/trunk/composer.lock |
---|
New file |
0,0 → 1,63 |
{ |
"_readme": [ |
"This file locks the dependencies of your project to a known state", |
"Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", |
"This file is @generated automatically" |
], |
"hash": "cfb698d38891e70ac902b10544ba6bd0", |
"packages": [ |
{ |
"name": "firebase/php-jwt", |
"version": "2.0.0", |
"target-dir": "Firebase/PHP-JWT", |
"source": { |
"type": "git", |
"url": "https://github.com/firebase/php-jwt.git", |
"reference": "ffcfd888ce1e4f2d70cac2dc9b7301038332fe57" |
}, |
"dist": { |
"type": "zip", |
"url": "https://api.github.com/repos/firebase/php-jwt/zipball/ffcfd888ce1e4f2d70cac2dc9b7301038332fe57", |
"reference": "ffcfd888ce1e4f2d70cac2dc9b7301038332fe57", |
"shasum": "" |
}, |
"require": { |
"php": ">=5.2.0" |
}, |
"type": "library", |
"autoload": { |
"classmap": [ |
"Authentication/", |
"Exceptions/" |
] |
}, |
"notification-url": "https://packagist.org/downloads/", |
"license": [ |
"BSD-3-Clause" |
], |
"authors": [ |
{ |
"name": "Neuman Vong", |
"email": "neuman+pear@twilio.com", |
"role": "Developer" |
}, |
{ |
"name": "Anant Narayanan", |
"email": "anant@php.net", |
"role": "Developer" |
} |
], |
"description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", |
"homepage": "https://github.com/firebase/php-jwt", |
"time": "2015-04-01 18:46:38" |
} |
], |
"packages-dev": [], |
"aliases": [], |
"minimum-stability": "stable", |
"stability-flags": [], |
"prefer-stable": false, |
"prefer-lowest": false, |
"platform": [], |
"platform-dev": [] |
} |
/trunk/scripts/modules/mail/Mail.php |
---|
45,7 → 45,7 |
$retour = $this->traiterMailsEnAttente(); |
break; |
// TODO: case supplémentaire pour traiter un mail par son id ? |
// TODO: option "force" pour traiter les mails quelques soient leur statut ? |
// TODO: option "force" pour traiter les mails quel que soit leur statut ? |
default: |
} |
/trunk/jrest/jrest.ini.defaut.php |
---|
45,6 → 45,15 |
; ADMIN |
[jrest_admin] |
admin = aurelien@tela-botanica.org,david.delon@clapas.net,jpm@tela-botanica.org,marie@tela-botanica.org |
; Liste des ips (nom de domaine) autorisés à accéder aux services de DEL |
; Liste des ips (nom de domaine) autorisés à accéder aux services |
ip_autorisees = "127.0.0.1, 193.54.123.169, 193.54.123.216, 162.38.234.6" |
; AUTH (SSO) |
[auth] |
; si true, refusera toute connexion non-HTTPS |
forcer_ssl = true |
nom_cookie = tb_auth |
duree_cookie = 31536000 |
duree_jeton = 900 |
;*/?> |
/trunk/jrest/services/Auth.php |
---|
New file |
0,0 → 1,592 |
<?php |
// composer |
require_once '../vendor/autoload.php'; |
/** |
* Tentative de service d'authentification / SSO bien organisé |
* @author mathias |
* © Tela Botanica 2015 |
* |
* @TODO se baser sur autre chose que JRest qui est obsolète |
*/ |
class Auth extends JRestService { |
/** Clef utilisée pour signer les jetons JWT */ |
private $clef; |
/** Si true, refusera une connexion non-HTTPS */ |
protected $forcerSSL = true; |
/** Durée en secondes du jeton (doit être faible en l'absence de mécanisme d'invalidation) */ |
protected $dureeJeton = 900; |
/** Durée en secondes du cookie */ |
protected $dureeCookie = 31536000; // 3600 * 24 * 365 |
/** Nom du cookie */ |
protected $nomCookie = "this_is_not_a_good_cookie_name"; |
public function __construct($config, $demarrer_session = true) { |
parent::__construct($config, $demarrer_session); |
$this->clef = file_get_contents("clef-auth.ini"); |
if (strlen($this->clef) < 16) { |
throw new Exception("Clef trop courte - placez une clef d'au moins 16 caractères dans configurations/clef-auth.ini"); |
} |
$this->forcerSSL = ($this->config['auth']['forcer_ssl'] == "1"); |
$this->dureeJeton = $this->config['auth']['duree_jeton']; |
$this->dureeCookie = $this->config['auth']['duree_cookie']; |
$this->nomCookie = $this->config['auth']['nom_cookie']; |
} |
/** |
* Notice d'utilisation succincte |
* @TODO essayer de choisir entre anglais et français |
*/ |
protected function infosService() { |
$uri = $this->config['settings']['baseAlternativeURL']; |
if ($uri == '') { |
$uri = $this->config['settings']['baseURL']; |
} |
$uri = $uri . "auth/"; |
$infos = array( |
'service' => 'TelaBotanica/annuaire/auth', |
'methodes' => array( |
'connexion' => array( |
"uri" => $uri . "connexion", |
"parametres" => array( |
"login" => "adresse email (ex: name@domain.com)", |
"password" => "mot de passe" |
), |
"alias" => $uri . "login", |
"description" => "connexion avec login et mot de passe; renvoie un jeton et un cookie " . $this->nomCookie |
