vendor/shopware/core/Framework/Api/OAuth/BearerTokenValidator.php line 49

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Api\OAuth;
  5. use Doctrine\DBAL\Connection;
  6. use Lcobucci\JWT\Configuration;
  7. use Lcobucci\JWT\UnencryptedToken;
  8. use League\OAuth2\Server\AuthorizationValidators\AuthorizationValidatorInterface;
  9. use League\OAuth2\Server\Exception\OAuthServerException;
  10. use Psr\Http\Message\ServerRequestInterface;
  11. use Shopware\Core\Framework\Uuid\Uuid;
  12. use Shopware\Core\PlatformRequest;
  14. class BearerTokenValidator implements AuthorizationValidatorInterface
  15. {
  16.     /**
  17.      * @var Connection
  18.      */
  19.     private $connection;
  21.     /**
  22.      * @var AuthorizationValidatorInterface
  23.      */
  24.     private $decorated;
  26.     /**
  27.      * @var Configuration
  28.      */
  29.     private $configuration;
  31.     /**
  32.      * @internal
  33.      */
  34.     public function __construct(
  35.         AuthorizationValidatorInterface $decorated,
  36.         Connection $connection,
  37.         Configuration $configuration
  38.     ) {
  39.         $this->decorated $decorated;
  40.         $this->connection $connection;
  41.         $this->configuration $configuration;
  42.     }
  44.     /**
  45.      * @return ServerRequestInterface
  46.      */
  47.     public function validateAuthorization(ServerRequestInterface $request)
  48.     {
  49.         $request $this->decorated->validateAuthorization($request);
  51.         $header $request->getHeader('authorization');
  53.         $jwt trim(preg_replace('/^(?:\s+)?Bearer\s/'''$header[0]) ?? '');
  55.         /** @var UnencryptedToken $token */
  56.         $token $this->configuration->parser()->parse($jwt);
  58.         if ($userId $request->getAttribute(PlatformRequest::ATTRIBUTE_OAUTH_USER_ID)) {
  59.             $this->validateAccessTokenIssuedAt($token->claims()->get('iat'0), $userId);
  60.         }
  62.         return $request;
  63.     }
  65.     /**
  66.      * @throws OAuthServerException
  67.      * @throws \Doctrine\DBAL\DBALException
  68.      */
  69.     private function validateAccessTokenIssuedAt(\DateTimeImmutable $tokenIssuedAtstring $userId): void
  70.     {
  71.         $lastUpdatedPasswordAt $this->connection->createQueryBuilder()
  72.             ->select(['last_updated_password_at'])
  73.             ->from('user')
  74.             ->where('id = :userId')
  75.             ->setParameter('userId'Uuid::fromHexToBytes($userId))
  76.             ->execute()
  77.             ->fetchColumn();
  79.         if ($lastUpdatedPasswordAt === false) {
  80.             throw OAuthServerException::accessDenied('Access token is invalid');
  81.         }
  83.         if ($lastUpdatedPasswordAt === null) {
  84.             return;
  85.         }
  87.         $lastUpdatedPasswordAt strtotime($lastUpdatedPasswordAt);
  89.         if ($tokenIssuedAt->getTimestamp() <= $lastUpdatedPasswordAt) {
  90.             throw OAuthServerException::accessDenied('Access token is expired');
  91.         }
  92.     }
  93. }