Dominique.Fournier/DomFramework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

authentication : the JWT is now defined only in property authServer, and not by adding new parameter

Browse Source 
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5293 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
Dominique Fournier
2019-05-25 22:47:26 +00:00
parent e8517ea495
commit 0a619ff71b
1 changed files with 26 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
authentication.php
View File

@@ -44,22 +44,6 @@ class authentication
/** The authentication methods. Can be ldap, sympa...*/ /** The authentication methods. Can be ldap, sympa...*/
public $authMethods = array (); public $authMethods = array ();
/** Add the server key used to create the JSON Web Token.
* Without it, the JWT is not added to the valid authentication page
*/
public $jwtServerKey = null;
/** The name of the JSON Web Token set in localStorage of the client browser
* if the authentication is valid. Will be used later by JS on client with
* Bearer authentication for REST API.
*/
public $jwtName = "DFKJWT";
/** The JST Algorithm used to sign the JWT
* Allowed algorithms : HS256, HS512, HS384
*/
public $jwtAlgorithm = "HS256";
/** The authentication servers configuration /** The authentication servers configuration
* array ("authXXXX" => array ( * array ("authXXXX" => array (
* array ("ldapserver" => "ldaps://server.domain.fr", * array ("ldapserver" => "ldaps://server.domain.fr",
@@ -132,12 +116,15 @@ class authentication
"Logout for '".$param["email"]."'"); "Logout for '".$param["email"]."'");
$authsession->logout (); $authsession->logout ();
unset ($_SESSION["domframework"]["authentication"]); unset ($_SESSION["domframework"]["authentication"]);
if ($this->jwtServerKey !== null) if (isset ($this->authServers["authjwt"]["serverKey"]))
{ {
$tokenName = "DFKJWT";
if (isset ($this->authServers["authjwt"]["tokenName"]))
$tokenName = $this->authServers["authjwt"]["tokenName"];
// Unset the JSON Web Token as the authentication // Unset the JSON Web Token as the authentication
if ($this->route->debug) if ($this->route->debug)
echo "<tt>Unset the JSON Web Token '$this->jwtName'</tt><br/>\n"; echo "<tt>Unset the JSON Web Token '$tokenName'</tt><br/>\n";
echo "<script>localStorage.removeItem('$this->jwtName');</script>\n"; echo "<script>localStorage.removeItem('$tokenName');</script>\n";
} }
if ($this->debug) echo "Redirect to authentication page"; if ($this->debug) echo "Redirect to authentication page";
if ($this->debug) $this->route->debug = $this->debug; if ($this->debug) $this->route->debug = $this->debug;
@@ -252,11 +239,14 @@ class authentication
$session = new authsession (); $session = new authsession ();
$session->savedata ($authparams->email, $authparams->password, $session->savedata ($authparams->email, $authparams->password,
$res["lastname"], $res["firstname"]); $res["lastname"], $res["firstname"]);
if ($this->jwtServerKey !== null) if (isset ($this->authServers["authjwt"]["serverKey"]))
{ {
// Set the JSON Web Token as the authentication is valid // Set the JSON Web Token as the authentication is valid
$tokenName = "DFKJWT";
if (isset ($this->authServers["authjwt"]["tokenName"]))
$tokenName = $this->authServers["authjwt"]["tokenName"];
$token = $this->createJwtToken ($authparams->email); $token = $this->createJwtToken ($authparams->email);
echo "<script>localStorage.setItem('$this->jwtName','$token');". echo "<script>localStorage.setItem('$tokenName','$token');".
"</script>\n"; "</script>\n";
} }
if ($url === "") if ($url === "")
@@ -301,15 +291,19 @@ class authentication
public function createJwtToken ($email) public function createJwtToken ($email)
// {{{ // {{{
{ {
if ($this->jwtServerKey !== null) if (isset ($this->authServers["authjwt"]["serverKey"]))
{ {
// Set the JSON Web Token as the authentication is valid // Set the JSON Web Token as the authentication is valid
require_once ("domframework/jwt.php"); require_once ("domframework/jwt.php");
$algorithm = "HS256";
if (isset ($this->authServers["authjwt"]["algorithm"]))
$algorithm = $this->authServers["authjwt"]["algorithm"];
$payloadArray = array(); $payloadArray = array();
$payloadArray["email"] = $email; $payloadArray["email"] = $email;
$jwt = new jwt (); $jwt = new jwt ();
$token = $jwt->encode ($payloadArray, $this->jwtServerKey, $token = $jwt->encode ($payloadArray,
$this->jwtAlgorithm); $this->authServers["authjwt"]["serverKey"],
$algorithm);
return $token; return $token;
} }
} }
@@ -379,6 +373,7 @@ class authentication
echo "verifAuth : using auth cache (push in debug=2 to skip)\n"; echo "verifAuth : using auth cache (push in debug=2 to skip)\n";
return $_SESSION["domframework"]["authentication"]["authcache"]; return $_SESSION["domframework"]["authentication"]["authcache"];
} }
$authServers = $this->authServers;
foreach ($this->authMethods as $method) foreach ($this->authMethods as $method)
{ {
@@ -388,23 +383,23 @@ class authentication
throw new \Exception ("The authentication method is not a string", 500); throw new \Exception ("The authentication method is not a string", 500);
$classname = "auth$method"; $classname = "auth$method";
require_once ("domframework/$classname.php"); require_once ("domframework/$classname.php");
if (! array_key_exists ($classname, $this->authServers)) if (! array_key_exists ($classname, $authServers))
throw new \Exception ("No authentication server '$classname' enabled", throw new \Exception ("No authentication server '$classname' enabled",
500); 500);
// If only one server is defined, the parameters can directely be pushed // If only one server is defined, the parameters can directely be pushed
// to the classname // to the classname
if (! is_array (reset ($this->authServers[$classname]))) if (! is_array (reset ($authServers[$classname])))
{ {
$this->authServers[$classname] = array ($this->authServers[$classname]); $authServers[$classname] = array ($authServers[$classname]);
} }
if ($this->debug >= 2) if ($this->debug >= 2)
echo "Authentication method=$method : authServers=". echo "Authentication method=$method : authServers=".
var_export ($this->authServers[$classname])."\n"; var_export ($authServers[$classname])."\n";
if (! is_array ($this->authServers[$classname]) || if (! is_array ($authServers[$classname]) ||
count ($this->authServers[$classname]) === 0) count ($authServers[$classname]) === 0)
throw new \Exception ("No authentication server defined for method ". throw new \Exception ("No authentication server defined for method ".
"'$method'", 500); "'$method'", 500);
foreach ($this->authServers[$classname] as $key=>$serversParam) foreach ($authServers[$classname] as $key=>$serversParam)
{ {
if ($this->debug) if ($this->debug)
echo "Test auth server $method # $classname # $key\n"; echo "Test auth server $method # $classname # $key\n";