Dominique Fournier
5ba79a6ae2
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5789 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
111 lines
3.4 KiB
PHP
111 lines
3.4 KiB
PHP
<?php
|
|
/** DomFramework
|
|
* @package domframework
|
|
* @author Dominique Fournier <dominique@fournier38.fr>
|
|
*/
|
|
|
|
require_once ("domframework/jwt.php");
|
|
|
|
/** User authentication against JSON Web Token
|
|
* To use it, the $serverKey must be defined. It can be created by example,
|
|
* by using $serverKey = sha1 (microtime (true));
|
|
*/
|
|
class authjwt extends auth
|
|
{
|
|
// PROPERTIES SET BY AUTH
|
|
/** The JSON Web Token Server key if used
|
|
*/
|
|
public $serverKey = null;
|
|
|
|
/** The cipher key to decrypt the token
|
|
*/
|
|
public $cipherKey = null;
|
|
|
|
/** The allowed algorithms in array format
|
|
* If null, all the algorithms are allowed
|
|
* allowed : ['HS256', 'HS512', 'HS384']
|
|
*/
|
|
public $allowedAlg = null;
|
|
|
|
// INTERNAL PROPERTIES
|
|
/** If the user is valid, return the payload in details
|
|
*/
|
|
private $payload = null;
|
|
|
|
/** Save the token
|
|
*/
|
|
private $token = null;
|
|
|
|
/** No connection to JWT */
|
|
public function connect ()
|
|
// {{{
|
|
{
|
|
return TRUE;
|
|
}
|
|
// }}}
|
|
|
|
/** Try to authenticate the email/password of the user
|
|
* @param string $email Email not used (wait for Bearer)
|
|
* @param string $password Password not used (wait for Bearer)
|
|
*/
|
|
public function authentication ($email, $password)
|
|
{
|
|
if (! isset ($_SERVER["HTTP_AUTHENTICATION"]))
|
|
throw new \Exception ("No Authentication available", 401);
|
|
if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer ")
|
|
throw new \Exception ("No Bearer Authentication available", 401);
|
|
$token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
|
|
$jwt = new jwt ();
|
|
$payload = $jwt->decode ($token, $this->serverKey, $this->allowedAlg,
|
|
$this->cipherKey);
|
|
// The JWT was tested in authparams. End of process
|
|
if (! empty ($payload))
|
|
{
|
|
$this->payload = (array)$payload;
|
|
$this->payload["bearer"] = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
|
|
}
|
|
if (! key_exists ("email", $this->payload))
|
|
throw new \Exception ("No email available in Bearer", 403);
|
|
}
|
|
|
|
/** Return all the parameters recorded for the authenticate user */
|
|
public function getdetails ()
|
|
{
|
|
if ($this->payload["email"] === "anonymous")
|
|
return array ("lastname" => "anonymous",
|
|
"firstname" => "",
|
|
"email" => "anonymous");
|
|
return $this->payload;
|
|
}
|
|
|
|
/** Method to change the password : unavailable in SESSION auth
|
|
* @param string $oldpassword The old password (to check if the user have the
|
|
* rights to change the password)
|
|
* @param string $newpassword The new password to be recorded
|
|
*/
|
|
public function changepassword ($oldpassword, $newpassword)
|
|
{
|
|
throw new \Exception (dgettext ("domframework",
|
|
"The password can't be change for JWT users"), 405);
|
|
}
|
|
|
|
/** Method to overwrite the password (without oldpassword check)
|
|
* Must be reserved to the administrators. For the users, use changepassword
|
|
* method
|
|
* @param string $email the user identifier to select
|
|
* @param string $newpassword The new password to be recorded
|
|
*/
|
|
public function overwritepassword ($email, $newpassword)
|
|
{
|
|
throw new \Exception (dgettext ("domframework",
|
|
"The password can't be overwrite for JWT users"), 405);
|
|
}
|
|
|
|
/** Remove the information from the session */
|
|
public function logout ()
|
|
{
|
|
throw new \Exception (dgettext ("domframework",
|
|
"The logout is not available for JWT users"), 405);
|
|
}
|
|
}
|