Created
November 27, 2014 18:34
-
-
Save felnne/67851ee22a7681e43352 to your computer and use it in GitHub Desktop.
Auth.combined filter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| private function isUserTokenAuthenticated($request) | |
| { | |
| $token = $this->tokenAuth->getToken($request); | |
| if ($token === false || $token === null) | |
| { | |
| return '400-no-token'; | |
| } | |
| try | |
| { | |
| $authUser = $this->tokenAuth->toUser($token); | |
| } | |
| catch(TokenExpiredException $exception) | |
| { | |
| // We will re-throw this error later if no other authentication types give a successful result | |
| return '401-expired-token'; | |
| } | |
| catch(JWTException $exception) | |
| { | |
| // I think there is a bug here where this exception is thrown regardless of why the token can't be used. | |
| // For example, an expired token throws this exception, not the TokenExpiredException, even though looking | |
| // at the details of this general exception the message is: "Could not decode token: Expired Token"! | |
| // So rather than trust this exception we will manually check the exception message, and if needed alter | |
| // the exception that will be thrown later. A bug report/question about this behaviour will be made on GitHub. | |
| $exceptionType = '400-invalid-token'; | |
| switch ($exception->getMessage()) | |
| { | |
| case 'Could not decode token: Expired Token': | |
| $exceptionType = '401-expired-token'; | |
| break; | |
| } | |
| // We will re-throw this error later if no other authentication types give a successful result | |
| return $exceptionType; | |
| } | |
| // TODO: More checks on the user | |
| //dd($authUser); | |
| return true; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment