* @license BSD */ //namespace Domframework; /** Takes the email and the password of the user */ class authparams { /** The email of the user when provided */ public $email = null; /** The password of the user when provided */ public $password = null; /** The method used to get the authentication data */ public $method = null; /** Parse the different authentication processes to found the email/password * of the user. * If non is found, return "anonymous", "anonymous" * @param array|null $authprocesses The authentication process to use */ public function __construct ($authprocesses = array ("session", "post")) // {{{ { if (php_sapi_name () === "cli") { $this->email = "cli"; $this->password = ""; $this->method = null; } else { foreach ($authprocesses as $authprocess) { try { $res = $this->$authprocess(); $this->email = $res["email"]; $this->password = $res["password"]; $this->method = $authprocess; break; } catch (\Exception $e) { $this->email = "anonymous"; $this->password = "anonymous"; $this->method = null; } } } } // }}} /** Get information from $POST variables */ public function post () // {{{ { if (!isset ($_POST["email"]) || !isset ($_POST["password"])) throw new \Exception ("No POST provided", 403); return array ("email" => trim ($_POST["email"]), "password" => $_POST["password"]); } // }}} /** Get information from previous recorded session */ public function session () // {{{ { if (!isset ($_SESSION) || session_id () === "") throw new \Exception ("No session previously enabled", 403); if (!isset ($_SESSION["domframework"]["auth"]["email"]) || !isset ($_SESSION["domframework"]["auth"]["password"])) throw new \Exception ("No previous email in session", 403); return array ("email" => $_SESSION["domframework"]["auth"]["email"], "password" => $_SESSION["domframework"]["auth"]["password"]); } // }}} /** Get information from a HTTP authentication */ public function http () // {{{ { $realm = dgettext ("domframework", "Restricted access"); if (!isset ($_SERVER['PHP_AUTH_USER'])) { throw new \Exception ("No user defined in HTTP header", 401); //header("WWW-Authenticate: Basic realm=\"$realm\""); //header("HTTP/1.0 401 Unauthorized"); //die ($realm); } else { if (! array_key_exists ("PHP_AUTH_PW", $_SERVER)) $_SERVER["PHP_AUTH_PW"] = null; return array ("email" => trim ($_SERVER["PHP_AUTH_USER"]), "password" => $_SERVER["PHP_AUTH_PW"]); } } // }}} /** Get the information from a shibboleth provider */ public function shibboleth () // {{{ { if (! isset ($_SERVER["Shib-Session-ID"])) throw new \Exception ("No Shibboleth information available", 403); if (! isset ($_SERVER["mail"])) throw new \Exception ("No Shibboleth email provided", 403); return array ("email" => $_SERVER["mail"], "password" => "NONE IN SHIBBOLETH"); } // }}} /** Get the information from a Bearer Token * The token MUST be set in HTTP Header : * Authentication: Bearer * Ex in curl : * curl -s -u "login:password" -X POST \ * http://localhost/rest/authentication/ | jq -r * curl -s \ * -H "Accept: application/json" \ * -H "Authentication: Bearer ${BearerToken}" \ * http://localhost/rest/api/ * The real verification are done in authjwt, as we can not have the * jwtServerKey defined in property : the execution is done in constructor */ public function bearer () // {{{ { if (! isset ($_SERVER["HTTP_AUTHENTICATION"])) throw new \Exception ("No Authentication available", 401); if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer ") throw new \Exception ("No Bearer Authentication available", 401); $token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7); return array ("email" => "NOT YET VALID : TOKEN IN JWT", "password" => "NONE IN JWT"); } // }}} }