Dominique.Fournier/DomFramework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity
Files
a0a5e70fc4daa884871d553faa27598966cb65e8
DomFramework/authparams.php
Dominique Fournier e8517ea495 authparams : add the method used to matche the user 
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5292 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
2019-05-25 22:46:34 +00:00

137 lines
4.0 KiB
PHP
Raw Blame History

<?php
/** DomFramework
* @package domframework
* @author Dominique Fournier <dominique@fournier38.fr>
*/
/** Takes the email and the password of the user */
class authparams
{
/** The email of the user when provided */
public $email = null;
/** The password of the user when provided */
public $password = null;
/** The method used to get the authentication data */
public $method = null;
/** Parse the different authentication processes to found the email/password
* of the user.
* If non is found, return "anonymous", "anonymous"
* @param array|null $authprocesses The authentication process to use
*/
public function __construct ($authprocesses = array ("session", "post"))
// {{{
{
if (php_sapi_name () === "cli")
{
$this->email = "cli";
$this->password = "";
$this->method = null;
}
else
{
foreach ($authprocesses as $authprocess)
{
try
{
$res = $this->$authprocess();
$this->email = $res["email"];
$this->password = $res["password"];
$this->method = $authprocess;
break;
}
catch (\Exception $e)
{
$this->email = "anonymous";
$this->password = "anonymous";
$this->method = null;
}
}
}
}
// }}}
/** Get information from $POST variables
*/
public function post ()
// {{{
{
if (!isset ($_POST["email"]) || !isset ($_POST["password"]))
throw new \Exception ("No POST provided", 403);
return array ("email" => trim ($_POST["email"]),
"password" => $_POST["password"]);
}
// }}}
/** Get information from previous recorded session
*/
public function session ()
// {{{
{
if (!isset ($_SESSION) || session_id () === "")
session_start ();
if (!isset ($_SESSION["domframework"]["auth"]["email"]) ||
!isset ($_SESSION["domframework"]["auth"]["password"]))
throw new \Exception ("No previous email in session", 403);
return array ("email" => $_SESSION["domframework"]["auth"]["email"],
"password" => $_SESSION["domframework"]["auth"]["password"]);
}
// }}}
/** Get information from a HTTP authentication
*/
public function http ()
// {{{
{
$realm = dgettext ("domframework", "Restricted access");
if (!isset ($_SERVER['PHP_AUTH_USER']))
{
throw new \Exception ("No user defined in HTTP header", 401);
//header("WWW-Authenticate: Basic realm=\"$realm\"");
//header("HTTP/1.0 401 Unauthorized");
//die ($realm);
}
else
{
if (! array_key_exists ("PHP_AUTH_PW", $_SERVER))
$_SERVER["PHP_AUTH_PW"] = null;
return array ("email" => trim ($_SERVER["PHP_AUTH_USER"]),
"password" => $_SERVER["PHP_AUTH_PW"]);
}
}
// }}}
/** Get the information from a shibboleth provider
*/
public function shibboleth ()
// {{{
{
if (! isset ($_SERVER["Shib-Session-ID"]))
throw new \Exception ("No Shibboleth information available", 403);
if (! isset ($_SERVER["mail"]))
throw new \Exception ("No Shibboleth email provided", 403);
return array ("email" => $_SERVER["mail"],
"password" => "NONE IN SHIBBOLETH");
}
// }}}
/** Get the information from a Bearer Token
* The token MUST be set in HTTP Header :
* Authorization: Bearer <token>
* The real verification are done in authjwt, as we can not have the
* jwtServerKey defined in property : the execution is done in constructor
*/
public function bearer ()
// {{{
{
if (! isset ($_SERVER["HTTP_AUTHENTICATION"]))
throw new \Exception ("No Authentication available", 401);
if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer ")
throw new \Exception ("No Bearer Authentication available", 401);
$token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
return array ("email" => "NOT YET VALID : TOKEN IN JWT",
"password" => "NONE IN JWT");
}
// }}}
}
Reference in New Issue View Git Blame Copy Permalink