, "autoload": { "psr-4": { From 9101abb1423199e396dfd40ef6ff9d27214d2be7 Mon Sep 17 00:00:00 2001 From: Peter Rauber Date: Tue, 26 Oct 2021 08:07:29 +0200 Subject: [PATCH 3/3] Add expiration date to token --- .../Authentication/Factory/TokenFactory.php | 20 +++++++++++++++++-- Configuration/Settings.yaml | 1 + 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/Classes/Security/Authentication/Factory/TokenFactory.php b/Classes/Security/Authentication/Factory/TokenFactory.php index beb79ca..d2332c1 100644 --- a/Classes/Security/Authentication/Factory/TokenFactory.php +++ b/Classes/Security/Authentication/Factory/TokenFactory.php @@ -55,6 +55,12 @@ class TokenFactory */ protected $request; + /** + * @var int + * @Flow\InjectConfiguration(path="tokenLifetime") + */ + protected $tokenLifetime; + /** * @param $request */ @@ -79,10 +85,20 @@ public function getJsonWebToken(): string $payload['creationDate'] = $account->getCreationDate()->getTimestamp(); } - // TODO Add refresh token + expire date if ($account->getExpirationDate() instanceof \DateTime) { - $payload['expirationDate'] = $account->getExpirationDate()->getTimestamp(); + $payload['accountExpirationDate'] = $account->getExpirationDate()->getTimestamp(); + } + + if ($this->tokenLifetime > 0) { + $payload['exp'] = (new \DateTime())->getTimestamp() + $this->tokenLifetime; + } + + if (array_key_exists('accountExpirationDate', $payload) && array_key_exists('exp', $payload)) { + if ($payload['accountExpirationDate'] < $payload['exp']) { + $payload['exp'] = $payload['accountExpirationDate']; + } } return $this->jwtService->createJsonWebToken($payload); } + } diff --git a/Configuration/Settings.yaml b/Configuration/Settings.yaml index 4142b2d..ffd3236 100644 --- a/Configuration/Settings.yaml +++ b/Configuration/Settings.yaml @@ -30,3 +30,4 @@ RFY: - from: header name: Authorization claimMapping: [] + tokenLifetime: 86400