Rename all the files to camelCase and update the class name in the files

src/Authjwt.php

@@ -0,0 +1,184 @@
+<?php
+/** DomFramework
+  * @package domframework
+  * @author Dominique Fournier <dominique@fournier38.fr>
+  * @license BSD
+  */
+
+namespace Domframework;
+
+ /*
+  * To use it, the $serverKey must be defined. It can be created by example,
+  * by using $serverKey = sha1 (microtime (true));
+  */
+class Authjwt extends Auth
+{
+  // PROPERTIES SET BY AUTH
+  /** The JSON Web Token Server key if used
+    */
+  public $serverKey = null;
+
+  /** The cipher key to decrypt the token
+    */
+  public $cipherKey = null;
+
+  /** The allowed algorithms in array format
+    * If null, all the algorithms are allowed
+    * allowed : ['HS256', 'HS512', 'HS384']
+    */
+  public $allowedAlg = null;
+
+  /** The algorithm to use, in $allowedAlg list
+    */
+  public $algorithm = "HS256";
+
+  /** The directory to store the user credentials
+    */
+  public $cacheDir = "data/jwtCache";
+
+  // INTERNAL PROPERTIES
+  /** If the user is valid, return the payload in details
+    */
+  private $payload = null;
+
+  /** Save the token
+    */
+  private $token = null;
+
+  /** No connection to JWT
+    */
+  public function connect ()
+  // {{{
+  {
+    return TRUE;
+  }
+  // }}}
+
+  /** Try to authenticate the email/password of the user
+    * If the token is valid, return all the data available in payload. Can
+    * return a value without email attribute !
+    * @param string $email Email not used (wait for Bearer)
+    * @param string $password Password not used (wait for Bearer)
+    */
+  public function authentication ($email, $password)
+  // {{{
+  {
+    if (! isset ($_SERVER["HTTP_AUTHENTICATION"]))
+      throw new \Exception (dgettext ("domframework",
+      "No Authentication available"), 401);
+    if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer ")
+      throw new \Exception (dgettext ("domframework",
+      "No Bearer Authentication available"), 401);
+    $token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
+    $jwt = new jwt ();
+    $uuid = $jwt->decode ($token, $this->serverKey, $this->allowedAlg,
+      $this->cipherKey);
+    $cachefile = new cachefile ();
+    $cachefile->directory = $this->cacheDir;
+    $payload = $cachefile->read ((string)$uuid);
+    // The JWT was tested in authparams. End of process
+    if (empty ($uuid) || empty ($payload) || ! key_exists ("email", $payload))
+    {
+      return array ("lastname"  => "anonymous",
+                    "firstname" => "",
+                    "email"     => "anonymous");
+    }
+    $this->payload = $payload;
+    return $payload;
+  }
+  // }}}
+
+  /** Return all the parameters recorded for the authenticate user
+    */
+  public function getdetails ()
+  // {{{
+  {
+    if (! is_array ($this->payload) ||
+        key_exists ("email", $this->payload) &&
+        $this->payload["email"] === "anonymous")
+      return array ("lastname"  => "anonymous",
+                    "firstname" => "",
+                    "email"     => "anonymous");
+    return $this->payload;
+  }
+  // }}}
+
+  /** Save the auth data in cache directory and return the JWT token
+    * Do not allow to store data if the $auth is anonymous
+    * @param array $auth The authentication to save
+    * @return JWT token string
+    */
+  public function createJwtToken ($auth)
+  // {{{
+  {
+    if ($this->serverKey === null)
+      return "";
+    if (! key_exists ("email", $auth))
+      throw new \Exception (dgettext ("domframework",
+      "AuthJWT : No email available in auth"), 403);
+    if ($auth["email"] === "anonymous")
+      throw new \Exception (dgettext ("domframework",
+      "AuthJWT : can not create token for anonymous"), 403);
+    $uuid = uuid::uuid4 ();
+    $cachefile = new cachefile ();
+    $cachefile->directory = $this->cacheDir;
+    $cachefile->write ($uuid, $auth);
+    $jwt = new jwt ();
+    return $jwt->encode ($uuid,
+        $this->serverKey, $this->algorithm, $this->cipherKey);
+  }
+  // }}}
+
+  /** Method to change the password : unavailable in SESSION auth
+    * @param string $oldpassword The old password (to check if the user have the
+    * rights to change the password)
+    * @param string $newpassword The new password to be recorded
+    */
+  public function changepassword ($oldpassword, $newpassword)
+  // {{{
+  {
+    throw new \Exception (dgettext ("domframework",
+    "The password can't be change for JWT users"), 405);
+  }
+  // }}}
+
+  /** Method to overwrite the password (without oldpassword check)
+    * Must be reserved to the administrators. For the users, use changepassword
+    * method
+    * @param string $email the user identifier to select
+    * @param string $newpassword The new password to be recorded
+    */
+  public function overwritepassword ($email, $newpassword)
+  // {{{
+  {
+    throw new \Exception (dgettext ("domframework",
+    "The password can't be overwrite for JWT users"), 405);
+  }
+  // }}}
+
+  /** Remove the information from the session
+    */
+  public function logout ()
+  // {{{
+  {
+    if (! isset ($_SERVER["HTTP_AUTHENTICATION"]))
+      throw new \Exception (dgettext ("domframework",
+      "No Authentication available"), 401);
+    if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer ")
+      throw new \Exception (dgettext ("domframework",
+      "No Bearer Authentication available"), 401);
+    $token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
+    $jwt = new jwt ();
+    $uuid = $jwt->decode ($token, $this->serverKey, $this->allowedAlg,
+      $this->cipherKey);
+    $cachefile = new cachefile ();
+    $cachefile->directory = $this->cacheDir;
+    $payload = $cachefile->read ((string)$uuid);
+    if (empty ($uuid) || empty ($payload) || ! key_exists ("email", $payload))
+      throw new \Exception (dgettext ("domframework",
+      "Can not found the token : no logout"), 403);
+    $cachefile->delete ($uuid);
+    return true;
+  }
+  // }}}
+}