Merge pull request #1040 from kenjis/fix-jwt-loggedIn

fix: `JWT::loggedIn()` does not remove `Bearer` prefix

Author: datamweb

src/Authentication/Authenticators/JWT.php

@@ -14,6 +14,7 @@
 namespace CodeIgniter\Shield\Authentication\Authenticators;
 
 use CodeIgniter\HTTP\IncomingRequest;
+use CodeIgniter\HTTP\RequestInterface;
 use CodeIgniter\I18n\Time;
 use CodeIgniter\Shield\Authentication\AuthenticationException;
 use CodeIgniter\Shield\Authentication\AuthenticatorInterface;
@@ -206,14 +207,34 @@ public function loggedIn(): bool
         /** @var IncomingRequest $request */
         $request = service('request');
 
-        /** @var AuthJWT $config */
-        $config = config('AuthJWT');
+        $token = $this->getTokenFromRequest($request);
 
         return $this->attempt([
-            'token' => $request->getHeaderLine($config->authenticatorHeader),
+            'token' => $token,
         ])->isOK();
     }
 
+    /**
+     * Gets token from Request.
+     */
+    public function getTokenFromRequest(RequestInterface $request): string
+    {
+        assert($request instanceof IncomingRequest);
+
+        /** @var AuthJWT $config */
+        $config = config('AuthJWT');
+
+        $tokenHeader = $request->getHeaderLine(
+            $config->authenticatorHeader ?? 'Authorization'
+        );
+
+        if (strpos($tokenHeader, 'Bearer') === 0) {
+            return trim(substr($tokenHeader, 6));
+        }
+
+        return $tokenHeader;
+    }
+
     /**
      * Logs the given user in by saving them to the class.
      */

src/Filters/JWTAuth.php

@@ -19,7 +19,6 @@
 use CodeIgniter\HTTP\Response;
 use CodeIgniter\HTTP\ResponseInterface;
 use CodeIgniter\Shield\Authentication\Authenticators\JWT;
-use CodeIgniter\Shield\Config\AuthJWT;
 use Config\Services;
 
 /**
@@ -45,7 +44,7 @@ public function before(RequestInterface $request, $arguments = null)
         /** @var JWT $authenticator */
         $authenticator = auth('jwt')->getAuthenticator();
 
-        $token = $this->getTokenFromHeader($request);
+        $token = $authenticator->getTokenFromRequest($request);
 
         $result = $authenticator->attempt(['token' => $token]);
 
@@ -62,24 +61,6 @@ public function before(RequestInterface $request, $arguments = null)
         }
     }
 
-    private function getTokenFromHeader(RequestInterface $request): string
-    {
-        assert($request instanceof IncomingRequest);
-
-        /** @var AuthJWT $config */
-        $config = config('AuthJWT');
-
-        $tokenHeader = $request->getHeaderLine(
-            $config->authenticatorHeader ?? 'Authorization'
-        );
-
-        if (strpos($tokenHeader, 'Bearer') === 0) {
-            return trim(substr($tokenHeader, 6));
-        }
-
-        return $tokenHeader;
-    }
-
     /**
      * We don't have anything to do here.
      *

tests/Authentication/Authenticators/JWTAuthenticatorTest.php

@@ -282,4 +282,16 @@ private function generateJWT(?Time $clock = null): string
 
         return $generator->generateToken($this->user);
     }
+
+    public function testGetTokenFromRequest(): void
+    {
+        $request = Services::incomingrequest(null, false);
+
+        $jwt = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c';
+        $request->setHeader('Authorization', 'Bearer ' . $jwt);
+
+        $token = $this->auth->getTokenFromRequest($request);
+
+        $this->assertSame($jwt, $token);
+    }
 }