JSON Web Token is now in authentication process
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5288 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
@@ -99,6 +99,20 @@ class authentication
|
||||
return $this->email;
|
||||
}*/
|
||||
|
||||
/** Setter/Getter for debug
|
||||
* @param integer|null $debug The debug value to get/set
|
||||
* @return the actual value or this
|
||||
*/
|
||||
public function debug ($debug = null)
|
||||
// {{{
|
||||
{
|
||||
if ($debug === null)
|
||||
return $this->debug;
|
||||
$this->debug = intval ($debug);
|
||||
return $this;
|
||||
}
|
||||
// }}}
|
||||
|
||||
/** Disconnect the user
|
||||
* @param string|null $url The url to be redirected after a valid
|
||||
* logout
|
||||
@@ -106,6 +120,7 @@ class authentication
|
||||
public function logout ($url = "")
|
||||
// {{{
|
||||
{
|
||||
// TODO : Foreach authentication methods->logout ();
|
||||
if (session_id () === "")
|
||||
session_start ();
|
||||
if ($this->debug) echo "<pre>LOGOUT\n";
|
||||
@@ -117,7 +132,7 @@ class authentication
|
||||
"Logout for '".$param["email"]."'");
|
||||
$authsession->logout ();
|
||||
unset ($_SESSION["domframework"]["authentication"]);
|
||||
if ($this->jwtName !== null)
|
||||
if ($this->jwtServerKey !== null)
|
||||
{
|
||||
// Unset the JSON Web Token as the authentication
|
||||
if ($this->route->debug)
|
||||
@@ -149,7 +164,6 @@ class authentication
|
||||
session_start ();
|
||||
$auth = new auth ();
|
||||
$authparams = new authparams (array ("session"));
|
||||
$authparams->jwtServerKey = $this->jwtServerKey;
|
||||
if (isset ($_SESSION["domframework"]["authentication"]["message"]))
|
||||
$message = $_SESSION["domframework"]["authentication"]["message"];
|
||||
else
|
||||
@@ -241,16 +255,7 @@ class authentication
|
||||
if ($this->jwtServerKey !== null)
|
||||
{
|
||||
// Set the JSON Web Token as the authentication is valid
|
||||
require_once ("domframework/jwt.php");
|
||||
$payloadArray = array();
|
||||
$payloadArray['nbf'] = gmdate ("Y-m-d H:i:s");
|
||||
$payloadArray["email"] = $authparams->email;
|
||||
$jwt = new jwt ();
|
||||
$token = $jwt->encode ($payloadArray, $this->jwtServerKey,
|
||||
$this->jwtAlgorithm);
|
||||
if ($this->route->debug)
|
||||
echo "<tt>Set the JSON Web Token '$this->jwtName' with value '$token'".
|
||||
"</tt><br/>\n";
|
||||
$token = $this->createJwtToken ($authparams->email);
|
||||
echo "<script>localStorage.setItem('$this->jwtName','$token');".
|
||||
"</script>\n";
|
||||
}
|
||||
@@ -262,6 +267,7 @@ class authentication
|
||||
// }}}
|
||||
|
||||
/** Check all the REST API
|
||||
* @return array The details provided by the authentication mecanism
|
||||
*/
|
||||
public function verifAuthREST ()
|
||||
// {{{
|
||||
@@ -270,7 +276,6 @@ class authentication
|
||||
echo "=== entering verifAuthREST (restMethods=".
|
||||
print_r ($this->restMethods, true).")\n";
|
||||
$authparams = new authparams ($this->restMethods);
|
||||
$authparams->jwtServerKey = $this->jwtServerKey;
|
||||
$res = array ("email"=>"anonymous", "password"=>"anonymous");
|
||||
if ($authparams->email !== "anonymous" &&
|
||||
$authparams->password !== "anonymous")
|
||||
@@ -290,7 +295,27 @@ class authentication
|
||||
}
|
||||
// }}}
|
||||
|
||||
/** Return the JSON Web Token
|
||||
*/
|
||||
public function createJwtToken ($email)
|
||||
// {{{
|
||||
{
|
||||
if ($this->jwtServerKey !== null)
|
||||
{
|
||||
// Set the JSON Web Token as the authentication is valid
|
||||
require_once ("domframework/jwt.php");
|
||||
$payloadArray = array();
|
||||
$payloadArray["email"] = $email;
|
||||
$jwt = new jwt ();
|
||||
$token = $jwt->encode ($payloadArray, $this->jwtServerKey,
|
||||
$this->jwtAlgorithm);
|
||||
return $token;
|
||||
}
|
||||
}
|
||||
// }}}
|
||||
|
||||
/** Check all the others pages of the site
|
||||
* @return array The details provided by the authentication mecanism
|
||||
*/
|
||||
public function verifAuthHTML ()
|
||||
// {{{
|
||||
@@ -301,7 +326,6 @@ class authentication
|
||||
echo "=== entering verifAuthHTML (htmlMethods=".
