Add authentication by JSON Web Token
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5287 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
@@ -28,12 +28,14 @@ class authentication
|
||||
/** Directory to store the ratelimit files */
|
||||
public $ratelimitDir = "/tmp/ratelimit/";
|
||||
|
||||
/** The rest authentication methods. Can be http, session, post.
|
||||
/** The rest authentication methods. Can be post, session, http, shibboleth,
|
||||
* jwt
|
||||
* Attention : session case = CSRF !
|
||||
*/
|
||||
public $restMethods = array ("http");
|
||||
public $restMethods = array ("http", "jwt");
|
||||
|
||||
/** The html authentication methods. Can be http, session, post
|
||||
/** The html authentication methods. Can be : post, session, http, shibboleth,
|
||||
* jwt
|
||||
* The "post" is already used when using verifAuthLoginPage method (usually
|
||||
* only in authentication page)
|
||||
*/
|
||||
@@ -42,15 +44,21 @@ class authentication
|
||||
/** The authentication methods. Can be ldap, sympa...*/
|
||||
public $authMethods = array ();
|
||||
|
||||
/** Add the server key used to create the JSON Web Token.
|
||||
* Without it, the JWT is not added to the valid authentication page
|
||||
*/
|
||||
public $jwtServerKey = null;
|
||||
|
||||
/** The name of the JSON Web Token set in localStorage of the client browser
|
||||
* if the authentication is valid. Will be used later by JS on client with
|
||||
* Bearer authentication for REST API.
|
||||
*/
|
||||
public $jwtName = null;
|
||||
public $jwtName = "DFKJWT";
|
||||
|
||||
/** Add the server key used to create the JSON Web Token
|
||||
/** The JST Algorithm used to sign the JWT
|
||||
* Allowed algorithms : HS256, HS512, HS384
|
||||
*/
|
||||
public $jwtServerKey = null;
|
||||
public $jwtAlgorithm = "HS256";
|
||||
|
||||
/** The authentication servers configuration
|
||||
* array ("authXXXX" => array (
|
||||
@@ -140,15 +148,16 @@ class authentication
|
||||
if (session_id () === "")
|
||||
session_start ();
|
||||
$auth = new auth ();
|
||||
$pre = new authparams (array ("session"));
|
||||
$authparams = new authparams (array ("session"));
|
||||
$authparams->jwtServerKey = $this->jwtServerKey;
|
||||
if (isset ($_SESSION["domframework"]["authentication"]["message"]))
|
||||
$message = $_SESSION["domframework"]["authentication"]["message"];
|
||||
else
|
||||
$message = "";
|
||||
unset ($_SESSION["domframework"]["authentication"]["message"]);
|
||||
$alreadyAuth = false;
|
||||
if ($pre->email !== "anonymous")
|
||||
$alreadyAuth = $pre->email;
|
||||
if ($authparams->email !== "anonymous")
|
||||
$alreadyAuth = $authparams->email;
|
||||
if ($this->appName !== null)
|
||||
$auth->appName = $this->appName;
|
||||
@header ('X-Frame-Options: SAMEORIGIN');
|
||||
@@ -229,16 +238,16 @@ class authentication
|
||||
$session = new authsession ();
|
||||
$session->savedata ($authparams->email, $authparams->password,
|
||||
$res["lastname"], $res["firstname"]);
|
||||
if ($this->jwtName !== null)
|
||||
if ($this->jwtServerKey !== null)
|
||||
{
|
||||
// Set the JSON Web Token as the authentication is valid
|
||||
if ($this->jwtServerKey === null)
|
||||
throw new \Exception ("No authentication::jwtServerKey provided", 500);
|
||||
require_once ("domframework/jwt.php");
|
||||
$payloadArray = array();
|
||||
$payloadArray['nbf'] = date ("Y-m-d H:i:s");
|
||||
$payloadArray['exp'] = date ("Y-m-d H:i:s", time () + 86400);
|
||||
$token = jwt::encode ($payloadArray, $this->jwtServerKey);
|
||||
$payloadArray['nbf'] = gmdate ("Y-m-d H:i:s");
|
||||
$payloadArray["email"] = $authparams->email;
|
||||
$jwt = new jwt ();
|
||||
$token = $jwt->encode ($payloadArray, $this->jwtServerKey,
|
||||
$this->jwtAlgorithm);
|
||||
if ($this->route->debug)
|
||||
echo "<tt>Set the JSON Web Token '$this->jwtName' with value '$token'".
|
||||
"</tt><br/>\n";
|
||||
@@ -261,6 +270,7 @@ class authentication
|
||||
echo "=== entering verifAuthREST (restMethods=".
|
||||
print_r ($this->restMethods, true).")\n";
|
||||
$authparams = new authparams ($this->restMethods);
|
||||
$authparams->jwtServerKey = $this->jwtServerKey;
|
||||
$res = array ("email"=>"anonymous", "password"=>"anonymous");
|
||||
if ($authparams->email !== "anonymous" &&
|
||||
$authparams->password !== "anonymous")
|
||||
@@ -291,6 +301,7 @@ class authentication
|
||||
echo "=== entering verifAuthHTML (htmlMethods=".
|
||||
print_r ($this->htmlMethods, true).")\n";
|
||||
$authparams = new authparams ($this->htmlMethods);
|
||||
$authparams->jwtServerKey = $this->jwtServerKey;
|
||||
// Don't ask to the provider if anonymous is known
|
||||
if ($authparams->email === "anonymous" || $authparams->email === null)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user