), |
'deconnexion' => array( |
"uri" => $uri . "deconnexion", |
"parametres" => null, |
"alias" => $uri . "logout", |
"description" => "déconnexion; renvoie un jeton null et supprime le cookie " . $this->nomCookie |
), |
'identite' => array( |
"uri" => $uri . "identite", |
"parametres" => array( |
"token" => "jeton JWT (facultatif)", |
), |
"alias" => array( |
$uri . "identity", |
$uri . "rafraichir", |
$uri . "refresh" |
), |
"description" => "confirme l'authentification et la session; rafraîchit le jeton fourni (dans le cookie " . $this->nomCookie . " ou en paramètre)" |
), |
'verifierjeton' => array( |
"uri" => $uri . "identite", |
"parametres" => array( |
"token" => "jeton JWT", |
), |
"alias" => $uri . "verifytoken", |
"description" => "retourne true si le jeton fourni en paramètre est valide, une erreur sinon" |
) |
) |
); |
$this->envoyerJson($infos); |
} |
/** |
* Lorsqu'appelé sans éléments d'URL (service:annuaire:auth); |
* les paramètres GET sont ignorés |
*/ |
public function getRessource() { |
//echo "get ressource\n"; |
$this->infosService(); |
} |
/** |
* Lorsqu'appelé avec des éléments d'URL (service:annuaire:auth/machin/chose); |
* les paramètres GET sont ignorés |
* |
* @param array $ressources les éléments d'URL |
*/ |
public function getElement($ressources) { |
// Achtétépéèch portouguech |
$this->verifierSSL(); |
//echo "get element\n"; |
//var_dump($ressources); |
// le premier paramètre d'URL définit la méthode (non-magique) |
if (count($ressources) > 0) { |
switch ($ressources[0]) { |
case 'login': |
case 'connexion': |
$this->connexion($ressources); |
break; |
case 'logout': |
case 'deconnexion': |
$this->deconnexion(); |
break; |
case 'identity': |
case 'identite': |
case 'rafraichir': |
case 'refresh': |
$this->identite(); |
break; |
case 'verifytoken': |
case 'verifierjeton': |
$this->verifierJeton(); |
break; |
case 'info': |
default: |
$this->infosService(); |
} |
} |
} |
/** |
* Lors d'un POST avec au moins une donnée dans le body (data); |
* les paramètres GET sont ignorés |
* @TODO faire un point d'entrée POST qui renvoie vers les méthodes GET |
* |
* @param array $ressources les éléments d'URL |
* @param array $pairs les paramètres POST |
*/ |
public function updateElement($ressources, $pairs) { |
//echo "update element\n"; |
//var_dump($ressources); |
//var_dump($pairs); |
$this->nonImplemente(); |
} |
/** |
* Lors d'un PUT (les éléments d'URL sont ignorés) ou d'un POST avec au moins |
* un élément d'URL; dans tous les cas les paramètres GET sont ignorés |
* |
* @param array $pairs les paramètres POST |
*/ |
public function createElement($pairs) { |
//echo "create element\n"; |
//var_dump($pairs); |
$this->nonImplemente(); |
} |
/** |
* Lors d'un DELETE avec au moins un élément d'URL |
* @TODO utiliser pour invalider un jeton (nécessite stockage) |
* |
* @param array $ressources les éléments d'URL |
*/ |
public function deleteElement($ressources) { |
//echo "delete element\n"; |
//var_dump($ressources); |
$this->nonImplemente(); |
} |
/** |
* Vérifie l'identité d'un utilisateur à partir de son courriel et son |
* mot de passe ou d'un cookie; lui accorde un jeton et un cookie si |
* tout va bien, sinon renvoie une erreur |
* |
* @param array $ressources non utilisé |
*/ |
protected function connexion($ressources) { |
$login = $this->getParam('login'); |
$password = $this->getParam('password', null); |
if ($login == '' || $password == '') { |
$this->erreur("parameters <login> and <password> required"); |
} |
// vérification login / password |
$acces = $this->verifierAcces($login, $password); |
if ($acces === false) { |
$this->erreur("authentication failed"); |
} |
// infos utilisateur |
$util = new Utilisateur($this->config); |
$infos = $util->getIdentiteParCourriel($login); |
if (count($infos) == 0 || empty($infos[$login])) { |
$this->erreur("could not get user info"); |
} |
// création du jeton |
$jwt = $this->creerjeton($login, $infos[$login]); |
// création du cookie |
$this->creerCookie($jwt); |
// envoi |
$this->envoyerJson(array( |
"session" => true, |
"token" => $jwt |
)); |
} |
/** |
* Détruit le cookie et renvoie un jeton vide ou NULL - le client |
* devrait toujours remplacer son jeton par celui renvoyé par les |
* méthodes de l'annuaire |
*/ |
protected function deconnexion() { |
// suppression du cookie |
$this->detruireCookie(); |
// envoi d'un jeton vide @TODO évaluer cette méthode |
// par rapport à renvoyer simplement NULL comme jeton |