|
||||
print_r ($this->htmlMethods, true).")\n";
|
||||
$authparams = new authparams ($this->htmlMethods);
|
||||
$authparams->jwtServerKey = $this->jwtServerKey;
|
||||
// Don't ask to the provider if anonymous is known
|
||||
if ($authparams->email === "anonymous" || $authparams->email === null)
|
||||
{
|
||||
|
||||
26
authjwt.php
26
authjwt.php
@@ -4,12 +4,23 @@
|
||||
* @author Dominique Fournier <dominique@fournier38.fr>
|
||||
*/
|
||||
|
||||
require_once ("domframework/jwt.php");
|
||||
|
||||
/** User authentication against JSON Web Token */
|
||||
class authjwt extends auth
|
||||
{
|
||||
/** The JSON Web Token Server key if used
|
||||
*/
|
||||
public $jwtServerKey = null;
|
||||
|
||||
/** If the user is valid, return the email in details
|
||||
*/
|
||||
private $email = null;
|
||||
|
||||
/** Save the token
|
||||
*/
|
||||
private $token = null;
|
||||
|
||||
/** No connection to JWT */
|
||||
public function connect ()
|
||||
// {{{
|
||||
@@ -26,20 +37,27 @@ class authjwt extends auth
|
||||
{
|
||||
if (! isset ($_SERVER["HTTP_AUTHENTICATION"]))
|
||||
throw new \Exception ("No Authentication available", 401);
|
||||
if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer")
|
||||
if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer ")
|
||||
throw new \Exception ("No Bearer Authentication available", 401);
|
||||
$token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
|
||||
$jwt = new jwt ();
|
||||
$payload = $jwt->decode ($token, $this->jwtServerKey);
|
||||
if (! key_exists ("email", $payload))
|
||||
return null;
|
||||
// The JWT was tested in authparams. End of process
|
||||
$this->email = $email;
|
||||
$this->email = $payload->email;
|
||||
$this->token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
|
||||
}
|
||||
|
||||
/** Return all the parameters recorded for the authenticate user */
|
||||
public function getdetails ()
|
||||
{
|
||||
if ($email === null)
|
||||
if ($this->email === null)
|
||||
return array ("lastname" => "anonymous",
|
||||
"firstname" => "",
|
||||
"email" => "anonymous");
|
||||
return array ("email" => $this->email);
|
||||
return array ("email" => $this->email,
|
||||
"bearer" => $this->token);
|
||||
}
|
||||
|
||||
/** Method to change the password : unavailable in SESSION auth
|
||||
|
||||
@@ -11,8 +11,6 @@ class authparams
|
||||
public $email = null;
|
||||
/** The password of the user when provided */
|
||||
public $password = null;
|
||||
/** The JSON Web Token Server key if used */
|
||||
public $jwtServerKey = null;
|
||||
|
||||
/** Parse the different authentication processes to found the email/password
|
||||
* of the user.
|
||||
@@ -116,22 +114,19 @@ class authparams
|
||||
/** Get the information from a JSON Web Token
|
||||
* The token MUST be set in HTTP Header :
|
||||
* Authorization: Bearer <token>
|
||||
* The real verification are done in authjwt, as we can not have the
|
||||
* jwtServerKey defined in property
|
||||
*/
|
||||
public function jwt ()
|
||||
// {{{
|
||||
{
|
||||
if (! isset ($_SERVER["HTTP_AUTHENTICATION"]))
|
||||
throw new \Exception ("No Authentication available", 401);
|
||||
if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer")
|
||||
if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer ")
|
||||
throw new \Exception ("No Bearer Authentication available", 401);
|
||||
$token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
|
||||
require_once ("domframework/jwt.php");
|
||||
$jwt = new jwt ();
|
||||
$payload = decode ($token, $this->jwtServerKey);
|
||||
if (! key_exists ("email", $payload))
|
||||
throw new \Exception ("Invalid JSON Web Token : no email provided", 403);
|
||||
return array ("email" => $payload["email"],
|
||||
"password" => "NONE IN JWT");
|
||||
return ["email" => "NOT YET VALID : TOKEN IN JWT",
|
||||
"password" => "NONE IN JWT"];
|
||||
}
|
||||
// }}}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user