diff --git a/authparams.php b/authparams.php index 96318ba..cc45075 100644 --- a/authparams.php +++ b/authparams.php @@ -11,6 +11,8 @@ class authparams public $email = null; /** The password of the user when provided */ public $password = null; + /** The method used to get the authentication data */ + public $method = null; /** Parse the different authentication processes to found the email/password * of the user. @@ -24,6 +26,7 @@ class authparams { $this->email = "cli"; $this->password = ""; + $this->method = null; } else { @@ -34,12 +37,14 @@ class authparams $res = $this->$authprocess(); $this->email = $res["email"]; $this->password = $res["password"]; + $this->method = $authprocess; break; } catch (\Exception $e) { $this->email = "anonymous"; $this->password = "anonymous"; + $this->method = null; } } } @@ -53,8 +58,8 @@ class authparams { if (!isset ($_POST["email"]) || !isset ($_POST["password"])) throw new \Exception ("No POST provided", 403); - return array ("email"=>trim ($_POST["email"]), - "password"=>$_POST["password"]); + return array ("email" => trim ($_POST["email"]), + "password" => $_POST["password"]); } // }}} @@ -63,13 +68,13 @@ class authparams public function session () // {{{ { - if (!isset ($_SESSION)) - throw new \Exception ("No session previously opened", 403); + if (!isset ($_SESSION) || session_id () === "") + session_start (); if (!isset ($_SESSION["domframework"]["auth"]["email"]) || !isset ($_SESSION["domframework"]["auth"]["password"])) throw new \Exception ("No previous email in session", 403); - return array ("email"=>$_SESSION["domframework"]["auth"]["email"], - "password"=>$_SESSION["domframework"]["auth"]["password"]); + return array ("email" => $_SESSION["domframework"]["auth"]["email"], + "password" => $_SESSION["domframework"]["auth"]["password"]); } // }}} @@ -78,9 +83,8 @@ class authparams public function http () // {{{ { - $realm = dgettext ("domframework", - "Restricted access"); - if (!isset($_SERVER['PHP_AUTH_USER'])) + $realm = dgettext ("domframework", "Restricted access"); + if (!isset ($_SERVER['PHP_AUTH_USER'])) { throw new \Exception ("No user defined in HTTP header", 401); //header("WWW-Authenticate: Basic realm=\"$realm\""); @@ -91,11 +95,11 @@ class authparams { if (! array_key_exists ("PHP_AUTH_PW", $_SERVER)) $_SERVER["PHP_AUTH_PW"] = null; - return array ("email"=>trim ($_SERVER["PHP_AUTH_USER"]), - "password"=>$_SERVER["PHP_AUTH_PW"]); + return array ("email" => trim ($_SERVER["PHP_AUTH_USER"]), + "password" => $_SERVER["PHP_AUTH_PW"]); } } - // }}} + // }}} /** Get the information from a shibboleth provider */ @@ -106,18 +110,18 @@ class authparams throw new \Exception ("No Shibboleth information available", 403); if (! isset ($_SERVER["mail"])) throw new \Exception ("No Shibboleth email provided", 403); - return array ("email"=>$_SERVER["mail"], - "password"=>"NONE IN SHIBBOLETH"); + return array ("email" => $_SERVER["mail"], + "password" => "NONE IN SHIBBOLETH"); } // }}} - /** Get the information from a JSON Web Token + /** Get the information from a Bearer Token * The token MUST be set in HTTP Header : * Authorization: Bearer * The real verification are done in authjwt, as we can not have the * jwtServerKey defined in property : the execution is done in constructor */ - public function jwt () + public function bearer () // {{{ { if (! isset ($_SERVER["HTTP_AUTHENTICATION"])) @@ -125,8 +129,8 @@ class authparams if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer ") throw new \Exception ("No Bearer Authentication available", 401); $token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7); - return ["email" => "NOT YET VALID : TOKEN IN JWT", - "password" => "NONE IN JWT"]; + return array ("email" => "NOT YET VALID : TOKEN IN JWT", + "password" => "NONE IN JWT"); } // }}} }