Dominique Fournier
3076e88e43
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5291 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
99 lines
3.1 KiB
PHP
99 lines
3.1 KiB
PHP
<?php
|
|
/** DomFramework
|
|
* @package domframework
|
|
* @author Dominique Fournier <dominique@fournier38.fr>
|
|
*/
|
|
|
|
require_once ("domframework/jwt.php");
|
|
|
|
/** User authentication against JSON Web Token
|
|
* To use it, the $serverKey must be defined. It can be created by example,
|
|
* by using $serverKey = sha1 (microtime (true));
|
|
*/
|
|
class authjwt extends auth
|
|
{
|
|
/** The JSON Web Token Server key if used
|
|
*/
|
|
public $serverKey = null;
|
|
|
|
/** If the user is valid, return the email in details
|
|
*/
|
|
private $email = null;
|
|
|
|
/** Save the token
|
|
*/
|
|
private $token = null;
|
|
|
|
/** No connection to JWT */
|
|
public function connect ()
|
|
// {{{
|
|
{
|
|
return TRUE;
|
|
}
|
|
// }}}
|
|
|
|
/** Try to authenticate the email/password of the user
|
|
* @param string $email Email to authenticate
|
|
* @param string $password Password to authenticate
|
|
*/
|
|
public function authentication ($email, $password)
|
|
{
|
|
if (! isset ($_SERVER["HTTP_AUTHENTICATION"]))
|
|
throw new \Exception ("No Authentication available", 401);
|
|
if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer ")
|
|
throw new \Exception ("No Bearer Authentication available", 401);
|
|
$token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
|
|
$jwt = new jwt ();
|
|
$payload = $jwt->decode ($token, $this->serverKey);
|
|
if (! key_exists ("email", $payload))
|
|
return null;
|
|
// The JWT was tested in authparams. End of process
|
|
$this->email = $payload->email;
|
|
$this->token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
|
|
}
|
|
|
|
/** Return all the parameters recorded for the authenticate user */
|
|
public function getdetails ()
|
|
{
|
|
if ($this->email === null)
|
|
return array ("lastname" => "anonymous",
|
|
"firstname" => "",
|
|
"email" => "anonymous");
|
|
return array ("email" => $this->email,
|
|
"bearer" => $this->token);
|
|
}
|
|
|
|
/** Method to change the password : unavailable in SESSION auth
|
|
* @param string $oldpassword The old password (to check if the user have the
|
|
* rights to change the password)
|
|
* @param string $newpassword The new password to be recorded
|
|
*/
|
|
public function changepassword ($oldpassword, $newpassword)
|
|
{
|
|
throw new \Exception (dgettext ("domframework",
|
|
"The password can't be change for JWT users"),
|
|
405);
|
|
}
|
|
|
|
/** Method to overwrite the password (without oldpassword check)
|
|
* Must be reserved to the administrators. For the users, use changepassword
|
|
* method
|
|
* @param string $email the user identifier to select
|
|
* @param string $newpassword The new password to be recorded
|
|
*/
|
|
public function overwritepassword ($email, $newpassword)
|
|
{
|
|
throw new \Exception (dgettext ("domframework",
|
|
"The password can't be overwrite for JWT users"),
|
|
405);
|
|
}
|
|
|
|
/** Remove the information from the session */
|
|
public function logout ()
|
|
{
|
|
throw new \Exception (dgettext ("domframework",
|
|
"The logout is not available for JWT users"),
|
|
405);
|
|
}
|
|
}
|