From a79b59685fb5e6fa841583924b660654eaef9767 Mon Sep 17 00:00:00 2001 From: Dominique Fournier Date: Wed, 22 May 2019 19:42:02 +0000 Subject: [PATCH] authentication : allow to set a JSON Web Token if the authentication is valid. Remove it on logout. git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5279 bf3deb0d-5f1a-0410-827f-c0cc1f45334c --- authentication.php | 51 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/authentication.php b/authentication.php index 62d3bf0..073f442 100644 --- a/authentication.php +++ b/authentication.php @@ -42,6 +42,16 @@ class authentication /** The authentication methods. Can be ldap, sympa...*/ public $authMethods = array (); + /** The name of the JSON Web Token set in localStorage of the client browser + * if the authentication is valid. Will be used later by JS on client with + * Bearer authentication for REST API. + */ + public $jwtName = null; + + /** Add the server key used to create the JSON Web Token + */ + public $jwtServerKey = null; + /** The authentication servers configuration * array ("authXXXX"=>array ( * array ("ldapserver"=>"ldaps://annuaire.grenoble.cnrs.fr", @@ -69,10 +79,12 @@ class authentication * @param object $route The route object */ public function __construct ($route) + // {{{ { $this->route = $route; $this->loggingFunc = array ($this, "logging"); } + // }}} /* public function email () { @@ -84,6 +96,7 @@ class authentication * logout */ public function logout ($url = "") + // {{{ { if (session_id () === "") session_start (); @@ -96,6 +109,13 @@ class authentication "Logout for '".$param["email"]."'"); $authsession->logout (); unset ($_SESSION["domframework"]["authentication"]); + if ($this->jwtName !== null) + { + // Unset the JSON Web Token as the authentication + if ($this->route->debug) + echo "Unset the JSON Web Token '$this->jwtName'
\n"; + echo "\n"; + } if ($this->debug) echo "Redirect to authentication page"; if ($this->debug) $this->route->debug = $this->debug; if ($url === "" || $url === null) @@ -107,12 +127,14 @@ class authentication else $this->route->redirect ($url); } + // }}} /** Display the login page * @param string|null $url The url to be redirected after a valid * authentication */ public function pageHTML ($url = "") + // {{{ { // If the user is already connected, redirect to the main page of the site if (session_id () === "") @@ -133,12 +155,14 @@ class authentication echo $auth->pageHTML ($this->route->baseURL(), $message, $url, $alreadyAuth); } + // }}} /** Check the authentication page * @param string|null $url The url to be redirected after a valid * authentication */ public function verifAuthLoginPage ($url = "") + // {{{ { if (session_id () === "") session_start (); @@ -205,15 +229,33 @@ class authentication $session = new authsession (); $session->savedata ($authparams->email, $authparams->password, $res["lastname"], $res["firstname"]); + if ($this->jwtName !== null) + { + // Set the JSON Web Token as the authentication is valid + if ($this->jwtServerKey === null) + throw new \Exception ("No authentication::jwtServerKey provided", 500); + require_once ("domframework/jwt.php"); + $payloadArray = array(); + $payloadArray['nbf'] = date ("Y-m-d H:i:s"); + $payloadArray['exp'] = date ("Y-m-d H:i:s", time () + 86400); + $token = jwt::encode ($payloadArray, $this->jwtServerKey); + if ($this->route->debug) + echo "Set the JSON Web Token '$this->jwtName' with value '$token'". + "
\n"; + echo "\n"; + } if ($url === "") $this->route->redirect ("/", ""); else $this->route->redirect ("/$url", ""); } + // }}} /** Check all the REST API */ public function verifAuthREST () + // {{{ { if ($this->debug) echo "=== entering verifAuthREST (restMethods=". @@ -236,10 +278,12 @@ class authentication } return $res; } + // }}} /** Check all the others pages of the site */ public function verifAuthHTML () + // {{{ { // Do not force the session_start ! We don't want the cookie on all the // pages @@ -271,6 +315,7 @@ class authentication } return $res; } + // }}} /** Do the real authentication process on all the providers defined in the * properties of the class. @@ -281,6 +326,7 @@ class authentication * an exception if noting is found */ private function verifAuth ($email, $password) + // {{{ { if ($this->debug) echo "Entering in verifAuth ($email, xxxxxxxx)\n"; @@ -363,11 +409,13 @@ class authentication } return dgettext("domframework", "Bad login/password"); } + // }}} /** Add the authentication routes to the routing model for HTML * authentication. Not needed if using shibboleth, HTTP auth... */ public function routes () + // {{{ { $authObj = $this; $route=$this->route; @@ -402,6 +450,7 @@ class authentication ; $this->route->authenticationURL = "/authentication/"; } + // }}} /** The default method to display the error messages. * Do not display the debug messages, and write the errors on screen @@ -409,9 +458,11 @@ class authentication * @param string $message The message to log */ private function logging ($priority, $message) + // {{{ { if ($this->debug === 0 && $priority > 4) return; file_put_contents ("/tmp/auth.log", "$priority : $message\n", FILE_APPEND); } + // }}} }