/*$jetonVide = array( |
"iss" => "https://www.tela-botanica.org", |
"sub" => null, // id utilisateur - ou courriel ? |
"iat" => time(), |
"exp" => time(), // @TODO trouver mieux |
"scopes" => array("tela-botanica.org") |
); |
$jwt = JWT::encode($jetonVide, $this->clef);*/ |
$jwt = null; |
$this->envoyerJson(array( |
"session" => false, |
"token" => $jwt |
)); |
} |
/** |
* Renvoie un jeton rafraîchi (durée de validité augmentée de $this->dureeJeton |
* si l'utilisateur est reconnu comme détenteur d'une session active (cookie valide |
* ou jeton valide); renvoie une erreur si le cookie et/ou le jeton sont expirés; |
* le cookie est prioritaire sur le paramètre "token" @TODO vérifier cette stratégie |
*/ |
protected function identite() { |
$cookieAvecJetonValide = false; |
$jetonRetour = null; |
$erreur = ''; |
// lire cookie |
if (isset($_COOKIE[$this->nomCookie])) { |
$jwt = $_COOKIE[$this->nomCookie]; |
try { |
// rafraîchir jeton quelque soit son état - "true" permet |
// d'ignorer les ExpiredException (on rafraîchit le jeton |
// expiré car le cookie est encore valide) |
$jetonRetour = $this->rafraichirJeton($jwt, true); |
// on ne tentera pas de lire un jeton fourni en paramètre |
$cookieAvecJetonValide = true; |
} catch (Exception $e) { |
// si le rafraîchissement a échoué (jeton invalide - hors expiration - ou vide) |
// on ne fait rien et on tente la suite (jeton fourni hors cookie ?) |
$erreur = "invalid token in cookie"; |
} |
} |
// si le cookie n'existait pas ou ne contenait pas un jeton |
if (! $cookieAvecJetonValide) { |
// lire jeton |
$jwt = $this->getParam('token'); |
if ($jwt != null) { |
try { |
// rafraîchir jeton si non expiré |
$jetonRetour = $this->rafraichirJeton($jwt); |
} catch (Exception $e) { |
// si le rafraîchissement a échoué (jeton invalide, expiré ou vide) |
$erreur = "invalid or expired token in parameter"; |
} |
} else { |
// pas de jeton valide passé en paramètre |
$erreur = ($erreur == "" ? "no token or cookie" : "invalid token in cookie; invalid or expired token in parameter"); |
} |
} |
// renvoi jeton |
if ($jetonRetour === null) { |
$this->erreur($erreur); |
} else { |
$this->envoyerJson(array( |
"session" => true, |
"token" => $jetonRetour |
)); |
} |
} |
/** |
* Vérifie si un jeton est valide; retourne true si oui, une erreur avec |
* des détails si non |
*/ |
protected function verifierJeton() { |
// vérifie que le jeton provient bien d'ici, |
// et qu'il est encore valide (date) |
$jwt = $this->getParam('token'); |
if ($jwt == '') { |
$this->erreur("parameter <token> required"); |
} |
try { |
$jeton = JWT::decode($jwt, $this->clef, array('HS256')); |
$jeton = (array) $jeton; |
} catch (Exception $e) { |
$this->erreur($e->getMessage()); |
exit; |
} |
//print_r($jeton); |
$this->envoyerJson(true); |
} |
/** |
* Reçoit un jeton JWT, et s'il est non-vide ("sub" != null), lui redonne |
* une période de validité de $this->dureeJeton; si $ignorerExpiration |
* vaut true, rafraîchira le jeton même s'il a expiré |
* (attention à ne pas appeler cette méthode n'importe comment !); |
* jette une exception si le jeton est vide, mal signé ou autre erreur, |
* ou s'il a expiré et que $ignorerExpiration est différent de true |
* |
* @param string $jwt le jeton JWT |
* @return string le jeton rafraîchi |
*/ |
protected function rafraichirJeton($jwt, $ignorerExpiration=false) /* throws Exception */ { |
$infos = array(); |
// vérification avec lib JWT |
try { |
$infos = JWT::decode($jwt, $this->clef, array('HS256')); |
$infos = (array) $infos; |
} catch (ExpiredException $e) { |
if ($ignorerExpiration === true) { |
// on se fiche qu'il soit expiré |
// décodage d'un jeton expiré |
// @WARNING considère que la lib JWT jette ExpiredException en dernier (vrai 12/05/2015), |
// ce qui signifie que la signature et le domaine sont tout de même valides - à surveiller ! |
$infos = $this->decoderJetonExpireManuellement($jwt); |
} else { |
// on renvoie l'exception plus haut |
throw $e; |
} |
} |
// vérification des infos |
if (empty($infos['sub'])) { |
// jeton vide (wtf?) |
echo " #Jeton vide"; |
throw new Exception("empty token (no <sub>)"); |
} |
// rafraîchissement |
$infos['exp'] = time() + $this->dureeJeton; |
$jwtSortie = JWT::encode($infos, $this->clef); |
return $jwtSortie; |
} |
/** |
* Décode manuellement un jeton JWT, SANS VÉRIFIER SA SIGNATURE OU |
* SON DOMAINE ! @WARNING ne pas utiliser hors du cas d'un jeton |
* correct (vérifié avec la lib JWT) mais expiré ! |
* |
