Dominique Fournier
033b817627
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@6096 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
145 lines
4.3 KiB
PHP
145 lines
4.3 KiB
PHP
<?php
|
|
/** DomFramework
|
|
* @package domframework
|
|
* @author Dominique Fournier <dominique@fournier38.fr>
|
|
* @license BSD
|
|
*/
|
|
|
|
/** Takes the email and the password of the user */
|
|
class authparams
|
|
{
|
|
/** The email of the user when provided */
|
|
public $email = null;
|
|
/** The password of the user when provided */
|
|
public $password = null;
|
|
/** The method used to get the authentication data */
|
|
public $method = null;
|
|
|
|
/** Parse the different authentication processes to found the email/password
|
|
* of the user.
|
|
* If non is found, return "anonymous", "anonymous"
|
|
* @param array|null $authprocesses The authentication process to use
|
|
*/
|
|
public function __construct ($authprocesses = array ("session", "post"))
|
|
// {{{
|
|
{
|
|
if (php_sapi_name () === "cli")
|
|
{
|
|
$this->email = "cli";
|
|
$this->password = "";
|
|
$this->method = null;
|
|
}
|
|
else
|
|
{
|
|
foreach ($authprocesses as $authprocess)
|
|
{
|
|
try
|
|
{
|
|
$res = $this->$authprocess();
|
|
$this->email = $res["email"];
|
|
$this->password = $res["password"];
|
|
$this->method = $authprocess;
|
|
break;
|
|
}
|
|
catch (\Exception $e)
|
|
{
|
|
$this->email = "anonymous";
|
|
$this->password = "anonymous";
|
|
$this->method = null;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
// }}}
|
|
|
|
/** Get information from $POST variables
|
|
*/
|
|
public function post ()
|
|
// {{{
|
|
{
|
|
if (!isset ($_POST["email"]) || !isset ($_POST["password"]))
|
|
throw new \Exception ("No POST provided", 403);
|
|
return array ("email" => trim ($_POST["email"]),
|
|
"password" => $_POST["password"]);
|
|
}
|
|
// }}}
|
|
|
|
/** Get information from previous recorded session
|
|
*/
|
|
public function session ()
|
|
// {{{
|
|
{
|
|
if (!isset ($_SESSION) || session_id () === "")
|
|
throw new \Exception ("No session previously enabled", 403);
|
|
if (!isset ($_SESSION["domframework"]["auth"]["email"]) ||
|
|
!isset ($_SESSION["domframework"]["auth"]["password"]))
|
|
throw new \Exception ("No previous email in session", 403);
|
|
return array ("email" => $_SESSION["domframework"]["auth"]["email"],
|
|
"password" => $_SESSION["domframework"]["auth"]["password"]);
|
|
}
|
|
// }}}
|
|
|
|
/** Get information from a HTTP authentication
|
|
*/
|
|
public function http ()
|
|
// {{{
|
|
{
|
|
$realm = dgettext ("domframework", "Restricted access");
|
|
if (!isset ($_SERVER['PHP_AUTH_USER']))
|
|
{
|
|
throw new \Exception ("No user defined in HTTP header", 401);
|
|
//header("WWW-Authenticate: Basic realm=\"$realm\"");
|
|
//header("HTTP/1.0 401 Unauthorized");
|
|
//die ($realm);
|
|
}
|
|
else
|
|
{
|
|
if (! array_key_exists ("PHP_AUTH_PW", $_SERVER))
|
|
$_SERVER["PHP_AUTH_PW"] = null;
|
|
return array ("email" => trim ($_SERVER["PHP_AUTH_USER"]),
|
|
"password" => $_SERVER["PHP_AUTH_PW"]);
|
|
}
|
|
}
|
|
// }}}
|
|
|
|
/** Get the information from a shibboleth provider
|
|
*/
|
|
public function shibboleth ()
|
|
// {{{
|
|
{
|
|
if (! isset ($_SERVER["Shib-Session-ID"]))
|
|
throw new \Exception ("No Shibboleth information available", 403);
|
|
if (! isset ($_SERVER["mail"]))
|
|
throw new \Exception ("No Shibboleth email provided", 403);
|
|
return array ("email" => $_SERVER["mail"],
|
|
"password" => "NONE IN SHIBBOLETH");
|
|
}
|
|
// }}}
|
|
|
|
/** Get the information from a Bearer Token
|
|
* The token MUST be set in HTTP Header :
|
|
* Authentication: Bearer <token>
|
|
* Ex in curl :
|
|
* curl -s -u "login:password" -X POST \
|
|
* http://localhost/rest/authentication/ | jq -r
|
|
* curl -s \
|
|
* -H "Accept: application/json" \
|
|
* -H "Authentication: Bearer ${BearerToken}" \
|
|
* http://localhost/rest/api/
|
|
* The real verification are done in authjwt, as we can not have the
|
|
* jwtServerKey defined in property : the execution is done in constructor
|
|
*/
|
|
public function bearer ()
|
|
// {{{
|
|
{
|
|
if (! isset ($_SERVER["HTTP_AUTHENTICATION"]))
|
|
throw new \Exception ("No Authentication available", 401);
|
|
if (substr ($_SERVER["HTTP_AUTHENTICATION"], 0, 7) !== "Bearer ")
|
|
throw new \Exception ("No Bearer Authentication available", 401);
|
|
$token = substr ($_SERVER["HTTP_AUTHENTICATION"], 7);
|
|
return array ("email" => "NOT YET VALID : TOKEN IN JWT",
|
|
"password" => "NONE IN JWT");
|
|
}
|
|
// }}}
|
|
}
|