Invalidate a JWT Token - Use service tags for enrichment

lexik · Apr 26, 2024 · e405607 · e405607
1 parent 4b02477
commit e405607
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 5 deletions.
diff --git a/DependencyInjection/Compiler/CollectPayloadEnrichmentsPass.php b/DependencyInjection/Compiler/CollectPayloadEnrichmentsPass.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Compiler;
+
+use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
+use Symfony\Component\DependencyInjection\Compiler\PriorityTaggedServiceTrait;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+
+class CollectPayloadEnrichmentsPass implements CompilerPassInterface
+{
+    use PriorityTaggedServiceTrait;
+
+    public function process(ContainerBuilder $container): void
+    {
+        if (!$container->hasDefinition('lexik_jwt_authentication.payload_enrichment')) {
+            return;
+        }
+
+        $container->getDefinition('lexik_jwt_authentication.payload_enrichment')
+            ->replaceArgument(0, $this->findAndSortTaggedServices('lexik_jwt_authentication.payload_enrichment', $container));
+    }
+}
diff --git a/DependencyInjection/LexikJWTAuthenticationExtension.php b/DependencyInjection/LexikJWTAuthenticationExtension.php
@@ -174,6 +174,9 @@ public function load(array $configs, ContainerBuilder $container): void
             $loader->load('blocklist_token.xml');
             $blockListTokenConfig = $config['blocklist_token'];
             $container->setAlias('lexik_jwt_authentication.blocklist_token.cache', $blockListTokenConfig['cache']);
+        } else {
+            $container->getDefinition('lexik_jwt_authentication.payload_enrichment.random_jti_enrichment')
+                ->clearTag('lexik_jwt_authentication.payload_enrichment');
         }
     }
 

diff --git a/LexikJWTAuthenticationBundle.php b/LexikJWTAuthenticationBundle.php
@@ -3,6 +3,7 @@
 namespace Lexik\Bundle\JWTAuthenticationBundle;
 
 use Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Compiler\ApiPlatformOpenApiPass;
+use Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Compiler\CollectPayloadEnrichmentsPass;
 use Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Compiler\DeprecateLegacyGuardAuthenticatorPass;
 use Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Compiler\RegisterLegacyGuardAuthenticatorPass;
 use Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Compiler\WireGenerateTokenCommandPass;
@@ -34,6 +35,7 @@ public function build(ContainerBuilder $container): void
         $container->addCompilerPass(new WireGenerateTokenCommandPass(), PassConfig::TYPE_BEFORE_OPTIMIZATION, 0);
         $container->addCompilerPass(new DeprecateLegacyGuardAuthenticatorPass(), PassConfig::TYPE_BEFORE_OPTIMIZATION, 0);
         $container->addCompilerPass(new ApiPlatformOpenApiPass(), PassConfig::TYPE_BEFORE_OPTIMIZATION, 0);
+        $container->addCompilerPass(new CollectPayloadEnrichmentsPass(), PassConfig::TYPE_BEFORE_OPTIMIZATION, 0);
 
         /** @var SecurityExtension $extension */
         $extension = $container->getExtension('security');

diff --git a/Resources/config/blocklist_token.xml b/Resources/config/blocklist_token.xml
@@ -23,8 +23,6 @@
         </service>
 
         <service id="Lexik\Bundle\JWTAuthenticationBundle\Services\BlockedTokenManagerInterface" alias="lexik_jwt_authentication.blocked_token_manager" />
-
-        <service id="lexik_jwt_authentication.payload_enrichment" alias="lexik_jwt_authentication.payload_enrichment.random_jti_enrichment" />
     </services>
 
 </container>
diff --git a/Resources/config/jwt_manager.xml b/Resources/config/jwt_manager.xml
@@ -18,8 +18,11 @@
 
         <service id="Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface" alias="lexik_jwt_authentication.jwt_manager" />
 
-        <service id="lexik_jwt_authentication.payload_enrichment.null_enrichment" class="Lexik\Bundle\JWTAuthenticationBundle\Services\PayloadEnrichment\NullEnrichment"/>
-        <service id="lexik_jwt_authentication.payload_enrichment.random_jti_enrichment" class="Lexik\Bundle\JWTAuthenticationBundle\Services\PayloadEnrichment\RandomJtiEnrichment"/>
-        <service id="lexik_jwt_authentication.payload_enrichment" alias="lexik_jwt_authentication.payload_enrichment.null_enrichment" />
+        <service id="lexik_jwt_authentication.payload_enrichment.random_jti_enrichment" class="Lexik\Bundle\JWTAuthenticationBundle\Services\PayloadEnrichment\RandomJtiEnrichment">
+            <tag name="lexik_jwt_authentication.payload_enrichment" priority="0" />
+        </service>
+        <service id="lexik_jwt_authentication.payload_enrichment" class="Lexik\Bundle\JWTAuthenticationBundle\Services\PayloadEnrichment\ChainEnrichment">
+            <argument type="collection"/>
+        </service>
     </services>
 </container>