* @param string $jwt un jeton vérifié comme valide, mais expiré |
*/ |
protected function decoderJetonExpireManuellement($jwt) { |
$parts = explode('.', $jwt); |
$payload = $parts[1]; |
$payload = base64_decode($payload); |
$payload = json_decode($payload, true); |
return $payload; |
} |
/** |
* Crée un jeton JWT signé avec la clef |
* |
* @param mixed $sub subject: l'id utilisateur du détenteur du jeton si authentifié, null sinon |
* @param string $exp la date d'expiration du jeton, par défaut la date actuelle plus $this->dureeJeton |
* @param array $donnees les données à ajouter au jeton (infos utilisateur) |
* |
* @return string un jeton JWT signé |
*/ |
protected function creerJeton($sub, $donnees=array(), $exp=null) { |
if ($exp === null) { |
$exp = time() + $this->dureeJeton; |
} |
$jeton = array( |
"iss" => "https://www.tela-botanica.org", |
//"aud" => "http://example.com", |
"sub" => $sub, |
"iat" => time(), |
"exp" => $exp, |
//"nbf" => time() + 60, |
"scopes" => array("tela-botanica.org") |
); |
if (! empty($donnees)) { |
$jeton = array_merge($jeton, $donnees); |
} |
$jwt = JWT::encode($jeton, $this->clef); |
return $jwt; |
} |
/** |
* Crée un cookie de durée $this->dureeCookie, nommé $this->nomCookie et |
* contenant $valeur |
* |
* @param string $valeur le contenu du cookie (de préférence un jeton JWT) |
*/ |
protected function creerCookie($valeur) { |
setcookie($this->nomCookie, $valeur, time() + $this->dureeCookie, '/'); |
} |
/** |
* Renvoie le cookie avec une valeur vide et une date d'expiration dans le |
* passé, afin que le navigateur le détruise au prochain appel |
* @TODO envisager l'envoi d'un jeton vide plutôt que la suppression du cookie |
* |
* @param string $valeur la valeur du cookie, par défaut "" |
*/ |
protected function detruireCookie() { |
setcookie($this->nomCookie, "", -1, '/'); |
} |
// ---------------- Méthodes à génériciser ci-dessous ---------------------------------- |
/** |
* Message succinct pour méthodes / actions non implémentées |
*/ |
protected function nonImplemente() { |
$this->erreur("not implemented"); |
} |
/** |
* Si $this->forcerSSL vaut true, envoie une erreur et termine le programme si SSL n'est pas utilisé |
*/ |
protected function verifierSSL() { |
if ($this->forcerSSL === true) { |
if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == 'off') { |
$this->erreur("HTTPS required"); |
exit; |
} |
} |
} |
protected function getParamChain($names) { |
if (! is_array($names)) { |
} |
} |
/** |
* Capture un paramètre de requête ($_REQUEST) |
* |
* @param string $name nom du paramètre à capturer |
* @param string $default valeur par défaut si le paramètre n'est pas défini (ou vide, voir ci-dessous) |
* @param bool $traiterVideCommeDefaut si le paramètre est défini mais vide (''), le considèrera comme non défini |
* |
* @return string la valeur du paramètre si défini, sinon la valeur par défaut |
*/ |
protected function getParam($name, $default=null, $traiterVideCommeDefaut=false) { |
$ret = $default; |
if (isset($_REQUEST[$name])) { |
if ($traiterVideCommeDefaut === false || $_REQUEST[$name] !== '') { |
$ret = $_REQUEST[$name]; |
} |
} |
return $ret; |
} |
/** |
* Capture un paramètre GET |
* |
* @param string $name nom du paramètre GET à capturer |
* @param string $default valeur par défaut si le paramètre n'est pas défini (ou vide, voir ci-dessous) |
* @param bool $traiterVideCommeDefaut si le paramètre est défini mais vide (''), le considèrera comme non défini |
* |
* @return string la valeur du paramètre si défini, sinon la valeur par défaut |
*/ |
protected function getGetParam($name, $default=null, $traiterVideCommeDefaut=false) { |
$ret = $default; |
if (isset($_GET[$name])) { |
if ($traiterVideCommeDefaut === false || $_GET[$name] !== '') { |
$ret = $_GET[$name]; |
} |
} |
return $ret; |
} |
/** |
* Capture un paramètre POST |
* |
* @param string $name nom du paramètre POST à capturer |
* @param string $default valeur par défaut si le paramètre n'est pas défini (ou vide, voir ci-dessous) |
* @param bool $traiterVideCommeDefaut si le paramètre est défini mais vide (''), le considèrera comme non défini |
* |
* @return string la valeur du paramètre si défini, sinon la valeur par défaut |
*/ |
protected function getPostParam($name, $default=null, $traiterVideCommeDefaut=false) { |
$ret = $default; |
if (isset($_POST[$name])) { |
if ($traiterVideCommeDefaut === false || $_POST[$name] !== '') { |
$ret = $_POST[$name]; |
} |
} |
return $ret; |
} |
/** |
