authparams : Add JSON Web Token support

git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5286 bf3deb0d-5f1a-0410-827f-c0cc1f45334c

authparams.php

@@ -11,6 +11,8 @@ class authparams
   public $email = null;
   /** The password of the user when provided */
   public $password = null;
+  /** The JSON Web Token Server key if used */
+  public $jwtServerKey = null;
 
   /** Parse the different authentication processes to found the email/password
     * of the user.
@@ -18,6 +20,7 @@ class authparams
     * @param array|null $authprocesses The authentication process to use
     */
   public function __construct ($authprocesses = array ("session", "post"))
+  // {{{
   {
     if (php_sapi_name () === "cli")
     {
@@ -43,30 +46,39 @@ class authparams
       }
     }
   }
+  // }}}
 
-  /** Get information from $POST variables */
-  public function post()
+  /** Get information from $POST variables
+    */
+  public function post ()
+  // {{{
   {
     if (!isset ($_POST["email"]) || !isset ($_POST["password"]))
-      throw new \Exception ("No POST provided", 401);
+      throw new \Exception ("No POST provided", 403);
     return array ("email"=>trim ($_POST["email"]),
                   "password"=>$_POST["password"]);
   }
+  // }}}
 
-  /** Get information from previous recorded session */
-  public function session()
+  /** Get information from previous recorded session
+    */
+  public function session ()
+  // {{{
   {
     if (!isset ($_SESSION))
-      throw new \Exception ("No session previously opened", 401);
+      throw new \Exception ("No session previously opened", 403);
     if (!isset ($_SESSION["domframework"]["auth"]["email"]) ||
         !isset ($_SESSION["domframework"]["auth"]["password"]))
-      throw new \Exception ("No previous email in session", 401);
+      throw new \Exception ("No previous email in session", 403);
     return array ("email"=>$_SESSION["domframework"]["auth"]["email"],
                   "password"=>$_SESSION["domframework"]["auth"]["password"]);
   }
+  // }}}
 
-  /** Get information from a HTTP authentication */
-  public function http()
+  /** Get information from a HTTP authentication
+    */
+  public function http ()
+  // {{{
   {
     $realm = dgettext ("domframework",
                       "Restricted access");
@@ -85,15 +97,41 @@ class authparams
                     "password"=>$_SERVER["PHP_AUTH_PW"]);
     }
   }
+  // }}}
 
-  /** Get the information from a shibboleth provider */
+  /** Get the information from a shibboleth provider
+    */
   public function shibboleth ()
+  // {{{
   {
     if (! isset ($_SERVER["Shib-Session-ID"]))
-      throw new \Exception ("No Shibboleth information available", 401);
+      throw new \Exception ("No Shibboleth information available", 403);
     if (! isset ($_SERVER["mail"]))
-      throw new \Exception ("No Shibboleth email provided", 401);
+      throw new \Exception ("No Shibboleth email provided", 403);
     return array ("email"=>$_SERVER["mail"],
                   "password"=>"NONE IN SHIBBOLETH");
   }
+  // }}}
+
+  /** Get the information from a JSON Web Token
+    * The token MUST be set in HTTP Header :
+    *     Authorization: Bearer <token>
+    */
+  public function jwt ()
+  // {{{
+  {
+    if (! isset ($_SERVER["HTTP_AUTHENTICATION"]))
+      throw new \Exception ("No Authentication available", 401);
+    if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer")
+      throw new \Exception ("No Bearer Authentication available", 401);
+    $token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
+    require_once ("domframework/jwt.php");
+    $jwt = new jwt ();
+    $payload = decode ($token, $this->jwtServerKey);
+    if (! key_exists ("email", $payload))
+      throw new \Exception ("Invalid JSON Web Token : no email provided", 403);
+    return array ("email"    => $payload["email"],
+                  "password" => "NONE IN JWT");
+  }
+  // }}}
 }