Dominique.Fournier/DomFramework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

authentication : allow to set a JSON Web Token if the authentication is valid. Remove it on logout.

Browse Source 
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5279 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
Dominique Fournier
2019-05-22 19:42:02 +00:00
parent 059f1383db
commit a79b59685f
1 changed files with 51 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
authentication.php
View File

@@ -42,6 +42,16 @@ class authentication
/** The authentication methods. Can be ldap, sympa...*/ /** The authentication methods. Can be ldap, sympa...*/
public $authMethods = array (); public $authMethods = array ();
/** The name of the JSON Web Token set in localStorage of the client browser
* if the authentication is valid. Will be used later by JS on client with
* Bearer authentication for REST API.
*/
public $jwtName = null;
/** Add the server key used to create the JSON Web Token
*/
public $jwtServerKey = null;
/** The authentication servers configuration /** The authentication servers configuration
* array ("authXXXX"=>array ( * array ("authXXXX"=>array (
* array ("ldapserver"=>"ldaps://annuaire.grenoble.cnrs.fr", * array ("ldapserver"=>"ldaps://annuaire.grenoble.cnrs.fr",
@@ -69,10 +79,12 @@ class authentication
* @param object $route The route object * @param object $route The route object
*/ */
public function __construct ($route) public function __construct ($route)
// {{{
{ {
$this->route = $route; $this->route = $route;
$this->loggingFunc = array ($this, "logging"); $this->loggingFunc = array ($this, "logging");
} }
// }}}
/* public function email () /* public function email ()
{ {
@@ -84,6 +96,7 @@ class authentication
* logout * logout
*/ */
public function logout ($url = "") public function logout ($url = "")
// {{{
{ {
if (session_id () === "") if (session_id () === "")
session_start (); session_start ();
@@ -96,6 +109,13 @@ class authentication
"Logout for '".$param["email"]."'"); "Logout for '".$param["email"]."'");
$authsession->logout (); $authsession->logout ();
unset ($_SESSION["domframework"]["authentication"]); unset ($_SESSION["domframework"]["authentication"]);
if ($this->jwtName !== null)
{
// Unset the JSON Web Token as the authentication
if ($this->route->debug)
echo "<tt>Unset the JSON Web Token '$this->jwtName'</tt><br/>\n";
echo "<script>localStorage.removeItem('$this->jwtName');</script>\n";
}
if ($this->debug) echo "Redirect to authentication page"; if ($this->debug) echo "Redirect to authentication page";
if ($this->debug) $this->route->debug = $this->debug; if ($this->debug) $this->route->debug = $this->debug;
if ($url === "" || $url === null) if ($url === "" || $url === null)
@@ -107,12 +127,14 @@ class authentication
else else
$this->route->redirect ($url); $this->route->redirect ($url);
} }
// }}}
/** Display the login page /** Display the login page
* @param string|null $url The url to be redirected after a valid * @param string|null $url The url to be redirected after a valid
* authentication * authentication
*/ */
public function pageHTML ($url = "") public function pageHTML ($url = "")
// {{{
{ {
// If the user is already connected, redirect to the main page of the site // If the user is already connected, redirect to the main page of the site
if (session_id () === "") if (session_id () === "")
@@ -133,12 +155,14 @@ class authentication
echo $auth->pageHTML ($this->route->baseURL(), $message, $url, echo $auth->pageHTML ($this->route->baseURL(), $message, $url,
$alreadyAuth); $alreadyAuth);
} }
// }}}
/** Check the authentication page /** Check the authentication page
* @param string|null $url The url to be redirected after a valid * @param string|null $url The url to be redirected after a valid
* authentication * authentication
*/ */
public function verifAuthLoginPage ($url = "") public function verifAuthLoginPage ($url = "")
// {{{
{ {
if (session_id () === "") if (session_id () === "")