* Envoie une erreur HTTP $code (400 par défaut) avec les données $data en JSON |
* |
* @param mixed $data données JSON de l'erreur - généralement array("error" => "raison de l'erreur") - si |
* seule une chaîne est transmise, sera convertie en array("error" => $data) |
* @param number $code code HTTP de l'erreur, par défaut 400 (bad request) |
* @param boolean $exit si true (par défaut), termine le script après avoir envoyé l'erreur |
*/ |
protected function erreur($data, $code=400, $exit=true) { |
if (! is_array($data)) { |
$data = array( |
"error" => $data |
); |
} |
http_response_code($code); |
$this->envoyerJson($data); |
if ($exit === true) { |
exit; |
} |
} |
} |
/** |
* Mode moderne pour PHP < 5.4 |
*/ |
if (!function_exists('http_response_code')) { |
function http_response_code($code = NULL) { |
if ($code !== NULL) { |
switch ($code) { |
case 100: $text = 'Continue'; break; |
case 101: $text = 'Switching Protocols'; break; |
case 200: $text = 'OK'; break; |
case 201: $text = 'Created'; break; |
case 202: $text = 'Accepted'; break; |
case 203: $text = 'Non-Authoritative Information'; break; |
case 204: $text = 'No Content'; break; |
case 205: $text = 'Reset Content'; break; |
case 206: $text = 'Partial Content'; break; |
case 300: $text = 'Multiple Choices'; break; |
case 301: $text = 'Moved Permanently'; break; |
case 302: $text = 'Moved Temporarily'; break; |
case 303: $text = 'See Other'; break; |
case 304: $text = 'Not Modified'; break; |
case 305: $text = 'Use Proxy'; break; |
case 400: $text = 'Bad Request'; break; |
case 401: $text = 'Unauthorized'; break; |
case 402: $text = 'Payment Required'; break; |
case 403: $text = 'Forbidden'; break; |
case 404: $text = 'Not Found'; break; |
case 405: $text = 'Method Not Allowed'; break; |
case 406: $text = 'Not Acceptable'; break; |
case 407: $text = 'Proxy Authentication Required'; break; |
case 408: $text = 'Request Time-out'; break; |
case 409: $text = 'Conflict'; break; |
case 410: $text = 'Gone'; break; |
case 411: $text = 'Length Required'; break; |
case 412: $text = 'Precondition Failed'; break; |
case 413: $text = 'Request Entity Too Large'; break; |
case 414: $text = 'Request-URI Too Large'; break; |
case 415: $text = 'Unsupported Media Type'; break; |
case 500: $text = 'Internal Server Error'; break; |
case 501: $text = 'Not Implemented'; break; |
case 502: $text = 'Bad Gateway'; break; |
case 503: $text = 'Service Unavailable'; break; |
case 504: $text = 'Gateway Time-out'; break; |
case 505: $text = 'HTTP Version not supported'; break; |
case 666: $text = 'Couscous overheat'; break; |
default: |
exit('Unknown http status code "' . htmlentities($code) . '"'); |
break; |
} |
$protocol = (isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.0'); |
header($protocol . ' ' . $code . ' ' . $text); |
$GLOBALS['http_response_code'] = $code; |
} else { |
$code = (isset($GLOBALS['http_response_code']) ? $GLOBALS['http_response_code'] : 200); |
} |
return $code; |
} |
} |
/trunk/jrest/services/Utilisateur.php |
---|
27,12 → 27,16 |
const FORMAT_XML = "xml"; |
const FORMAT_LDEHYDE = "méthanal"; // hihi hoho |
public function __construct($config, $demarrer_session = true) { |
parent::__construct($config, $demarrer_session); |
$this->idAnnuaire = Config::get('annuaire_defaut'); |
} |
/*+----------------------------------------------------------------------------------------------------+*/ |
// GET : consultation |
public function getElement($ressources){ |
$this->ressources = $ressources; |
$this->idAnnuaire = Config::get('annuaire_defaut'); |
$infos = null; |
if (isset($this->ressources[0])) { |
171,14 → 175,14 |
/** |
* Permet d'obtenir les prénoms et noms des courriels des utilisateurs indiqués dans la ressource. |
* RESSOURCE : /utilisateur/prenom-nom-par-courriel/[courriel,courriel,...] |
* PARAMÈTRES : aucun |
* PARAMÈTRES : $courriels des adresses courriel séparées par des virgules; si != null, sera utilisé à la place de la ressource d'URL |
* RÉPONSE : Tableau possédant un courriel de la ressource en clé et en valeur : |
* - id : identifiant numérique de l'utilisateur |
* - prenom : prénom |
* - nom : nom de famille. |
*/ |
public function getPrenomNomParCourriel() { |
$courriels = explode(',', $this->ressources[0]); |
public function getPrenomNomParCourriel($courriels) { |
$courriels = explode(',', $courriels); |
$infos = $this->getAnnuaire()->obtenirPrenomNomParCourriel($this->idAnnuaire, $courriels); |
return $infos; |
} |
186,7 → 190,7 |
/** |
