<?php
/** DomFramework
  * @package domframework
  * @author Dominique Fournier <dominique@fournier38.fr>
  */

require_once ("domframework/jwt.php");

/** User authentication against JSON Web Token */
class authjwt extends auth
{
  /** The JSON Web Token Server key if used
    */
  public $jwtServerKey = null;

  /** If the user is valid, return the email in details
    */
  private $email = null;

  /** Save the token
    */
  private $token = null;

  /** No connection to JWT */
  public function connect ()
  // {{{
  {
    return TRUE;
  }
  // }}}

  /** Try to authenticate the email/password of the user
    * @param string $email Email to authenticate
    * @param string $password Password to authenticate
    */
  public function authentication ($email, $password)
  {
    if (! isset ($_SERVER["HTTP_AUTHENTICATION"]))
      throw new \Exception ("No Authentication available", 401);
    if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer ")
      throw new \Exception ("No Bearer Authentication available", 401);
    $token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
    $jwt = new jwt ();
    $payload = $jwt->decode ($token, $this->jwtServerKey);
    if (! key_exists ("email", $payload))
      return null;
    // The JWT was tested in authparams. End of process
    $this->email = $payload->email;
    $this->token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
  }

  /** Return all the parameters recorded for the authenticate user */
  public function getdetails ()
  {
    if ($this->email === null)
      return array ("lastname"  => "anonymous",
                    "firstname" => "",
                    "email"     => "anonymous");
    return array ("email"  => $this->email,
                  "bearer" => $this->token);
  }

  /** Method to change the password : unavailable in SESSION auth
    * @param string $oldpassword The old password (to check if the user have the
    *    rights to change the password)
    * @param string $newpassword The new password to be recorded
    */
  public function changepassword ($oldpassword, $newpassword)
  {
    throw new \Exception (dgettext ("domframework",
                         "The password can't be change for JWT users"),
                         405);
  }

  /** Method to overwrite the password (without oldpassword check)
    * Must be reserved to the administrators. For the users, use changepassword
    * method
    * @param string $email the user identifier to select
    * @param string $newpassword The new password to be recorded
    */
  public function overwritepassword ($email, $newpassword)
  {
    throw new \Exception (dgettext ("domframework",
                         "The password can't be overwrite for JWT users"),
                         405);
  }

  /** Remove the information from the session */
  public function logout ()
  {
    throw new \Exception (dgettext ("domframework",
                         "The logout is not available for JWT users"),
                         405);
  }
}