From fc1d1ef1e130fd6c085d3d152f724dcba3ce05e3 Mon Sep 17 00:00:00 2001 From: Adam Vessey Date: Thu, 10 Jun 2021 18:02:34 -0300 Subject: [PATCH 1/7] More flexible headers for STOMP messages, theoretically. --- islandora.services.yml | 5 + src/Event/StompHeaderEvent.php | 67 +++++++++++ src/Event/StompHeaderEventException.php | 8 ++ src/Event/StompHeaderEventInterface.php | 40 +++++++ src/EventGenerator/EmitEvent.php | 41 +++---- src/EventSubscriber/StompHeaderSubscriber.php | 61 ++++++++++ .../Action/AbstractGenerateDerivative.php | 109 ++++++------------ src/Plugin/Action/EmitFileEvent.php | 67 ++--------- src/Plugin/Action/EmitMediaEvent.php | 74 ++---------- 9 files changed, 254 insertions(+), 218 deletions(-) create mode 100644 src/Event/StompHeaderEvent.php create mode 100644 src/Event/StompHeaderEventException.php create mode 100644 src/Event/StompHeaderEventInterface.php create mode 100644 src/EventSubscriber/StompHeaderSubscriber.php diff --git a/islandora.services.yml b/islandora.services.yml index b08e06994..749f578c5 100644 --- a/islandora.services.yml +++ b/islandora.services.yml @@ -59,3 +59,8 @@ services: islandora.gemini.lookup: class: Drupal\islandora\GeminiLookup arguments: ['@islandora.gemini.client', '@jwt.authentication.jwt', '@islandora.media_source_service', '@http_client', '@logger.channel.islandora'] + islandora.stomp.auth_header_listener: + class: Drupal\islandora\EventSubscriber\StompHeaderEventSubscriber + arguments: ['@jwt.authentication.jwt'] + tags: + - { name: event_subscriber } diff --git a/src/Event/StompHeaderEvent.php b/src/Event/StompHeaderEvent.php new file mode 100644 index 000000000..997b9b1c3 --- /dev/null +++ b/src/Event/StompHeaderEvent.php @@ -0,0 +1,67 @@ +entity = $entity; + $this->user = $user; + $this->headers = new ParameterBag(); + } + + /** + * {@inheritdoc} + */ + public function getEntity() { + return $this->entity; + } + + /** + * {@inheritdoc} + */ + public function getUser() { + return $this->user; + } + + /** + * {@inheritdoc} + */ + public function getHeaders() { + return $this->headers; + } + +} diff --git a/src/Event/StompHeaderEventException.php b/src/Event/StompHeaderEventException.php new file mode 100644 index 000000000..c9ee3878e --- /dev/null +++ b/src/Event/StompHeaderEventException.php @@ -0,0 +1,8 @@ +account = $account; $this->entityTypeManager = $entity_type_manager; $this->eventGenerator = $event_generator; $this->stomp = $stomp; - $this->auth = $auth; + $this->eventDispatcher = $event_dispatcher; } /** @@ -105,7 +105,7 @@ public static function create(ContainerInterface $container, array $configuratio $container->get('entity_type.manager'), $container->get('islandora.eventgenerator'), $container->get('islandora.stomp'), - $container->get('jwt.authentication.jwt') + $container->get('event_dispatcher') ); } @@ -113,29 +113,26 @@ public static function create(ContainerInterface $container, array $configuratio * {@inheritdoc} */ public function execute($entity = NULL) { - - // Include a token for later authentication in the message. - $token = $this->auth->generateToken(); - if (empty($token)) { - // JWT isn't properly configured. Log and notify user. - \Drupal::logger('islandora')->error( - t('Error getting JWT token for message. Check JWT Configuration.') - ); - drupal_set_message( - t('Error getting JWT token for message. Check JWT Configuration.'), 'error' - ); - return; - } - // Generate event as stomp message. try { $user = $this->entityTypeManager->getStorage('user')->load($this->account->id()); $data = $this->generateData($entity); + + $event = $this->eventDispatcher->dispatch( + StompHeaderEvent::EVENT_NAME, + new StompHeaderEvent($entity, $user) + ); + $message = new Message( $this->eventGenerator->generateEvent($entity, $user, $data), - ['Authorization' => "Bearer $token"] + $event->getHeaders()->all() ); } + catch (StompHeaderEventException $e) { + \Drupal::logger('islandora')->error($e->getMessage()); + drupal_set_message($e->getMessage(), 'error'); + return; + } catch (\RuntimeException $e) { // Notify the user the event couldn't be generated and abort. \Drupal::logger('islandora')->error( diff --git a/src/EventSubscriber/StompHeaderSubscriber.php b/src/EventSubscriber/StompHeaderSubscriber.php new file mode 100644 index 000000000..a93e48ae3 --- /dev/null +++ b/src/EventSubscriber/StompHeaderSubscriber.php @@ -0,0 +1,61 @@ +auth = $auth; + } + + /** + * {@inheritdoc} + */ + public static function getSubscribedEvents() { + return [ + StompHeaderEventInterface::EVENT_NAME => 'baseAuth', + ]; + } + + /** + * Event callback; generate and add base authorization header if none is set. + */ + public function baseAuth(StompHeaderEventInterface $stomp_event) { + $headers = $stomp_event->getHeaders(); + if (!$headers->has('Authorization')) { + $token = $this->auth->generateToken(); + if (empty($token)) { + // JWT does not seem to be properly configured. + // phpcs:ignore DrupalPractice.General.ExceptionT.ExceptionT + throw new StompHeaderEventException($this->t('Error getting JWT token for message. Check JWT Configuration.')); + } + else { + $headers->set('Authorization', "Bearer $token"); + } + } + + } +} diff --git a/src/Plugin/Action/AbstractGenerateDerivative.php b/src/Plugin/Action/AbstractGenerateDerivative.php index fa41f7ff5..5c960c954 100644 --- a/src/Plugin/Action/AbstractGenerateDerivative.php +++ b/src/Plugin/Action/AbstractGenerateDerivative.php @@ -2,18 +2,14 @@ namespace Drupal\islandora\Plugin\Action; -use Drupal\Core\Entity\EntityInterface; -use Drupal\Core\Entity\EntityTypeManagerInterface; -use Drupal\Core\Form\FormStateInterface; -use Drupal\Core\Session\AccountInterface; -use Drupal\Core\Url; -use Drupal\islandora\IslandoraUtils; use Drupal\islandora\EventGenerator\EmitEvent; -use Drupal\islandora\EventGenerator\EventGeneratorInterface; +use Drupal\islandora\IslandoraUtils; use Drupal\islandora\MediaSource\MediaSourceService; -use Drupal\jwt\Authentication\Provider\JwtAuth; use Drupal\token\TokenInterface; -use Stomp\StatefulStomp; + +use Drupal\Core\Entity\EntityInterface; +use Drupal\Core\Form\FormStateInterface; +use Drupal\Core\Url; use Symfony\Component\DependencyInjection\ContainerInterface; /** @@ -42,77 +38,17 @@ class AbstractGenerateDerivative extends EmitEvent { */ protected $token; - /** - * Constructs a EmitEvent action. - * - * @param array $configuration - * A configuration array containing information about the plugin instance. - * @param string $plugin_id - * The plugin_id for the plugin instance. - * @param mixed $plugin_definition - * The plugin implementation definition. - * @param \Drupal\Core\Session\AccountInterface $account - * Current user. - * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager - * Entity type manager. - * @param \Drupal\islandora\EventGenerator\EventGeneratorInterface $event_generator - * EventGenerator service to serialize AS2 events. - * @param \Stomp\StatefulStomp $stomp - * Stomp client. - * @param \Drupal\jwt\Authentication\Provider\JwtAuth $auth - * JWT Auth client. - * @param \Drupal\islandora\IslandoraUtils $utils - * Islandora utility functions. - * @param \Drupal\islandora\MediaSource\MediaSourceService $media_source - * Media source service. - * @param \Drupal\token\TokenInterface $token - * Token service. - */ - public function __construct( - array $configuration, - $plugin_id, - $plugin_definition, - AccountInterface $account, - EntityTypeManagerInterface $entity_type_manager, - EventGeneratorInterface $event_generator, - StatefulStomp $stomp, - JwtAuth $auth, - IslandoraUtils $utils, - MediaSourceService $media_source, - TokenInterface $token - ) { - parent::__construct( - $configuration, - $plugin_id, - $plugin_definition, - $account, - $entity_type_manager, - $event_generator, - $stomp, - $auth - ); - $this->utils = $utils; - $this->mediaSource = $media_source; - $this->token = $token; - } - /** * {@inheritdoc} */ public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) { - return new static( - $configuration, - $plugin_id, - $plugin_definition, - $container->get('current_user'), - $container->get('entity_type.manager'), - $container->get('islandora.eventgenerator'), - $container->get('islandora.stomp'), - $container->get('jwt.authentication.jwt'), - $container->get('islandora.utils'), - $container->get('islandora.media_source_service'), - $container->get('token') - ); + $instance = parent::create($container, $configuration, $plugin_id, $plugin_definition); + + $instance->setUtilsService($container->get('islandora.utils')); + $instance->setMediaSourceService($container->get('islandora.media_source_service')); + $instance->setTokenService($container->get('token')); + + return $instance; } /** @@ -334,4 +270,25 @@ protected function getEntityById($entity_id) { return ''; } + /** + * Setter for the Islanodra utils service. + */ + public function setUtilsService(IslandoraUtils $utils) { + $this->utils = $utils; + } + + /** + * Setter for the media source service. + */ + public function setMediaSourceService(MediaSourceService $media_source) { + $this->mediaSource = $media_source; + } + + /** + * Setter for the token service. + */ + public function setTokenService(TokenInterface $token) { + $this->token = $token; + } + } diff --git a/src/Plugin/Action/EmitFileEvent.php b/src/Plugin/Action/EmitFileEvent.php index f8f4be2ee..0c1f70205 100644 --- a/src/Plugin/Action/EmitFileEvent.php +++ b/src/Plugin/Action/EmitFileEvent.php @@ -2,15 +2,11 @@ namespace Drupal\islandora\Plugin\Action; +use Drupal\islandora\EventGenerator\EmitEvent; + use Drupal\Core\Entity\EntityInterface; -use Drupal\Core\Entity\EntityTypeManagerInterface; use Drupal\Core\File\FileSystemInterface; -use Drupal\Core\Session\AccountInterface; use Drupal\Core\Site\Settings; -use Drupal\jwt\Authentication\Provider\JwtAuth; -use Drupal\islandora\EventGenerator\EmitEvent; -use Drupal\islandora\EventGenerator\EventGeneratorInterface; -use Stomp\StatefulStomp; use Symfony\Component\DependencyInjection\ContainerInterface; /** @@ -32,48 +28,9 @@ class EmitFileEvent extends EmitEvent { protected $fileSystem; /** - * Constructs a EmitEvent action. - * - * @param array $configuration - * A configuration array containing information about the plugin instance. - * @param string $plugin_id - * The plugin_id for the plugin instance. - * @param mixed $plugin_definition - * The plugin implementation definition. - * @param \Drupal\Core\Session\AccountInterface $account - * Current user. - * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager - * Entity type manager. - * @param \Drupal\islandora\EventGenerator\EventGeneratorInterface $event_generator - * EventGenerator service to serialize AS2 events. - * @param \Stomp\StatefulStomp $stomp - * Stomp client. - * @param \Drupal\jwt\Authentication\Provider\JwtAuth $auth - * JWT Auth client. - * @param \Drupal\Core\File\FileSystemInterface $file_system - * File system service. + * Setter for the file system service. */ - public function __construct( - array $configuration, - $plugin_id, - $plugin_definition, - AccountInterface $account, - EntityTypeManagerInterface $entity_type_manager, - EventGeneratorInterface $event_generator, - StatefulStomp $stomp, - JwtAuth $auth, - FileSystemInterface $file_system - ) { - parent::__construct( - $configuration, - $plugin_id, - $plugin_definition, - $account, - $entity_type_manager, - $event_generator, - $stomp, - $auth - ); + public function setFileSystemService(FileSystemInterface $file_system) { $this->fileSystem = $file_system; } @@ -81,17 +38,11 @@ public function __construct( * {@inheritdoc} */ public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) { - return new static( - $configuration, - $plugin_id, - $plugin_definition, - $container->get('current_user'), - $container->get('entity_type.manager'), - $container->get('islandora.eventgenerator'), - $container->get('islandora.stomp'), - $container->get('jwt.authentication.jwt'), - $container->get('file_system') - ); + $instance = parent::create($container, $configuration, $plugin_id, $plugin_definition); + + $instance->setFileSystemService($container->get('file_system')); + + return $instance; } /** diff --git a/src/Plugin/Action/EmitMediaEvent.php b/src/Plugin/Action/EmitMediaEvent.php index c5ad550a8..294f9aead 100644 --- a/src/Plugin/Action/EmitMediaEvent.php +++ b/src/Plugin/Action/EmitMediaEvent.php @@ -3,13 +3,8 @@ namespace Drupal\islandora\Plugin\Action; use Drupal\Core\Entity\EntityInterface; -use Drupal\Core\Entity\EntityTypeManagerInterface; -use Drupal\Core\Session\AccountInterface; -use Drupal\jwt\Authentication\Provider\JwtAuth; use Drupal\islandora\EventGenerator\EmitEvent; -use Drupal\islandora\EventGenerator\EventGeneratorInterface; use Drupal\islandora\MediaSource\MediaSourceService; -use Stomp\StatefulStomp; use Symfony\Component\DependencyInjection\ContainerInterface; /** @@ -30,67 +25,15 @@ class EmitMediaEvent extends EmitEvent { */ protected $mediaSource; - /** - * Constructs a EmitEvent action. - * - * @param array $configuration - * A configuration array containing information about the plugin instance. - * @param string $plugin_id - * The plugin_id for the plugin instance. - * @param mixed $plugin_definition - * The plugin implementation definition. - * @param \Drupal\Core\Session\AccountInterface $account - * Current user. - * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager - * Entity type manager. - * @param \Drupal\islandora\EventGenerator\EventGeneratorInterface $event_generator - * EventGenerator service to serialize AS2 events. - * @param \Stomp\StatefulStomp $stomp - * Stomp client. - * @param \Drupal\jwt\Authentication\Provider\JwtAuth $auth - * JWT Auth client. - * @param \Drupal\islandora\MediaSource\MediaSourceService $media_source - * Media source service. - */ - public function __construct( - array $configuration, - $plugin_id, - $plugin_definition, - AccountInterface $account, - EntityTypeManagerInterface $entity_type_manager, - EventGeneratorInterface $event_generator, - StatefulStomp $stomp, - JwtAuth $auth, - MediaSourceService $media_source - ) { - parent::__construct( - $configuration, - $plugin_id, - $plugin_definition, - $account, - $entity_type_manager, - $event_generator, - $stomp, - $auth - ); - $this->mediaSource = $media_source; - } - /** * {@inheritdoc} */ public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) { - return new static( - $configuration, - $plugin_id, - $plugin_definition, - $container->get('current_user'), - $container->get('entity_type.manager'), - $container->get('islandora.eventgenerator'), - $container->get('islandora.stomp'), - $container->get('jwt.authentication.jwt'), - $container->get('islandora.media_source_service') - ); + $instance = parent::create($container, $configuration, $plugin_id, $plugin_definition); + + $instance->setMediaSourceService($container->get('islandora.media_source_service')); + + return $instance; } /** @@ -102,4 +45,11 @@ protected function generateData(EntityInterface $entity) { return $data; } + /** + * Setter for the media source service. + */ + public function setMediaSourceService(MediaSourceService $media_source) { + $this->mediaSource = $media_source; + } + } From 641b16c6944bfd9b783abc472a62f1b3e5e836ba Mon Sep 17 00:00:00 2001 From: Adam Vessey Date: Fri, 11 Jun 2021 10:19:44 -0300 Subject: [PATCH 2/7] Lower the priority of the base implementation. --- src/EventSubscriber/StompHeaderSubscriber.