* Permet d'obtenir les identités des utilisateurs indiqués dans la ressource. |
* RESSOURCE : /utilisateur/identite-par-courriel/[courriel,courriel,...] |
* PARAMÈTRES : aucun |
* PARAMÈTRES : $courriels des adresses courriel séparées par des virgules; si != null, sera utilisé à la place de la ressource d'URL |
* RÉPONSE : Tableau possédant un courriel de la ressource en clé et en valeur : |
* - id : identifiant numérique de l'utilisateur |
* - pseudoUtilise : indique si on doit utiliser le pseudo à la place de Prénom NOM |
194,9 → 198,9 |
* - prenom : prénom |
* - nom : nom de famille. |
*/ |
public function getIdentiteParCourriel() { |
public function getIdentiteParCourriel($courriels) { |
$infos_utilisateurs = array(); |
$utilisateurs = $this->getPrenomNomParCourriel(); |
$utilisateurs = $this->getPrenomNomParCourriel($courriels); |
foreach ($utilisateurs as $courriel => $utilisateur) { |
$id = $utilisateur['id']; |
$utilisateur['pseudo'] = $this->obtenirPseudo($id); |
/trunk/jrest/bibliotheque/JRestService.php |
---|
57,7 → 57,7 |
} |
//+----------------------------------------------------------------------------------------------------------------+ |
// GESTION de l'ENVOIE au NAVIGATEUR |
// GESTION de l'ENVOI au NAVIGATEUR pas la PEINE de CRIER |
protected function envoyerJson($donnees, $encodage = 'utf-8') { |
$contenu = json_encode($donnees); |
333,6 → 333,7 |
return $autorisation; |
} |
// WTF coel en dur ?? |
private function gererIdentificationPermanente() { |
// Pour maintenir l'utilisateur tjrs réellement identifié nous sommes obligé de recréer une SESSION et de le recharger depuis la bdd |
if ($this->getUtilisateur() == '' |
342,6 → 343,7 |
} |
} |
// WTF coel en dur ?? |
protected function getUtilisateur() { |
return (isset($_SESSION['coel_utilisateur']) ? $_SESSION['coel_utilisateur'] : ''); |
} |
/trunk/jrest/clef-auth.defaut.ini |
---|
New file |
0,0 → 1,0 |
)À3 RÈNJppÀ(=Va30iX'RÙ'A"'*x "cr"çà808Zre"3 |
/trunk/vendor/composer/autoload_psr4.php |
---|
New file |
0,0 → 1,9 |
<?php |
// autoload_psr4.php @generated by Composer |
$vendorDir = dirname(dirname(__FILE__)); |
$baseDir = dirname($vendorDir); |
return array( |
); |
/trunk/vendor/composer/installed.json |
---|
New file |
0,0 → 1,49 |
[ |
{ |
"name": "firebase/php-jwt", |
"version": "2.0.0", |
"version_normalized": "2.0.0.0", |
"target-dir": "Firebase/PHP-JWT", |
"source": { |
"type": "git", |
"url": "https://github.com/firebase/php-jwt.git", |
"reference": "ffcfd888ce1e4f2d70cac2dc9b7301038332fe57" |
}, |
"dist": { |
"type": "zip", |
"url": "https://api.github.com/repos/firebase/php-jwt/zipball/ffcfd888ce1e4f2d70cac2dc9b7301038332fe57", |
"reference": "ffcfd888ce1e4f2d70cac2dc9b7301038332fe57", |
"shasum": "" |
}, |
"require": { |
"php": ">=5.2.0" |
}, |
"time": "2015-04-01 18:46:38", |
"type": "library", |
"installation-source": "dist", |
"autoload": { |
"classmap": [ |
"Authentication/", |
"Exceptions/" |
] |
}, |
"notification-url": "https://packagist.org/downloads/", |
"license": [ |
"BSD-3-Clause" |
], |
"authors": [ |
{ |
"name": "Neuman Vong", |
"email": "neuman+pear@twilio.com", |
"role": "Developer" |
}, |
{ |
"name": "Anant Narayanan", |
"email": "anant@php.net", |
"role": "Developer" |
} |
], |
"description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", |
"homepage": "https://github.com/firebase/php-jwt" |
} |
] |
/trunk/vendor/composer/autoload_namespaces.php |
---|
New file |
0,0 → 1,9 |
<?php |
// autoload_namespaces.php @generated by Composer |
$vendorDir = dirname(dirname(__FILE__)); |
$baseDir = dirname($vendorDir); |
return array( |
); |
/trunk/vendor/composer/autoload_classmap.php |
---|
New file |
0,0 → 1,13 |
<?php |
// autoload_classmap.php @generated by Composer |
$vendorDir = dirname(dirname(__FILE__)); |
$baseDir = dirname($vendorDir); |
return array( |
'BeforeValidException' => $vendorDir . '/firebase/php-jwt/Firebase/PHP-JWT/Exceptions/BeforeValidException.php', |
'ExpiredException' => $vendorDir . '/firebase/php-jwt/Firebase/PHP-JWT/Exceptions/ExpiredException.php', |
'JWT' => $vendorDir . '/firebase/php-jwt/Firebase/PHP-JWT/Authentication/JWT.php', |
'SignatureInvalidException' => $vendorDir . '/firebase/php-jwt/Firebase/PHP-JWT/Exceptions/SignatureInvalidException.php', |
); |
/trunk/vendor/composer/autoload_real.php |
---|
New file |
0,0 → 1,50 |
<?php |
// autoload_real.php @generated by Composer |
class ComposerAutoloaderInit0300019570b11b0db352635473fb4a22 |
{ |
private static $loader; |
public static function loadClassLoader($class) |
