cuongpv/faveo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

JWT update

Browse Source 
Fixed JWT package issue
This commit is contained in:
Manish Verma
2018-08-09 18:18:57 +05:30
parent b3196c4fa1
commit 910c82567e
2 changed files with 301 additions and 130 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
app/User.php
View File

@@ -4,11 +4,12 @@ namespace App;
use Illuminate\Auth\Authenticatable; use Illuminate\Auth\Authenticatable;
use Illuminate\Auth\Passwords\CanResetPassword; use Illuminate\Auth\Passwords\CanResetPassword;
use Tymon\JWTAuth\Contracts\JWTSubject as AuthenticatableUserContract;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract; use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract; use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
use Illuminate\Database\Eloquent\Model; use Illuminate\Database\Eloquent\Model;
class User extends Model implements AuthenticatableContract, CanResetPasswordContract class User extends Model implements AuthenticatableContract, CanResetPasswordContract, AuthenticatableUserContract
{ {
use Authenticatable, use Authenticatable,
CanResetPassword; CanResetPassword;
@@ -175,13 +176,23 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
return $this->name(); return $this->name();
} }
// public function save() { /**
// dd($this->id); * Get the identifier that will be stored in the subject claim of the JWT.
// parent::save(); *
// } * @return mixed
*/
public function getJWTIdentifier()
{
return $this->getKey();
}
// public function save(array $options = array()) { /**
// parent::save($options); * Return a key value array, containing any custom claims to be added to the JWT.
// dd($this->where('id',$this->id)->select('first_name','last_name','user_name','email')->get()->toJson()); *
// } * @return array
*/
public function getJWTCustomClaims()
{
return [];
}
} }