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/EventSubscriber/StompHeaderSubscriber.php b/src/EventSubscriber/StompHeaderSubscriber.php index a93e48ae3..03394b3b9 100644 --- a/src/EventSubscriber/StompHeaderSubscriber.php +++ b/src/EventSubscriber/StompHeaderSubscriber.php @@ -36,7 +36,7 @@ public function __construct( */ public static function getSubscribedEvents() { return [ - StompHeaderEventInterface::EVENT_NAME => 'baseAuth', + StompHeaderEventInterface::EVENT_NAME => ['baseAuth', -100], ]; } From 2f06c987609dfb003d17bbcc42e0bdb47219b4e2 Mon Sep 17 00:00:00 2001 From: Adam Vessey Date: Mon, 14 Jun 2021 16:04:59 -0300 Subject: [PATCH 3/7] More context. --- src/Event/StompHeaderEvent.php | 32 ++++++++++++++++++- src/Event/StompHeaderEventInterface.php | 16 ++++++++++ src/EventGenerator/EmitEvent.php | 2 +- src/EventSubscriber/StompHeaderSubscriber.php | 3 ++ 4 files changed, 51 insertions(+), 2 deletions(-) diff --git a/src/Event/StompHeaderEvent.php b/src/Event/StompHeaderEvent.php index 997b9b1c3..8fbc1b3aa 100644 --- a/src/Event/StompHeaderEvent.php +++ b/src/Event/StompHeaderEvent.php @@ -27,6 +27,20 @@ class StompHeaderEvent implements StompHeaderEventInterface { */ protected $user; + /** + * An array of data to be sent with the STOMP request, for context. + * + * @var array + */ + protected $data; + + /** + * An array of configuration used to generate $data, for context. + * + * @var array + */ + protected $configuration; + /** * The set of headers. * @@ -37,9 +51,11 @@ class StompHeaderEvent implements StompHeaderEventInterface { /** * Constructor. */ - public function __construct(EntityInterface $entity, AccountInterface $user) { + public function __construct(EntityInterface $entity, AccountInterface $user, array $data, array $configuration) { $this->entity = $entity; $this->user = $user; + $this->data = $data; + $this->configuration = $configuration; $this->headers = new ParameterBag(); } @@ -57,6 +73,13 @@ public function getUser() { return $this->user; } + /** + * {@inheritdoc} + */ + public function getData() { + return $this->data; + } + /** * {@inheritdoc} */ @@ -64,4 +87,11 @@ public function getHeaders() { return $this->headers; } + /** + * {@inheritdoc} + */ + public function getConfiguration() { + return $this->configuration; + } + } diff --git a/src/Event/StompHeaderEventInterface.php b/src/Event/StompHeaderEventInterface.php index 88f85ba15..cdbd455c1 100644 --- a/src/Event/StompHeaderEventInterface.php +++ b/src/Event/StompHeaderEventInterface.php @@ -37,4 +37,20 @@ public function getEntity(); */ public function getUser(); + /** + * Fetch the data to be sent in the body of the request. + * + * @return array + * The array of data. + */ + public function getData(); + + /** + * Fetch the configuration of the action, for context. + * + * @return array + * The array of configuration for the upstream action. + */ + public function getConfiguration(); + } diff --git a/src/EventGenerator/EmitEvent.php b/src/EventGenerator/EmitEvent.php index 44ba867e9..4f71bbb76 100644 --- a/src/EventGenerator/EmitEvent.php +++ b/src/EventGenerator/EmitEvent.php @@ -120,7 +120,7 @@ public function execute($entity = NULL) { $event = $this->eventDispatcher->dispatch( StompHeaderEvent::EVENT_NAME, - new StompHeaderEvent($entity, $user) + new StompHeaderEvent($entity, $user, $data, $this->getConfiguration()) ); $message = new