Skip to content

Commit 8b2deb7

Browse files
wilrwilr
committed
fix: verifyToken should give back latest member information
1 parent 720aaf5 commit 8b2deb7

File tree

2 files changed

+38
-4
lines changed

2 files changed

+38
-4
lines changed

src/Controllers/ApiController.php

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -284,15 +284,33 @@ public function getJwt()
284284
return $this->httpError(401);
285285
}
286286

287+
$token = JWT::decode(
288+
$bearer,
289+
new Key(
290+
Config::inst()->get(JWTUtils::class, 'secret'),
291+
'HS256'
292+
)
293+
);
294+
287295
$jwt = JWTUtils::inst()->renew($bearer);
288296

289297
if (!$jwt) {
290298
return $this->httpError(401);
291299
}
292300

301+
// Set the current user
302+
$memberId = $token->memberId;
303+
$member = Member::get()->byID($memberId);
304+
305+
if ($member) {
306+
Injector::inst()->get(IdentityStore::class)->logIn($member);
307+
Security::setCurrentUser($member);
308+
}
309+
293310
return $jwt;
294311
}
295312

313+
296314
public function getAuthorizationHeader(): string
297315
{
298316
$header = '';

src/Controllers/AuthController.php

Lines changed: 20 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,8 @@
44

55
use Level51\JWTUtils\JWTUtils;
66
use Level51\JWTUtils\JWTUtilsException;
7+
use SilverStripe\Security\Member;
8+
use SilverStripe\Security\Security;
79

810
class AuthController extends ApiController
911
{
@@ -12,31 +14,45 @@ class AuthController extends ApiController
1214
'verify',
1315
];
1416

15-
private static $test = '123';
16-
1717
/**
1818
* The token is acquired by using basic auth. Once the user has entered the
1919
* username / password and completed this first step then we give them back
2020
* a token which contains their information
2121
*/
2222
public function token() {
2323
try {
24-
$payload = JWTUtils::inst()->byBasicAuth($this->request);
24+
$payload = JWTUtils::inst()->byBasicAuth($this->request, true);
25+
26+
if (isset($payload['member']['id'])) {
27+
$member = Member::get()->byID($payload['member']['id']);
28+
29+
if ($member) {
30+
$payload['member'] = array_merge($payload['member'], $member->toApi());
31+
}
32+
33+
return $this->returnArray($payload);
34+
}
2535

2636
return $this->returnArray($payload);
2737
} catch (JWTUtilsException $e) {
2838
return $this->httpError(403, $e->getMessage());
2939
}
3040
}
3141

42+
3243
/**
3344
* Verifies a token is valid
3445
*/
3546
public function verify()
3647
{
3748
if ($jwt = $this->getJwt()) {
49+
$member = Security::getCurrentUser();
50+
3851
return $this->returnArray(
39-
['token' => $jwt]
52+
[
53+
'token' => $jwt,
54+
'member' => $member->toApi(),
55+
]
4056
);
4157
}
4258
}

0 commit comments

Comments
 (0)