Dominique.Fournier/DomFramework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

authparams : add the method used to matche the user

Browse Source 
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5292 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
Dominique Fournier
2019-05-25 22:46:34 +00:00
parent 3076e88e43
commit e8517ea495
1 changed files with 22 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
authparams.php
View File

@@ -11,6 +11,8 @@ class authparams
public $email = null; public $email = null;
/** The password of the user when provided */ /** The password of the user when provided */
public $password = null; public $password = null;
/** The method used to get the authentication data */
public $method = null;
/** Parse the different authentication processes to found the email/password /** Parse the different authentication processes to found the email/password
* of the user. * of the user.
@@ -24,6 +26,7 @@ class authparams
{ {
$this->email = "cli"; $this->email = "cli";
$this->password = ""; $this->password = "";
$this->method = null;
} }
else else
{ {
@@ -34,12 +37,14 @@ class authparams
$res = $this->$authprocess(); $res = $this->$authprocess();
$this->email = $res["email"]; $this->email = $res["email"];
$this->password = $res["password"]; $this->password = $res["password"];
$this->method = $authprocess;
break; break;
} }
catch (\Exception $e) catch (\Exception $e)
{ {
$this->email = "anonymous"; $this->email = "anonymous";
$this->password = "anonymous"; $this->password = "anonymous";
$this->method = null;
} }
} }
} }
@@ -53,8 +58,8 @@ class authparams
{ {
if (!isset ($_POST["email"]) || !isset ($_POST["password"])) if (!isset ($_POST["email"]) || !isset ($_POST["password"]))
throw new \Exception ("No POST provided", 403); throw new \Exception ("No POST provided", 403);
return array ("email"=>trim ($_POST["email"]), return array ("email" => trim ($_POST["email"]),
"password"=>$_POST["password"]); "password" => $_POST["password"]);
} }
// }}} // }}}
@@ -63,13 +68,13 @@ class authparams
public function session () public function session ()
// {{{ // {{{
{ {
if (!isset ($_SESSION)) if (!isset ($_SESSION) || session_id () === "")
throw new \Exception ("No session previously opened", 403); session_start ();
if (!isset ($_SESSION["domframework"]["auth"]["email"]) || if (!isset ($_SESSION["domframework"]["auth"]["email"]) ||
!isset ($_SESSION["domframework"]["auth"]["password"])) !isset ($_SESSION["domframework"]["auth"]["password"]))
throw new \Exception ("No previous email in session", 403); throw new \Exception ("No previous email in session", 403);
return array ("email"=>$_SESSION["domframework"]["auth"]["email"], return array ("email" => $_SESSION["domframework"]["auth"]["email"],
"password"=>$_SESSION["domframework"]["auth"]["password"]); "password" => $_SESSION["domframework"]["auth"]["password"]);
} }
// }}} // }}}
@@ -78,9 +83,8 @@ class authparams
public function http () public function http ()
// {{{ // {{{
{ {
$realm = dgettext ("domframework", $realm = dgettext ("domframework", "Restricted access");
"Restricted access"); if (!isset ($_SERVER['PHP_AUTH_USER']))
if (!isset($_SERVER['PHP_AUTH_USER']))
{ {
throw new \Exception ("No user defined in HTTP header", 401); throw new \Exception ("No user defined in HTTP header", 401);
//header("WWW-Authenticate: Basic realm=\"$realm\""); //header("WWW-Authenticate: Basic realm=\"$realm\"");
@@ -91,11 +95,11 @@ class authparams
{ {
if (! array_key_exists ("PHP_AUTH_PW", $_SERVER)) if (! array_key_exists ("PHP_AUTH_PW", $_SERVER))
$_SERVER["PHP_AUTH_PW"] = null; $_SERVER["PHP_AUTH_PW"] = null;
return array ("email"=>trim ($_SERVER["PHP_AUTH_USER"]), return array ("email" => trim ($_SERVER["PHP_AUTH_USER"]),
"password"=>$_SERVER["PHP_AUTH_PW"]); "password" => $_SERVER["PHP_AUTH_PW"]);
} }
} }
// }}} // }}}
/** Get the information from a shibboleth provider /** Get the information from a shibboleth provider
*/ */
@@ -106,18 +110,18 @@ class authparams
throw new \Exception ("No Shibboleth information available", 403); throw new \Exception ("No Shibboleth information available", 403);
if (! isset ($_SERVER["mail"])) if (! isset ($_SERVER["mail"]))
throw new \Exception ("No Shibboleth email provided", 403); throw new \Exception ("No Shibboleth email provided", 403);
return array ("email"=>$_SERVER["mail"], return array ("email" => $_SERVER["mail"],
"password"=>"NONE IN SHIBBOLETH"); "password" => "NONE IN SHIBBOLETH");
} }
// }}} // }}}
/** Get the information from a JSON Web Token /** Get the information from a Bearer Token
* The token MUST be set in HTTP Header : * The token MUST be set in HTTP Header :
* Authorization: Bearer <token> * Authorization: Bearer <token>
* The real verification are done in authjwt, as we can not have the * The real verification are done in authjwt, as we can not have the
* jwtServerKey defined in property : the execution is done in constructor * jwtServerKey defined in property : the execution is done in constructor
*/ */
public function jwt () public function bearer ()
// {{{ // {{{
{ {
if (! isset ($_SERVER["HTTP_AUTHENTICATION"])) if (! isset ($_SERVER["HTTP_AUTHENTICATION"]))
@@ -125,8 +129,8 @@ class authparams
if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer ") if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer ")
throw new \Exception ("No Bearer Authentication available", 401); throw new \Exception ("No Bearer Authentication available", 401);
$token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7); $token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
return ["email" => "NOT YET VALID : TOKEN IN JWT", return array ("email" => "NOT YET VALID : TOKEN IN JWT",
"password" => "NONE IN JWT"]; "password" => "NONE IN JWT");
} }
// }}} // }}}
} }