Message( diff --git a/src/EventSubscriber/StompHeaderSubscriber.php b/src/EventSubscriber/StompHeaderSubscriber.php index 03394b3b9..2ae4bc8d6 100644 --- a/src/EventSubscriber/StompHeaderSubscriber.php +++ b/src/EventSubscriber/StompHeaderSubscriber.php @@ -6,6 +6,7 @@ use Drupal\jwt\Authentication\Provider\JwtAuth; use Drupal\Core\Messenger\MessengerInterface; +use Drupal\Core\StringTranslation\StringTranslationTrait; use Psr\Log\LoggerInterface; use Symfony\Component\EventDispatcher\EventSubscriberInterface; @@ -15,6 +16,8 @@ */ class StompHeaderEventSubscriber implements EventSubscriberInterface { + use StringTranslationTrait; + /** * The JWT auth service. * From 11057e90878b3a5868828378d1a047d8900c58f1 Mon Sep 17 00:00:00 2001 From: Adam Vessey Date: Tue, 22 Jun 2021 17:20:48 -0300 Subject: [PATCH 4/7] Add in the "aud" claim. ... ensure we're dealing with our tokens. --- src/Event/StompHeaderEvent.php | 2 +- src/EventGenerator/EmitEvent.php | 2 ++ src/EventSubscriber/JwtEventSubscriber.php | 7 +++++++ ...HeaderSubscriber.php => StompHeaderEventSubscriber.php} | 0 4 files changed, 10 insertions(+), 1 deletion(-) rename src/EventSubscriber/{StompHeaderSubscriber.php => StompHeaderEventSubscriber.php} (100%) diff --git a/src/Event/StompHeaderEvent.php b/src/Event/StompHeaderEvent.php index 8fbc1b3aa..d6d93c22c 100644 --- a/src/Event/StompHeaderEvent.php +++ b/src/Event/StompHeaderEvent.php @@ -11,7 +11,7 @@ /** * Event used to build headers for STOMP. */ -class StompHeaderEvent implements StompHeaderEventInterface { +class StompHeaderEvent extends Event implements StompHeaderEventInterface { /** * Stashed entity, for context. diff --git a/src/EventGenerator/EmitEvent.php b/src/EventGenerator/EmitEvent.php index 4f71bbb76..e83dc24c8 100644 --- a/src/EventGenerator/EmitEvent.php +++ b/src/EventGenerator/EmitEvent.php @@ -9,11 +9,13 @@ use Drupal\Core\Form\FormStateInterface; use Drupal\Core\Plugin\ContainerFactoryPluginInterface; use Drupal\Core\Session\AccountInterface; +use Drupal\islandora\Event\StompHeaderEvent; use Drupal\islandora\Event\StompHeaderEventException; use Stomp\Exception\StompException; use Stomp\StatefulStomp; use Stomp\Transport\Message; use Symfony\Component\DependencyInjection\ContainerInterface; +use Symfony\Component\EventDispatcher\EventDispatcherInterface; /** * Configurable action base for actions that publish messages to queues. diff --git a/src/EventSubscriber/JwtEventSubscriber.php b/src/EventSubscriber/JwtEventSubscriber.php index 4ea049c4c..ad439068e 100644 --- a/src/EventSubscriber/JwtEventSubscriber.php +++ b/src/EventSubscriber/JwtEventSubscriber.php @@ -19,6 +19,8 @@ */ class JwtEventSubscriber implements EventSubscriberInterface { + const AUDIENCE = 'islandora'; + /** * User storage to load users. * @@ -100,6 +102,7 @@ public function setIslandoraClaims(JwtAuthGenerateEvent $event) { $event->addClaim('sub', $this->currentUser->getAccountName()); $event->addClaim('roles', $this->currentUser->getRoles(FALSE)); + $event->addClaim('aud', [static::AUDIENCE]); } /** @@ -111,6 +114,10 @@ public function setIslandoraClaims(JwtAuthGenerateEvent $event) { public function validate(JwtAuthValidateEvent $event) { $token = $event->getToken(); + if (!in_array(static::AUDIENCE, $token->getClaim('aud'), TRUE)) { + $event->invalidate('Missing audience entry.'); + } + $uid = $token->getClaim('webid'); $name = $token->getClaim('sub'); $roles = $token->getClaim('roles'); diff --git a/src/EventSubscriber/StompHeaderSubscriber.php b/src/EventSubscriber/StompHeaderEventSubscriber.php similarity index 100% rename from src/EventSubscriber/StompHeaderSubscriber.php rename to src/EventSubscriber/StompHeaderEventSubscriber.php From 4d16924b9dea71b609c15e0c7f10125273d39fde Mon Sep 17 00:00:00 2001 From: Adam Vessey Date: Wed, 23 Jun 2021 12:00:25 -0300 Subject: [PATCH 5/7] Return after failing to find the "aud" claim. --- src/EventSubscriber/JwtEventSubscriber.