Handling exceptions

README.md

@@ -122,7 +122,7 @@ Appends to the authenticated user the full decoded JWT token. Useful if you need
 
 *Required*
 
-Comma separated list of allowed resources accepted by API. This attribute will be confronted against `resource_access` attribute from JWT token, while authenticating.
+Usually you API should handle one *resource_access*. But, if you handle multiples, just use a comma separated list of allowed resources accepted by API. This attribute will be confronted against `resource_access` attribute from JWT token, while authenticating.
 
 ## Laravel auth config
 

src/Exceptions/KeycloakGuardException.php

@@ -0,0 +1,10 @@
+<?php
+namespace KeycloakGuard\Exceptions;
+
+class KeycloakGuardException extends \UnexpectedValueException
+{
+  public function __construct(string $message)
+  {
+    $this->message = "[Keycloack Guard] {$message}";
+  }
+}

src/Exceptions/ResourceAccessNotAllowedException.php

@@ -0,0 +1,7 @@
+<?php
+namespace KeycloakGuard\Exceptions;
+
+class ResourceAccessNotAllowedException extends KeycloakGuardException
+{
+
+}

src/Exceptions/TokenException.php

@@ -0,0 +1,7 @@
+<?php
+namespace KeycloakGuard\Exceptions;
+
+class TokenException extends KeycloakGuardException
+{
+
+}

src/Exceptions/UserNotFoundException.php

@@ -0,0 +1,7 @@
+<?php
+namespace KeycloakGuard\Exceptions;
+
+class UserNotFoundException extends KeycloakGuardException
+{
+
+}

src/KeycloakGuard.php

@@ -5,6 +5,9 @@
 use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Contracts\Auth\UserProvider;
 use Illuminate\Http\Request;
+use KeycloakGuard\Exceptions\TokenException;
+use KeycloakGuard\Exceptions\UserNotFoundException;
+use KeycloakGuard\Exceptions\ResourceAccessNotAllowedException;
 
 class KeycloakGuard implements Guard
 {
@@ -18,7 +21,25 @@ public function __construct(UserProvider $provider, Request $request)
     $this->config = config('keycloak');
     $this->user = null;
     $this->provider = $provider;
-    $this->decodedToken = Token::decode($request->bearerToken(), $this->config['realm_public_key']);
+    $this->decodedToken = null;
+    $this->request = $request;
+
+    $this->authenticate();
+  }
+
+  /**
+   * Decode token, validate and authenticate user
+   *
+   * @return mixed
+   */
+
+  private function authenticate()
+  {
+    try {
+      $this->decodedToken = Token::decode($this->request->bearerToken(), $this->config['realm_public_key']);
+    } catch (\Exception $e) {
+      throw new TokenException($e->getMessage());
+    }
 
     if ($this->decodedToken) {
       $this->validate([
@@ -27,6 +48,7 @@ public function __construct(UserProvider $provider, Request $request)
     }
   }
 
+
   /**
    * Determine if the current user is authenticated.
    *
@@ -93,6 +115,10 @@ public function validate(array $credentials = [])
 
     $user = $this->provider->retrieveByCredentials($credentials);
 
+    if (!$user) {
+      throw new UserNotFoundException("User not found. Credentials: " . json_encode($credentials));
+    }
+
     $this->setUser($user);
 
     return true;
@@ -122,7 +148,7 @@ private function validateResources()
     $allowed_resources = explode(',', $this->config['allowed_resources']);
 
     if (count(array_intersect($token_resource_access, $allowed_resources)) == 0) {
-      throw new ResourceNotAllowedException("The decoded JWT token has not a valid resource_access allowed by API. Allowed resources by API: " . $this->config['allowed_resources']);
+      throw new ResourceAccessNotAllowedException("The decoded JWT token has not a valid `resource_access` allowed by API. Allowed resources by API: " . $this->config['allowed_resources']);
     }
   }