authentication : the JWT is now defined only in property authServer, and not by adding new parameter
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5293 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
@@ -44,22 +44,6 @@ class authentication
|
||||
/** The authentication methods. Can be ldap, sympa...*/
|
||||
public $authMethods = array ();
|
||||
|
||||
/** Add the server key used to create the JSON Web Token.
|
||||
* Without it, the JWT is not added to the valid authentication page
|
||||
*/
|
||||
public $jwtServerKey = null;
|
||||
|
||||
/** The name of the JSON Web Token set in localStorage of the client browser
|
||||
* if the authentication is valid. Will be used later by JS on client with
|
||||
* Bearer authentication for REST API.
|
||||
*/
|
||||
public $jwtName = "DFKJWT";
|
||||
|
||||
/** The JST Algorithm used to sign the JWT
|
||||
* Allowed algorithms : HS256, HS512, HS384
|
||||
*/
|
||||
public $jwtAlgorithm = "HS256";
|
||||
|
||||
/** The authentication servers configuration
|
||||
* array ("authXXXX" => array (
|
||||
* array ("ldapserver" => "ldaps://server.domain.fr",
|
||||
@@ -132,12 +116,15 @@ class authentication
|
||||
"Logout for '".$param["email"]."'");
|
||||
$authsession->logout ();
|
||||
unset ($_SESSION["domframework"]["authentication"]);
|
||||
if ($this->jwtServerKey !== null)
|
||||
if (isset ($this->authServers["authjwt"]["serverKey"]))
|
||||
{
|
||||
$tokenName = "DFKJWT";
|
||||
if (isset ($this->authServers["authjwt"]["tokenName"]))
|
||||
$tokenName = $this->authServers["authjwt"]["tokenName"];
|
||||
// Unset the JSON Web Token as the authentication
|
||||
if ($this->route->debug)
|
||||
echo "<tt>Unset the JSON Web Token '$this->jwtName'</tt><br/>\n";
|
||||
echo "<script>localStorage.removeItem('$this->jwtName');</script>\n";
|
||||
echo "<tt>Unset the JSON Web Token '$tokenName'</tt><br/>\n";
|
||||
echo "<script>localStorage.removeItem('$tokenName');</script>\n";
|
||||
}
|
||||
if ($this->debug) echo "Redirect to authentication page";
|
||||
if ($this->debug) $this->route->debug = $this->debug;
|
||||
@@ -252,11 +239,14 @@ class authentication
|
||||
$session = new authsession ();
|
||||
$session->savedata ($authparams->email, $authparams->password,
|
||||
$res["lastname"], $res["firstname"]);
|
||||
if ($this->jwtServerKey !== null)
|
||||
if (isset ($this->authServers["authjwt"]["serverKey"]))
|
||||
{
|
||||
// Set the JSON Web Token as the authentication is valid
|
||||
$tokenName = "DFKJWT";
|
||||
if (isset ($this->authServers["authjwt"]["tokenName"]))
|
||||
$tokenName = $this->authServers["authjwt"]["tokenName"];
|
||||
$token = $this->createJwtToken ($authparams->email);
|
||||
echo "<script>localStorage.setItem('$this->jwtName','$token');".
|
||||
echo "<script>localStorage.setItem('$tokenName','$token');".
|
||||
"</script>\n";
|
||||
}
|
||||
if ($url === "")
|
||||
@@ -301,15 +291,19 @@ class authentication
|
||||
public function createJwtToken ($email)
|
||||
// {{{
|
||||
{
|
||||
if ($this->jwtServerKey !== null)
|
||||
if (isset ($this->authServers["authjwt"]["serverKey"]))
|
||||
{
|
||||
// Set the JSON Web Token as the authentication is valid
|
||||
require_once ("domframework/jwt.php");
|
||||
$algorithm = "HS256";
|
||||
if (isset ($this->authServers["authjwt"]["algorithm"]))
|
||||
$algorithm = $this->authServers["authjwt"]["algorithm"];
|
||||
$payloadArray = array();
|
||||
$payloadArray["email"] = $email;
|
||||
$jwt = new jwt ();
|
||||
$token = $jwt->encode ($payloadArray, $this->jwtServerKey,
|
||||
$this->jwtAlgorithm);
|
||||
$token = $jwt->encode ($payloadArray,
|
||||
$this->authServers["authjwt"]["serverKey"],
|
||||
$algorithm);
|
||||
return $token;
|
||||
}
|
||||
}
|
||||
@@ -379,6 +373,7 @@ class authentication
|
||||
echo "verifAuth : using auth cache (push in debug=2 to skip)\n";
|
||||
return $_SESSION["domframework"]["authentication"]["authcache"];
|
||||
}
|
||||
$authServers = $this->authServers;
|
||||
|
||||
foreach ($this->authMethods as $method)
|
||||
{
|
||||
@@ -388,23 +383,23 @@ class authentication
|
||||
throw new \Exception ("The authentication method is not a string", 500);
|
||||
$classname = "auth$method";
|
||||
require_once ("domframework/$classname.php");
|
||||
if (! array_key_exists ($classname, $this->authServers))
|
||||
if (! array_key_exists ($classname, $authServers))
|
||||
throw new \Exception ("No authentication server '$classname' enabled",
|
||||
500);
|
||||
// If only one server is defined, the parameters can directely be pushed
|
||||
// to the classname
|
||||
if (! is_array (reset ($this->authServers[$classname])))
|
||||
if (! is_array (reset ($authServers[$classname])))
|
||||
{
|
||||
$this->authServers[$classname] = array ($this->authServers[$classname]);
|
||||
$authServers[$classname] = array ($authServers[$classname]);
|
||||
}
|
||||
if ($this->debug >= 2)
|
||||
echo "Authentication method=$method : authServers=".
|
||||
var_export ($this->authServers[$classname])."\n";
|
||||
if (! is_array ($this->authServers[$classname]) ||
|
||||
count ($this->authServers[$classname]) === 0)
|
||||
var_export ($authServers[$classname])."\n";
|
||||
if (! is_array ($authServers[$classname]) ||
|
||||
count ($authServers[$classname]) === 0)
|
||||
throw new \Exception ("No authentication server defined for method ".
|
||||
"'$method'", 500);
|
||||
foreach ($this->authServers[$classname] as $key=>$serversParam)
|
||||
foreach ($authServers[$classname] as $key=>$serversParam)
|
||||
{
|
||||
if ($this->debug)
|
||||
echo "Test auth server $method # $classname # $key\n";
|
||||
|
||||
Reference in New Issue
Block a user