From bc56ed16fc77535cad797f6f83f2cddc6bd0a263 Mon Sep 17 00:00:00 2001
From: Adam Vessey <adam-vessey@users.noreply.github.com>
Date: Tue, 22 Jun 2021 17:20:48 -0300
Subject: [PATCH] Add in the "aud" claim.

... ensure we're dealing with our tokens.
---
 src/Event/StompHeaderEvent.php                             | 2 +-
 src/EventGenerator/EmitEvent.php                           | 2 ++
 src/EventSubscriber/JwtEventSubscriber.php                 | 7 +++++++
 ...HeaderSubscriber.php => StompHeaderEventSubscriber.php} | 0
 4 files changed, 10 insertions(+), 1 deletion(-)
 rename src/EventSubscriber/{StompHeaderSubscriber.php => StompHeaderEventSubscriber.php} (100%)

diff --git a/src/Event/StompHeaderEvent.php b/src/Event/StompHeaderEvent.php
index 8fbc1b3a..d6d93c22 100644
--- a/src/Event/StompHeaderEvent.php
+++ b/src/Event/StompHeaderEvent.php
@@ -11,7 +11,7 @@ use Symfony\Component\EventDispatcher\Event;
 /**
  * Event used to build headers for STOMP.
  */
-class StompHeaderEvent implements StompHeaderEventInterface {
+class StompHeaderEvent extends Event implements StompHeaderEventInterface {
 
   /**
    * Stashed entity, for context.
diff --git a/src/EventGenerator/EmitEvent.php b/src/EventGenerator/EmitEvent.php
index 7c66597d..9b2377d3 100644
--- a/src/EventGenerator/EmitEvent.php
+++ b/src/EventGenerator/EmitEvent.php
@@ -11,11 +11,13 @@ use Drupal\Core\Form\FormStateInterface;
 use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
 use Drupal\Core\Session\AccountInterface;
 use Drupal\Core\StringTranslation\StringTranslationTrait;
+use Drupal\islandora\Event\StompHeaderEvent;
 use Drupal\islandora\Event\StompHeaderEventException;
 use Stomp\Exception\StompException;
 use Stomp\StatefulStomp;
 use Stomp\Transport\Message;
 use Symfony\Component\DependencyInjection\ContainerInterface;
+use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 
 /**
  * Configurable action base for actions that publish messages to queues.
diff --git a/src/EventSubscriber/JwtEventSubscriber.php b/src/EventSubscriber/JwtEventSubscriber.php
index 438bfb4b..5fc919f2 100644
--- a/src/EventSubscriber/JwtEventSubscriber.php
+++ b/src/EventSubscriber/JwtEventSubscriber.php
@@ -19,6 +19,8 @@ use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  */
 class JwtEventSubscriber implements EventSubscriberInterface {
 
+  const AUDIENCE = 'islandora';
+
   /**
    * User storage to load users.
    *
@@ -100,6 +102,7 @@ class JwtEventSubscriber implements EventSubscriberInterface {
     $event->addClaim('sub', $this->currentUser->getAccountName());
     $event->addClaim('roles', $this->currentUser->getRoles(FALSE));
 
+    $event->addClaim('aud', [static::AUDIENCE]);
   }
 
   /**
@@ -111,6 +114,10 @@ class JwtEventSubscriber implements EventSubscriberInterface {
   public function validate(JwtAuthValidateEvent $event) {
     $token = $event->getToken();
 
+    if (!in_array(static::AUDIENCE, $token->getClaim('aud'), TRUE)) {
+      $event->invalidate('Missing audience entry.');
+    }
+
     $uid = $token->getClaim('webid');
     $name = $token->getClaim('sub');
     $roles = $token->getClaim('roles');
diff --git a/src/EventSubscriber/StompHeaderSubscriber.php b/src/EventSubscriber/StompHeaderEventSubscriber.php
similarity index 100%
rename from src/EventSubscriber/StompHeaderSubscriber.php
rename to src/EventSubscriber/StompHeaderEventSubscriber.php