{ |
if ('Composer\Autoload\ClassLoader' === $class) { |
require __DIR__ . '/ClassLoader.php'; |
} |
} |
public static function getLoader() |
{ |
if (null !== self::$loader) { |
return self::$loader; |
} |
spl_autoload_register(array('ComposerAutoloaderInit0300019570b11b0db352635473fb4a22', 'loadClassLoader'), true, true); |
self::$loader = $loader = new \Composer\Autoload\ClassLoader(); |
spl_autoload_unregister(array('ComposerAutoloaderInit0300019570b11b0db352635473fb4a22', 'loadClassLoader')); |
$map = require __DIR__ . '/autoload_namespaces.php'; |
foreach ($map as $namespace => $path) { |
$loader->set($namespace, $path); |
} |
$map = require __DIR__ . '/autoload_psr4.php'; |
foreach ($map as $namespace => $path) { |
$loader->setPsr4($namespace, $path); |
} |
$classMap = require __DIR__ . '/autoload_classmap.php'; |
if ($classMap) { |
$loader->addClassMap($classMap); |
} |
$loader->register(true); |
return $loader; |
} |
} |
function composerRequire0300019570b11b0db352635473fb4a22($file) |
{ |
require $file; |
} |
/trunk/vendor/composer/ClassLoader.php |
---|
New file |
0,0 → 1,413 |
<?php |
/* |
* This file is part of Composer. |
* |
* (c) Nils Adermann <naderman@naderman.de> |
* Jordi Boggiano <j.boggiano@seld.be> |
* |
* For the full copyright and license information, please view the LICENSE |
* file that was distributed with this source code. |
*/ |
namespace Composer\Autoload; |
/** |
* ClassLoader implements a PSR-0 class loader |
* |
* See https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md |
* |
* $loader = new \Composer\Autoload\ClassLoader(); |
* |
* // register classes with namespaces |
* $loader->add('Symfony\Component', __DIR__.'/component'); |
* $loader->add('Symfony', __DIR__.'/framework'); |
* |
* // activate the autoloader |
* $loader->register(); |
* |
* // to enable searching the include path (eg. for PEAR packages) |
* $loader->setUseIncludePath(true); |
* |
* In this example, if you try to use a class in the Symfony\Component |
* namespace or one of its children (Symfony\Component\Console for instance), |
* the autoloader will first look for the class under the component/ |
* directory, and it will then fallback to the framework/ directory if not |
* found before giving up. |
* |
* This class is loosely based on the Symfony UniversalClassLoader. |
* |
* @author Fabien Potencier <fabien@symfony.com> |
* @author Jordi Boggiano <j.boggiano@seld.be> |
*/ |
class ClassLoader |
{ |
// PSR-4 |
private $prefixLengthsPsr4 = array(); |
private $prefixDirsPsr4 = array(); |
private $fallbackDirsPsr4 = array(); |
// PSR-0 |
private $prefixesPsr0 = array(); |
private $fallbackDirsPsr0 = array(); |
private $useIncludePath = false; |
private $classMap = array(); |
private $classMapAuthoritative = false; |
public function getPrefixes() |
{ |
if (!empty($this->prefixesPsr0)) { |
return call_user_func_array('array_merge', $this->prefixesPsr0); |
} |
return array(); |
} |
public function getPrefixesPsr4() |
{ |
return $this->prefixDirsPsr4; |
} |
public function getFallbackDirs() |
{ |
return $this->fallbackDirsPsr0; |
} |
public function getFallbackDirsPsr4() |
{ |
return $this->fallbackDirsPsr4; |
} |
public function getClassMap() |
{ |
return $this->classMap; |
} |
/** |
* @param array $classMap Class to filename map |
*/ |
public function addClassMap(array $classMap) |
{ |
if ($this->classMap) { |
$this->classMap = array_merge($this->classMap, $classMap); |
} else { |
$this->classMap = $classMap; |
} |
} |
/** |
* Registers a set of PSR-0 directories for a given prefix, either |
* appending or prepending to the ones previously set for this prefix. |
* |
* @param string $prefix The prefix |
* @param array|string $paths The PSR-0 root directories |
* @param bool $prepend Whether to prepend the directories |
*/ |
public function add($prefix, $paths, $prepend = false) |
{ |
if (!$prefix) { |
if ($prepend) { |
$this->fallbackDirsPsr0 = array_merge( |
(array) $paths, |
$this->fallbackDirsPsr0 |
); |
} else { |
$this->fallbackDirsPsr0 = array_merge( |
$this->fallbackDirsPsr0, |
(array) $paths |
); |
} |
return; |
} |
$first = $prefix[0]; |
if (!isset($this->prefixesPsr0[$first][$prefix])) { |
$this->prefixesPsr0[$first][$prefix] = (array) $paths; |
return; |
} |
if ($prepend) { |
$this->prefixesPsr0[$first][$prefix] = array_merge( |
(array) $paths, |
$this->prefixesPsr0[$first][$prefix] |
); |
} else { |
$this->prefixesPsr0[$first][$prefix] = array_merge( |
$this->prefixesPsr0[$first][$prefix], |