402
config/jwt.php
View File

@@ -1,144 +1,304 @@
<?php <?php
/*
* This file is part of jwt-auth.
*
* (c) Sean Tymon <tymon148@gmail.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
return [ return [
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| JWT Authentication Secret | JWT Authentication Secret
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| Don't forget to set this, as it will be used to sign your tokens. | Don't forget to set this in your .env file, as it will be used to sign
| A helper command is provided for this: `php artisan jwt:generate` | your tokens. A helper command is provided for this:
| | `php artisan jwt:secret`
*/ |
| Note: This will be used for Symmetric algorithms only (HMAC),
| since RSA and ECDSA use a private/public key combo (See below).
|
*/
'secret' => env('JWT_SECRET'),
'secret' => env('JWT_SECRET', 'changeme'),
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| JWT time to live | JWT Authentication Keys
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| Specify the length of time (in minutes) that the token will be valid for. | The algorithm you are using, will determine whether your tokens are
| Defaults to 1 hour | signed with a random string (defined in `JWT_SECRET`) or using the
| | following public & private keys.
*/ |
'ttl' => 4, | Symmetric Algorithms:
| HS256, HS384 & HS512 will use `JWT_SECRET`.
|
| Asymmetric Algorithms:
| RS256, RS384 & RS512 / ES256, ES384 & ES512 will use the keys below.
|
*/
'keys' => [
/*
|--------------------------------------------------------------------------
| Public Key
|--------------------------------------------------------------------------
|
| A path or resource to your public key.
|
| E.g. 'file://path/to/public/key'
|
*/
'public' => env('JWT_PUBLIC_KEY'),
/*
|--------------------------------------------------------------------------
| Private Key
|--------------------------------------------------------------------------
|
| A path or resource to your private key.
|
| E.g. 'file://path/to/private/key'
|
*/
'private' => env('JWT_PRIVATE_KEY'),
/*
|--------------------------------------------------------------------------
| Passphrase
|--------------------------------------------------------------------------
|
| The passphrase for your private key. Can be null if none set.
|
*/
'passphrase' => env('JWT_PASSPHRASE'),
],
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Refresh time to live | JWT time to live
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| Specify the length of time (in minutes) that the token can be refreshed | Specify the length of time (in minutes) that the token will be valid for.
| within. I.E. The user can refresh their token within a 2 week window of | Defaults to 1 hour.
| the original token being created until they must re-authenticate. |
| Defaults to 2 weeks | You can also set this to null, to yield a never expiring token.
| | Some people may want this behaviour for e.g. a mobile app.
*/ | This is not particularly recommended, so make sure you have appropriate
'refresh_ttl' => 20160, | systems in place to revoke the token if necessary.
| Notice: If you set this to null you should remove 'exp' element from 'required_claims' list.
|
*/
'ttl' => env('JWT_TTL', 60),
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| JWT hashing algorithm | Refresh time to live
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| Specify the hashing algorithm that will be used to sign the token. | Specify the length of time (in minutes) that the token can be refreshed
| | within. I.E. The user can refresh their token within a 2 week window of
| See here: https://github.com/namshi/jose/tree/2.2.0/src/Namshi/JOSE/Signer | the original token being created until they must re-authenticate.
| for possible values | Defaults to 2 weeks.
| |
*/ | You can also set this to null, to yield an infinite refresh time.
'algo' => 'HS256', | Some may want this instead of never expiring tokens for e.g. a mobile app.
| This is not particularly recommended, so make sure you have appropriate
| systems in place to revoke the token if necessary.
|
*/
'refresh_ttl' => env('JWT_REFRESH_TTL', 20160),
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| User Model namespace | JWT hashing algorithm
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| Specify the full namespace to your User model. | Specify the hashing algorithm that will be used to sign the token.
| e.g. 'Acme\Entities\User' |
| | See here: https://github.com/namshi/jose/tree/master/src/Namshi/JOSE/Signer/OpenSSL
*/ | for possible values.
'user' => 'App\User', |
*/
'algo' => env('JWT_ALGO', 'HS256'),
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| User identifier | Required Claims
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| Specify a unique property of the user that will be added as the 'sub' | Specify the required claims that must exist in any token.
| claim of the token payload. | A TokenInvalidException will be thrown if any of these claims are not
| | present in the payload.
*/ |
'identifier' => 'id', */
'required_claims' => [
'iss',
'iat',
'exp',
'nbf',
'sub',
'jti',
],
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Required Claims | Persistent Claims
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| Specify the required claims that must exist in any token. | Specify the claim keys to be persisted when refreshing a token.
| A TokenInvalidException will be thrown if any of these claims are not | `sub` and `iat` will automatically be persisted, in
| present in the payload. | addition to the these claims.
| |
*/ | Note: If a claim does not exist then it will be ignored.
'required_claims' => ['iss', 'iat', 'exp', 'nbf', 'sub', 'jti'], |
*/
'persistent_claims' => [
// 'foo',
// 'bar',
],
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Blacklist Enabled | Lock Subject
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| In order to invalidate tokens, you must have the the blacklist enabled. | This will determine whether a `prv` claim is automatically added to
| If you do not want or need this functionality, then set this to false. | the token. The purpose of this is to ensure that if you have multiple
| | authentication models e.g. `App\User` & `App\OtherPerson`, then we
*/ | should prevent one authentication request from impersonating another,
| if 2 tokens happen to have the same id across the 2 different models.
|
| Under specific circumstances, you may want to disable this behaviour
| e.g. if you only have one authentication model, then you would save
| a little on token size.
|
*/
'lock_subject' => true,
/*
|--------------------------------------------------------------------------
| Leeway
|--------------------------------------------------------------------------
|
| This property gives the jwt timestamp claims some "leeway".
| Meaning that if you have any unavoidable slight clock skew on
| any of your servers then this will afford you some level of cushioning.
|
| This applies to the claims `iat`, `nbf` and `exp`.
|
| Specify in seconds - only if you know you need it.
|
*/
'leeway' => env('JWT_LEEWAY', 0),
/*
|--------------------------------------------------------------------------
| Blacklist Enabled
|--------------------------------------------------------------------------
|
| In order to invalidate tokens, you must have the blacklist enabled.
| If you do not want or need this functionality, then set this to false.
|
*/
'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', true), 'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', true),
/* /*
|-------------------------------------------------------------------------- | -------------------------------------------------------------------------
| Providers | Blacklist Grace Period
|-------------------------------------------------------------------------- | -------------------------------------------------------------------------
| |
| Specify the various providers used throughout the package. | When multiple concurrent requests are made with the same JWT,
| | it is possible that some of them fail, due to token regeneration
*/ | on every request.
|
| Set grace period in seconds to prevent parallel request failure.
|
*/
'blacklist_grace_period' => env('JWT_BLACKLIST_GRACE_PERIOD', 0),
/*
|--------------------------------------------------------------------------
| Cookies encryption
|--------------------------------------------------------------------------
|
| By default Laravel encrypt cookies for security reason.
| If you decide to not decrypt cookies, you will have to configure Laravel
| to not encrypt your cookie token by adding its name into the $except
| array available in the middleware "EncryptCookies" provided by Laravel.
| see https://laravel.com/docs/master/responses#cookies-and-encryption
| for details.
|
| Set it to true if you want to decrypt cookies.
|
*/
'decrypt_cookies' => false,
/*
|--------------------------------------------------------------------------
| Providers
|--------------------------------------------------------------------------
|
| Specify the various providers used throughout the package.
|
*/
'providers' => [ 'providers' => [
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| User Provider | JWT Provider
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| Specify the provider that is used to find the user based | Specify the provider that is used to create and decode the tokens.
| on the subject claim |
| */
*/
'jwt' => Tymon\JWTAuth\Providers\JWT\Lcobucci::class,
'user' => 'Tymon\JWTAuth\Providers\User\EloquentUserAdapter',
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| JWT Provider | Authentication Provider
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| Specify the provider that is used to create and decode the tokens. | Specify the provider that is used to authenticate users.
| |
*/ */
'jwt' => 'Tymon\JWTAuth\Providers\JWT\NamshiAdapter',
'auth' => Tymon\JWTAuth\Providers\Auth\Illuminate::class,
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Authentication Provider | Storage Provider
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| Specify the provider that is used to authenticate users. | Specify the provider that is used to store tokens in the blacklist.
| |
*/ */
'auth' => function ($app) {
return new Tymon\JWTAuth\Providers\Auth\IlluminateAuthAdapter($app['auth']); 'storage' => Tymon\JWTAuth\Providers\Storage\Illuminate::class,
},
/*
|--------------------------------------------------------------------------
| Storage Provider
|--------------------------------------------------------------------------
|
| Specify the provider that is used to store tokens in the blacklist
|
*/
'storage' => function ($app) {
return new Tymon\JWTAuth\Providers\Storage\IlluminateCacheAdapter($app['cache']);
},
], ],
]; ];