Dominique.Fournier/DomFramework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

JSON Web Token is now in authentication process

Browse Source 
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5288 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
Dominique Fournier
2019-05-24 13:30:22 +00:00
parent 5829288988
commit 18ba0f6b20
3 changed files with 65 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
authentication.php
View File

@@ -99,6 +99,20 @@ class authentication
return $this->email; return $this->email;
}*/ }*/
/** Setter/Getter for debug
* @param integer|null $debug The debug value to get/set
* @return the actual value or this
*/
public function debug ($debug = null)
// {{{
{
if ($debug === null)
return $this->debug;
$this->debug = intval ($debug);
return $this;
}
// }}}
/** Disconnect the user /** Disconnect the user
* @param string|null $url The url to be redirected after a valid * @param string|null $url The url to be redirected after a valid
* logout * logout
@@ -106,6 +120,7 @@ class authentication
public function logout ($url = "") public function logout ($url = "")
// {{{ // {{{
{ {
// TODO : Foreach authentication methods->logout ();
if (session_id () === "") if (session_id () === "")
session_start (); session_start ();
if ($this->debug) echo "<pre>LOGOUT\n"; if ($this->debug) echo "<pre>LOGOUT\n";
@@ -117,7 +132,7 @@ class authentication
"Logout for '".$param["email"]."'"); "Logout for '".$param["email"]."'");
$authsession->logout (); $authsession->logout ();
unset ($_SESSION["domframework"]["authentication"]); unset ($_SESSION["domframework"]["authentication"]);
if ($this->jwtName !== null) if ($this->jwtServerKey !== null)
{ {
// Unset the JSON Web Token as the authentication // Unset the JSON Web Token as the authentication
if ($this->route->debug) if ($this->route->debug)
@@ -149,7 +164,6 @@ class authentication
session_start (); session_start ();
$auth = new auth (); $auth = new auth ();
$authparams = new authparams (array ("session")); $authparams = new authparams (array ("session"));
$authparams->jwtServerKey = $this->jwtServerKey;
if (isset ($_SESSION["domframework"]["authentication"]["message"])) if (isset ($_SESSION["domframework"]["authentication"]["message"]))
$message = $_SESSION["domframework"]["authentication"]["message"]; $message = $_SESSION["domframework"]["authentication"]["message"];
else else
@@ -241,16 +255,7 @@ class authentication
if ($this->jwtServerKey !== null) if ($this->jwtServerKey !== null)
{ {
// Set the JSON Web Token as the authentication is valid // Set the JSON Web Token as the authentication is valid
require_once ("domframework/jwt.php"); $token = $this->createJwtToken ($authparams->email);
$payloadArray = array();
$payloadArray['nbf'] = gmdate ("Y-m-d H:i:s");
$payloadArray["email"] = $authparams->email;
$jwt = new jwt ();
$token = $jwt->encode ($payloadArray, $this->jwtServerKey,
$this->jwtAlgorithm);
if ($this->route->debug)
echo "<tt>Set the JSON Web Token '$this->jwtName' with value '$token'".
"</tt><br/>\n";
echo "<script>localStorage.setItem('$this->jwtName','$token');". echo "<script>localStorage.setItem('$this->jwtName','$token');".
"</script>\n"; "</script>\n";
} }
@@ -262,6 +267,7 @@ class authentication
// }}} // }}}
/** Check all the REST API /** Check all the REST API
* @return array The details provided by the authentication mecanism
*/ */
public function verifAuthREST () public function verifAuthREST ()
// {{{ // {{{
@@ -270,7 +276,6 @@ class authentication
echo "=== entering verifAuthREST (restMethods=". echo "=== entering verifAuthREST (restMethods=".
print_r ($this->restMethods, true).")\n"; print_r ($this->restMethods, true).")\n";
$authparams = new authparams ($this->restMethods); $authparams = new authparams ($this->restMethods);
$authparams->jwtServerKey = $this->jwtServerKey;
$res = array ("email"=>"anonymous", "password"=>"anonymous"); $res = array ("email"=>"anonymous", "password"=>"anonymous");
if ($authparams->email !== "anonymous" && if ($authparams->email !== "anonymous" &&
$authparams->password !== "anonymous") $authparams->password !== "anonymous")
@@ -290,7 +295,27 @@ class authentication
} }
// }}} // }}}
/** Return the JSON Web Token
*/
public function createJwtToken ($email)
// {{{
{
if ($this->jwtServerKey !== null)
{
// Set the JSON Web Token as the authentication is valid
require_once ("domframework/jwt.php");
$payloadArray = array();
$payloadArray["email"] = $email;
$jwt = new jwt ();
$token = $jwt->encode ($payloadArray, $this->jwtServerKey,
$this->jwtAlgorithm);
return $token;
}
}
// }}}
/** Check all the others pages of the site /** Check all the others pages of the site
* @return array The details provided by the authentication mecanism
*/ */
public function verifAuthHTML () public function verifAuthHTML ()
// {{{ // {{{
@@ -301,7 +326,6 @@ class authentication
echo "=== entering verifAuthHTML (htmlMethods=". echo "=== entering verifAuthHTML (htmlMethods=".
print_r ($this->htmlMethods, true).")\n"; print_r ($this->htmlMethods, true).")\n";
$authparams = new authparams ($this->htmlMethods); $authparams = new authparams ($this->htmlMethods);
$authparams->jwtServerKey = $this->jwtServerKey;
// Don't ask to the provider if anonymous is known // Don't ask to the provider if anonymous is known
if ($authparams->email === "anonymous" || $authparams->email === null) if ($authparams->email === "anonymous" || $authparams->email === null)
{ {

