Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add cookie token extractor #76

Merged
merged 1 commit into from
Jul 24, 2015
Merged

Add cookie token extractor #76

merged 1 commit into from
Jul 24, 2015

Conversation

tnucera
Copy link
Contributor

@tnucera tnucera commented Jul 21, 2015

Hi,

We store the token in a cookie (secure and httponly) in onAuthenticationSuccess like this :

    public function onAuthenticationSuccess(Request $request, TokenInterface $token)
    {
        $response = parent::onAuthenticationSuccess($request, $token);

        $tokenJWT = json_decode($response->getContent(), true)['token'];

        // Ajoute le token avec l'id de l'utilisateur en clé dans les Redis configurés, avec le ttl contenu dans la conf
        $this->rms->set($this->redisDB, $token->getUser()->getId(), $tokenJWT, $this->jwtTokenTTL);

        // Crée le cookie contenant le token, avec le ttl contenu dans la conf
        $response->headers->setCookie(new Cookie('CERBERE', $tokenJWT, (new \DateTime())->add(new \DateInterval('PT' . $this->jwtTokenTTL . 'S')), '/', null, $this->cookieSecure));

        return $response;
    }

Cookie is send transparently from Front to Back.
So we need a cookie token extractor.

Thanks

@slashfan
Copy link
Contributor

Hi,

Nice addition ! Just replace the short array syntax with the classic one for PHP 5.3.

Also, could you squash you commits into a single one ? And what do you think about giving the default cookie name the same as the query parameter ?

Thanks.

$this->assertFalse($extractor->extract($request));

$request = new Request();
$request->cookies->add(['Bear' => 'testtoken']);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replace with classic array syntax for PHP 5.3 compatibility.

@tnucera tnucera force-pushed the master branch 2 times, most recently from 315fdca to d32c49b Compare July 22, 2015 10:58
@tnucera
Copy link
Contributor Author

tnucera commented Jul 22, 2015

Ok it's done.
For the same name as the query parameter, it's more a thinking to have about the global conf of the bundle.
Indeed, there is code duplication in the factory at this level.
Why not just have (or something like this) :

            extractors:
                enabled: ['authorization_header', 'cookie', 'query_parameter']
                name:     Bearer

@slashfan
Copy link
Contributor

That's a good idea. In the mean time, let's merge this PR.

slashfan added a commit that referenced this pull request Jul 24, 2015
Add cookie token extractor
@slashfan slashfan merged commit 743f276 into lexik:master Jul 24, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants