autjwt : manage correctely if the authentication is invalid with a reject
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5787 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
44
authjwt.php
44
authjwt.php
@@ -12,13 +12,25 @@ require_once ("domframework/jwt.php");
|
||||
*/
|
||||
class authjwt extends auth
|
||||
{
|
||||
// PROPERTIES SET BY AUTH
|
||||
/** The JSON Web Token Server key if used
|
||||
*/
|
||||
public $serverKey = null;
|
||||
|
||||
/** If the user is valid, return the email in details
|
||||
/** The cipher key to decrypt the token
|
||||
*/
|
||||
private $email = null;
|
||||
public $cipherKey = null;
|
||||
|
||||
/** The allowed algorithms in array format
|
||||
* If null, all the algorithms are allowed
|
||||
* allowed : ['HS256', 'HS512', 'HS384']
|
||||
*/
|
||||
public $allowedAlg = null;
|
||||
|
||||
// INTERNAL PROPERTIES
|
||||
/** If the user is valid, return the payload in details
|
||||
*/
|
||||
private $payload = null;
|
||||
|
||||
/** Save the token
|
||||
*/
|
||||
@@ -44,23 +56,26 @@ class authjwt extends auth
|
||||
throw new \Exception ("No Bearer Authentication available", 401);
|
||||
$token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
|
||||
$jwt = new jwt ();
|
||||
$payload = $jwt->decode ($token, $this->serverKey);
|
||||
if (! key_exists ("email", $payload))
|
||||
return null;
|
||||
$payload = $jwt->decode ($token, $this->serverKey, $this->allowedAlg,
|
||||
$this->cipherKey);
|
||||
// The JWT was tested in authparams. End of process
|
||||
$this->email = $payload->email;
|
||||
$this->token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
|
||||
if (! empty ($payload))
|
||||
{
|
||||
$this->payload = $payload;
|
||||
$this->payload["bearer"] = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
|
||||
}
|
||||
if (! key_exists ("email", $this->payload))
|
||||
throw new \Exception ("No email available in Bearer", 403);
|
||||
}
|
||||
|
||||
/** Return all the parameters recorded for the authenticate user */
|
||||
public function getdetails ()
|
||||
{
|
||||
if ($this->email === null)
|
||||
if ($this->payload === null)
|
||||
return array ("lastname" => "anonymous",
|
||||
"firstname" => "",
|
||||
"email" => "anonymous");
|
||||
return array ("email" => $this->email,
|
||||
"bearer" => $this->token);
|
||||
return $this->payload;
|
||||
}
|
||||
|
||||
/** Method to change the password : unavailable in SESSION auth
|
||||
@@ -71,8 +86,7 @@ class authjwt extends auth
|
||||
public function changepassword ($oldpassword, $newpassword)
|
||||
{
|
||||
throw new \Exception (dgettext ("domframework",
|
||||
"The password can't be change for JWT users"),
|
||||
405);
|
||||
"The password can't be change for JWT users"), 405);
|
||||
}
|
||||
|
||||
/** Method to overwrite the password (without oldpassword check)
|
||||
@@ -84,15 +98,13 @@ class authjwt extends auth
|
||||
public function overwritepassword ($email, $newpassword)
|
||||
{
|
||||
throw new \Exception (dgettext ("domframework",
|
||||
"The password can't be overwrite for JWT users"),
|
||||
405);
|
||||
"The password can't be overwrite for JWT users"), 405);
|
||||
}
|
||||
|
||||
/** Remove the information from the session */
|
||||
public function logout ()
|
||||
{
|
||||
throw new \Exception (dgettext ("domframework",
|
||||
"The logout is not available for JWT users"),
|
||||
405);
|
||||
"The logout is not available for JWT users"), 405);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user