session_start (); session_start ();
@@ -205,15 +229,33 @@ class authentication
$session = new authsession (); $session = new authsession ();
$session->savedata ($authparams->email, $authparams->password, $session->savedata ($authparams->email, $authparams->password,
$res["lastname"], $res["firstname"]); $res["lastname"], $res["firstname"]);
if ($this->jwtName !== null)
{
// Set the JSON Web Token as the authentication is valid
if ($this->jwtServerKey === null)
throw new \Exception ("No authentication::jwtServerKey provided", 500);
require_once ("domframework/jwt.php");
$payloadArray = array();
$payloadArray['nbf'] = date ("Y-m-d H:i:s");
$payloadArray['exp'] = date ("Y-m-d H:i:s", time () + 86400);
$token = jwt::encode ($payloadArray, $this->jwtServerKey);
if ($this->route->debug)
echo "<tt>Set the JSON Web Token '$this->jwtName' with value '$token'".
"</tt><br/>\n";
echo "<script>localStorage.setItem('$this->jwtName','$token');".
"</script>\n";
}
if ($url === "") if ($url === "")
$this->route->redirect ("/", ""); $this->route->redirect ("/", "");
else else
$this->route->redirect ("/$url", ""); $this->route->redirect ("/$url", "");
} }
// }}}
/** Check all the REST API /** Check all the REST API
*/ */
public function verifAuthREST () public function verifAuthREST ()
// {{{
{ {
if ($this->debug) if ($this->debug)
echo "=== entering verifAuthREST (restMethods=". echo "=== entering verifAuthREST (restMethods=".
@@ -236,10 +278,12 @@ class authentication
} }
return $res; return $res;
} }
// }}}
/** Check all the others pages of the site /** Check all the others pages of the site
*/ */
public function verifAuthHTML () public function verifAuthHTML ()
// {{{
{ {
// Do not force the session_start ! We don't want the cookie on all the // Do not force the session_start ! We don't want the cookie on all the
// pages // pages
@@ -271,6 +315,7 @@ class authentication
} }
return $res; return $res;
} }
// }}}
/** Do the real authentication process on all the providers defined in the /** Do the real authentication process on all the providers defined in the
* properties of the class. * properties of the class.
@@ -281,6 +326,7 @@ class authentication
* an exception if noting is found * an exception if noting is found
*/ */
private function verifAuth ($email, $password) private function verifAuth ($email, $password)
// {{{
{ {
if ($this->debug) if ($this->debug)
echo "Entering in verifAuth ($email, xxxxxxxx)\n"; echo "Entering in verifAuth ($email, xxxxxxxx)\n";
@@ -363,11 +409,13 @@ class authentication
} }
return dgettext("domframework", "Bad login/password"); return dgettext("domframework", "Bad login/password");
} }
// }}}
/** Add the authentication routes to the routing model for HTML /** Add the authentication routes to the routing model for HTML
* authentication. Not needed if using shibboleth, HTTP auth... * authentication. Not needed if using shibboleth, HTTP auth...
*/ */
public function routes () public function routes ()
// {{{
{ {
$authObj = $this; $authObj = $this;
$route=$this->route; $route=$this->route;
@@ -402,6 +450,7 @@ class authentication
; ;
$this->route->authenticationURL = "/authentication/"; $this->route->authenticationURL = "/authentication/";
} }
// }}}
/** The default method to display the error messages. /** The default method to display the error messages.
* Do not display the debug messages, and write the errors on screen * Do not display the debug messages, and write the errors on screen
@@ -409,9 +458,11 @@ class authentication
* @param string $message The message to log * @param string $message The message to log
*/ */
private function logging ($priority, $message) private function logging ($priority, $message)
// {{{
{ {
if ($this->debug === 0 && $priority > 4) if ($this->debug === 0 && $priority > 4)
return; return;
file_put_contents ("/tmp/auth.log", "$priority : $message\n", FILE_APPEND); file_put_contents ("/tmp/auth.log", "$priority : $message\n", FILE_APPEND);
} }
// }}}
} }