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/EventSubscriber/JwtEventSubscriber.php b/src/EventSubscriber/JwtEventSubscriber.php index ad439068e..47dd9c32c 100644 --- a/src/EventSubscriber/JwtEventSubscriber.php +++ b/src/EventSubscriber/JwtEventSubscriber.php @@ -116,6 +116,7 @@ public function validate(JwtAuthValidateEvent $event) { if (!in_array(static::AUDIENCE, $token->getClaim('aud'), TRUE)) { $event->invalidate('Missing audience entry.'); + return; } $uid = $token->getClaim('webid'); From 6607e8450d450406a202bebc03fd0fbe0bf45477 Mon Sep 17 00:00:00 2001 From: Adam Vessey Date: Wed, 23 Jun 2021 12:47:09 -0300 Subject: [PATCH 6/7] Permissively allow without the "aud" claim... ... _could_ roll more conditionally, with some state set during an update hook; however, seems like unnecessary complexity. --- src/EventSubscriber/JwtEventSubscriber.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/EventSubscriber/JwtEventSubscriber.php b/src/EventSubscriber/JwtEventSubscriber.php index 47dd9c32c..93c057a30 100644 --- a/src/EventSubscriber/JwtEventSubscriber.php +++ b/src/EventSubscriber/JwtEventSubscriber.php @@ -114,7 +114,14 @@ public function setIslandoraClaims(JwtAuthGenerateEvent $event) { public function validate(JwtAuthValidateEvent $event) { $token = $event->getToken(); - if (!in_array(static::AUDIENCE, $token->getClaim('aud'), TRUE)) { + $aud = $token->getClaim('aud'); + + if (!$aud) { + // Deprecation cycle: Avoid invalidating if there's no "aud" claim, to + // allow tokens in flight before the introduction of this claim to remain + // valid. + } + elseif (!in_array(static::AUDIENCE, $aud, TRUE)) { $event->invalidate('Missing audience entry.'); return; } From 050bfce73311dcbd27e84c31a9b5d81e5a5a82f8 Mon Sep 17 00:00:00 2001 From: Adam Vessey Date: Wed, 23 Jun 2021 13:05:18 -0300 Subject: [PATCH 7/7] Couple of coding standards things. --- src/EventGenerator/EmitEvent.php | 6 +++--- src/EventSubscriber/StompHeaderEventSubscriber.php | 3 +-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/EventGenerator/EmitEvent.php b/src/EventGenerator/EmitEvent.php index e83dc24c8..a06bca559 100644 --- a/src/EventGenerator/EmitEvent.php +++ b/src/EventGenerator/EmitEvent.php @@ -51,7 +51,7 @@ abstract class EmitEvent extends ConfigurableActionBase implements ContainerFact protected $stomp; /** - * Event dispatcher service.. + * Event dispatcher service. * * @var \Symfony\Component\EventDispatcher\EventDispatcherInterface */ @@ -74,8 +74,8 @@ abstract class EmitEvent extends ConfigurableActionBase implements ContainerFact * EventGenerator service to serialize AS2 events. * @param \Stomp\StatefulStomp $stomp * Stomp client. - * @param \Drupal\jwt\Authentication\Provider\JwtAuth $auth - * JWT Auth client. + * @param \Symfony\Component\EventDispatcher\EventDispatcherInterface $event_dispatcher + * Event dispatcher service. */ public function __construct( array $configuration, diff --git a/src/EventSubscriber/StompHeaderEventSubscriber.php b/src/EventSubscriber/StompHeaderEventSubscriber.php index 2ae4bc8d6..47792efd2 100644 --- a/src/EventSubscriber/StompHeaderEventSubscriber.php +++ b/src/EventSubscriber/StompHeaderEventSubscriber.php @@ -5,10 +5,8 @@ use Drupal\islandora\Event\StompHeaderEventInterface; use Drupal\jwt\Authentication\Provider\JwtAuth; -use Drupal\Core\Messenger\MessengerInterface; use Drupal\Core\StringTranslation\StringTranslationTrait; -use Psr\Log\LoggerInterface; use Symfony\Component\EventDispatcher\EventSubscriberInterface; /** @@ -61,4 +59,5 @@ public function baseAuth(StompHeaderEventInterface $stomp_event) { } } + }