search

dmkit / phalcon-jwt-auth

Basic jwt authentication class for Phalcon framework
MIT License
36 stars 22 forks source link

Signature verification failed #2

Closed yoh-m closed 7 years ago

yoh-m commented 7 years ago

Hi @dmkit ,

I just started learning PhalconPHP and decided to create a simple API, using jwt auth. I can generate the token without any problem, but when I try to access a protected route I always have a "Signature verification failed". I went on https://jwt.io/#debugger and pasted my token and my secret and it verified properly.

Any help appreciated!

Here is my index:

<?php

require __DIR__ . '/../vendor/autoload.php';

use Dmkit\Phalcon\Auth\Middleware\Micro as AuthMicro;
use Phalcon\Config\Adapter\Ini as ConfigIni;
use Phalcon\Db\Adapter\Pdo\Mysql as PdoMysql;
use Phalcon\Di\FactoryDefault;
use Phalcon\Http\Response;
use Phalcon\Loader;
use Phalcon\Mvc\Micro;
use Phalcon\Mvc\Micro\Collection as MicroCollection;

// Use Loader() to autoload our model
$loader = new Loader();
$loader->registerNamespaces([
    "App\Controller" => __DIR__ . "/../controllers/",
    "App\Model" => __DIR__ . "/../models/",
]);

$loader->register();

$di = new FactoryDefault();
$config = new ConfigIni(__DIR__ . "/../config.ini");

// Set config
$di->set("config", function () use ($config) {
    return $config;
});

// Set up the database service
$di->set("db", function () {
    return new PdoMysql([
        "host" => "localhost",
        "username" => "...",
        "password" => "...",
        "dbname" => "...",
    ]);
});

$app = new Micro($di);
$auth = new AuthMicro($app);

/* Registering routes for each controller */
$test = new MicroCollection();
$test->setHandler('App\Controller\TestController', true);
$test->setPrefix('/tests');
$test->get('/', 'list');
$test->get('/{id:[0-9]+}', 'get');

$user = new MicroCollection();
$user->setHandler('App\Controller\UserController', true);
$user->setPrefix('/users');
$user->post('/token', 'token');

$app->mount($test);
$app->mount($user);

$app->handle();

The config.ini is the one in the README with just this line added: ignoreUri[] = /users/token:POST

And the method used to generate the token:

    public function token()
    {
        $response = new Response();
        $data = [
            'success' => false,
        ];
        $content = $this->request->getJsonRawBody();

        if (property_exists($content, "username") && property_exists($content, "password")) {
            $phql = "SELECT * FROM " . User::class . " WHERE username = :username:";
            $user = $this->modelsManager->executeQuery($phql, [
                "username" => $content->username,
            ])->getFirst();

            if ($user && $user instanceof User) {
                if (password_verify($content->password, $user->getPassword())) {
                    $payload = [
                        'sub' => $user->getId(),
                        'email' => $user->getEmail(),
                        'username' => $user->getUsername(),
                        'role' => 'admin',
                        'iat' => time(),
                    ];
                    $token = $this->auth->make($payload);

                    $data = [
                        'success' => true,
                        'token' => $token,
                    ];
                }
            }
        }

        $response->setJsonContent($data);

        return $response;
    }

I'm working with PHP 7.0 and PhalconPHP 3.2.0.

Did I miss something?

dmkit commented 7 years ago

Could you paste the config you have for the JWT AUTH? You can replace the secret key with something else :)

dmkit commented 7 years ago

Didn't get a feedback. Closing this one out....