26
authjwt.php
View File

@@ -4,12 +4,23 @@
* @author Dominique Fournier <dominique@fournier38.fr> * @author Dominique Fournier <dominique@fournier38.fr>
*/ */
require_once ("domframework/jwt.php");
/** User authentication against JSON Web Token */ /** User authentication against JSON Web Token */
class authjwt extends auth class authjwt extends auth
{ {
/** The JSON Web Token Server key if used
*/
public $jwtServerKey = null;
/** If the user is valid, return the email in details /** If the user is valid, return the email in details
*/ */
private $email = null; private $email = null;
/** Save the token
*/
private $token = null;
/** No connection to JWT */ /** No connection to JWT */
public function connect () public function connect ()
// {{{ // {{{
@@ -26,20 +37,27 @@ class authjwt extends auth
{ {
if (! isset ($_SERVER["HTTP_AUTHENTICATION"])) if (! isset ($_SERVER["HTTP_AUTHENTICATION"]))
throw new \Exception ("No Authentication available", 401); throw new \Exception ("No Authentication available", 401);
if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer") if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer ")
throw new \Exception ("No Bearer Authentication available", 401); throw new \Exception ("No Bearer Authentication available", 401);
$token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
$jwt = new jwt ();
$payload = $jwt->decode ($token, $this->jwtServerKey);
if (! key_exists ("email", $payload))
return null;
// The JWT was tested in authparams. End of process // The JWT was tested in authparams. End of process
$this->email = $email; $this->email = $payload->email;
$this->token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
} }
/** Return all the parameters recorded for the authenticate user */ /** Return all the parameters recorded for the authenticate user */
public function getdetails () public function getdetails ()
{ {
if ($email === null) if ($this->email === null)
return array ("lastname" => "anonymous", return array ("lastname" => "anonymous",
"firstname" => "", "firstname" => "",
"email" => "anonymous"); "email" => "anonymous");
return array ("email" => $this->email); return array ("email" => $this->email,
"bearer" => $this->token);
} }
/** Method to change the password : unavailable in SESSION auth /** Method to change the password : unavailable in SESSION auth

15
authparams.php
View File

@@ -11,8 +11,6 @@ class authparams
public $email = null; public $email = null;
/** The password of the user when provided */ /** The password of the user when provided */
public $password = null; public $password = null;
/** The JSON Web Token Server key if used */
public $jwtServerKey = null;
/** Parse the different authentication processes to found the email/password /** Parse the different authentication processes to found the email/password
* of the user. * of the user.
@@ -116,22 +114,19 @@ class authparams
/** Get the information from a JSON Web Token /** Get the information from a JSON Web Token
* The token MUST be set in HTTP Header : * The token MUST be set in HTTP Header :
* Authorization: Bearer <token> * Authorization: Bearer <token>
* The real verification are done in authjwt, as we can not have the
* jwtServerKey defined in property
*/ */
public function jwt () public function jwt ()
// {{{ // {{{
{ {
if (! isset ($_SERVER["HTTP_AUTHENTICATION"])) if (! isset ($_SERVER["HTTP_AUTHENTICATION"]))
throw new \Exception ("No Authentication available", 401); throw new \Exception ("No Authentication available", 401);
if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer") if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer ")
throw new \Exception ("No Bearer Authentication available", 401); throw new \Exception ("No Bearer Authentication available", 401);
$token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7); $token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
require_once ("domframework/jwt.php"); return ["email" => "NOT YET VALID : TOKEN IN JWT",
$jwt = new jwt (); "password" => "NONE IN JWT"];
$payload = decode ($token, $this->jwtServerKey);
if (! key_exists ("email", $payload))
throw new \Exception ("Invalid JSON Web Token : no email provided", 403);
return array ("email" => $payload["email"],
"password" => "NONE IN JWT");
} }
// }}} // }}}
} }