Skip to content

Commit b6f3bf3

Browse files
lmajanolmajano
committed
tons of jwt events
1 parent 050b415 commit b6f3bf3

File tree

2 files changed

+64
-8
lines changed

2 files changed

+64
-8
lines changed

ModuleConfig.cfc

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -106,8 +106,18 @@ component {
106106
// Security Interceptions
107107
interceptorSettings = {
108108
customInterceptionPoints = [
109+
// Validator Events
109110
"cbSecurity_onInvalidAuthentication",
110-
"cbSecurity_onInvalidAuhtorization"
111+
"cbSecurity_onInvalidAuhtorization",
112+
// JWT Events
113+
"cbSecurity_onJWTCreation",
114+
"cbSecurity_onJWTInvalidation",
115+
"cbSecurity_onJWTValidAuthentication",
116+
"cbSecurity_onJWTInvalidUser",
117+
"cbSecurity_onJWTInvalidClaims",
118+
"cbSecurity_onJWTExpiration",
119+
"cbSecurity_onJWTStorageRejection",
120+
"cbSecurity_onJWTValidParsing"
111121
]
112122
};
113123

models/jwt/JwtService.cfc

Lines changed: 53 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -125,12 +125,8 @@ component accessors="true" singleton{
125125
// Append incoming custom claims with override, they take prescedence
126126
structAppend( payload, arguments.customClaims, true );
127127

128-
// Create the token
129-
var jwtToken = jwt.encode(
130-
payload,
131-
variables.settings.jwt.secretKey,
132-
variables.settings.jwt.algorithm
133-
);
128+
// Create the token for the user
129+
var jwtToken = this.encode( payload );
134130

135131
// Store it with the expiration as well if enabled
136132
if( variables.settings.jwt.tokenStorage.enabled ){
@@ -142,6 +138,13 @@ component accessors="true" singleton{
142138
);
143139
}
144140

141+
// Announce the creation
142+
variables.interceptorService.processState( "cbSecurity_onJWTCreation", {
143+
token : jwtToken,
144+
payload : arguments.payload,
145+
user : arguments.user
146+
} );
147+
145148
// Return it
146149
return jwtToken;
147150
}
@@ -158,6 +161,12 @@ component accessors="true" singleton{
158161

159162
// Verify it
160163
if( isNull( oUser ) || !len( oUser.getId() ) ){
164+
// Announce the creation
165+
variables.interceptorService.processState( "cbSecurity_onJWTInvalidUser", {
166+
token : this.getToken(),
167+
payload : this.getPayload()
168+
} );
169+
161170
throw(
162171
message = "The user (#getPayload().sub#) was not found by the user service",
163172
type = "InvalidTokenUser"
@@ -172,6 +181,13 @@ component accessors="true" singleton{
172181
.getContext()
173182
.setPrivateValue( variables.settings.prcUserVariable, oUser );
174183

184+
// Announce the creation
185+
variables.interceptorService.processState( "cbSecurity_onJWTValidAuthentication", {
186+
token : this.getToken(),
187+
payload : this.getPayload(),
188+
user : oUser
189+
} );
190+
175191
// Return the user
176192
return oUser;
177193
}
@@ -185,7 +201,13 @@ component accessors="true" singleton{
185201
if( variables.log.canInfo() ){
186202
variables.log.info( "Token invalidation request issued for :#arguments.token#" );
187203
}
188-
return getTokenStorage().clear( arguments.token );
204+
205+
var results = getTokenStorage().clear( arguments.token );
206+
207+
// Announce the creation
208+
variables.interceptorService.processState( "cbSecurity_onJWTInvalidation", {
209+
token : arguments.token
210+
} );
189211
}
190212

191213
/************************************************************************************/
@@ -236,6 +258,12 @@ component accessors="true" singleton{
236258
variables.log.warn( "Token is invalid as it does not contain the `#arguments.item#` claim", decodedToken );
237259
}
238260

261+
// Announce the creation
262+
variables.interceptorService.processState( "cbSecurity_onJWTInvalidClaims", {
263+
token : jwtToken,
264+
payload : decodedToken
265+
} );
266+
239267
throw(
240268
message = "Token is invalid as it does not contain the `#arguments.item#` claim",
241269
type = "TokenInvalidException"
@@ -250,6 +278,12 @@ component accessors="true" singleton{
250278
variables.log.warn( "Token rejected, it has expired", decodedToken );
251279
}
252280

281+
// Announce the creation
282+
variables.interceptorService.processState( "cbSecurity_onJWTExpiration", {
283+
token : jwtToken,
284+
payload : decodedToken
285+
} );
286+
253287
throw(
254288
message = "Token has expired",
255289
type = "TokenExpiredException"
@@ -262,6 +296,12 @@ component accessors="true" singleton{
262296
variables.log.warn( "Token rejected, it was not found in token storage", decodedToken );
263297
}
264298

299+
// Announce the creation
300+
variables.interceptorService.processState( "cbSecurity_onJWTStorageRejection", {
301+
token : jwtToken,
302+
payload : decodedToken
303+
} );
304+
265305
throw(
266306
message = "Token has expired, not found in storage",
267307
detail = "Storage lookup failed",
@@ -280,6 +320,12 @@ component accessors="true" singleton{
280320
.setPrivateValue( "jwt_token", jwtToken )
281321
.setPrivateValue( "jwt_payload", decodedToken );
282322

323+
// Announce the creation
324+
variables.interceptorService.processState( "cbSecurity_onJWTValidParsing", {
325+
token : jwtToken,
326+
payload : decodedToken
327+
} );
328+
283329
// Authenticate the payload
284330
authenticate();
285331

0 commit comments

Comments
 (0)