(array) $paths |
); |
} |
} |
/** |
* Registers a set of PSR-4 directories for a given namespace, either |
* appending or prepending to the ones previously set for this namespace. |
* |
* @param string $prefix The prefix/namespace, with trailing '\\' |
* @param array|string $paths The PSR-0 base directories |
* @param bool $prepend Whether to prepend the directories |
* |
* @throws \InvalidArgumentException |
*/ |
public function addPsr4($prefix, $paths, $prepend = false) |
{ |
if (!$prefix) { |
// Register directories for the root namespace. |
if ($prepend) { |
$this->fallbackDirsPsr4 = array_merge( |
(array) $paths, |
$this->fallbackDirsPsr4 |
); |
} else { |
$this->fallbackDirsPsr4 = array_merge( |
$this->fallbackDirsPsr4, |
(array) $paths |
); |
} |
} elseif (!isset($this->prefixDirsPsr4[$prefix])) { |
// Register directories for a new namespace. |
$length = strlen($prefix); |
if ('\\' !== $prefix[$length - 1]) { |
throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); |
} |
$this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; |
$this->prefixDirsPsr4[$prefix] = (array) $paths; |
} elseif ($prepend) { |
// Prepend directories for an already registered namespace. |
$this->prefixDirsPsr4[$prefix] = array_merge( |
(array) $paths, |
$this->prefixDirsPsr4[$prefix] |
); |
} else { |
// Append directories for an already registered namespace. |
$this->prefixDirsPsr4[$prefix] = array_merge( |
$this->prefixDirsPsr4[$prefix], |
(array) $paths |
); |
} |
} |
/** |
* Registers a set of PSR-0 directories for a given prefix, |
* replacing any others previously set for this prefix. |
* |
* @param string $prefix The prefix |
* @param array|string $paths The PSR-0 base directories |
*/ |
public function set($prefix, $paths) |
{ |
if (!$prefix) { |
$this->fallbackDirsPsr0 = (array) $paths; |
} else { |
$this->prefixesPsr0[$prefix[0]][$prefix] = (array) $paths; |
} |
} |
/** |
* Registers a set of PSR-4 directories for a given namespace, |
* replacing any others previously set for this namespace. |
* |
* @param string $prefix The prefix/namespace, with trailing '\\' |
* @param array|string $paths The PSR-4 base directories |
* |
* @throws \InvalidArgumentException |
*/ |
public function setPsr4($prefix, $paths) |
{ |
if (!$prefix) { |
$this->fallbackDirsPsr4 = (array) $paths; |
} else { |
$length = strlen($prefix); |
if ('\\' !== $prefix[$length - 1]) { |
throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); |
} |
$this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; |
$this->prefixDirsPsr4[$prefix] = (array) $paths; |
} |
} |
/** |
* Turns on searching the include path for class files. |
* |
* @param bool $useIncludePath |
*/ |
public function setUseIncludePath($useIncludePath) |
{ |
$this->useIncludePath = $useIncludePath; |
} |
/** |
* Can be used to check if the autoloader uses the include path to check |
* for classes. |
* |
* @return bool |
*/ |
public function getUseIncludePath() |
{ |
return $this->useIncludePath; |
} |
/** |
* Turns off searching the prefix and fallback directories for classes |
* that have not been registered with the class map. |
* |
* @param bool $classMapAuthoritative |
*/ |
public function setClassMapAuthoritative($classMapAuthoritative) |
{ |
$this->classMapAuthoritative = $classMapAuthoritative; |
} |
/** |
* Should class lookup fail if not found in the current class map? |
* |
* @return bool |
*/ |
public function isClassMapAuthoritative() |
{ |
return $this->classMapAuthoritative; |
} |
/** |
* Registers this instance as an autoloader. |
* |
* @param bool $prepend Whether to prepend the autoloader or not |
*/ |
public function register($prepend = false) |
{ |
spl_autoload_register(array($this, 'loadClass'), true, $prepend); |
} |
/** |
* Unregisters this instance as an autoloader. |
*/ |
public function unregister() |
{ |
spl_autoload_unregister(array($this, 'loadClass')); |
} |
/** |
* Loads the given class or interface. |
* |
* @param string $class The name of the class |
* @return bool|null True if loaded, null otherwise |
*/ |
public function loadClass($class) |
{ |
if ($file = $this->findFile($class)) { |
includeFile($file); |
return true; |
} |
} |
/** |
* Finds the path to the file where the class is defined. |
* |
* @param string $class The name of the class |
* |
* @return string|false The path if found, false otherwise |
*/ |
public function findFile($class) |
{ |
// work around for PHP 5.3.0 - 5.3.2 https://bugs.php.net/50731 |
if ('\\' == $class[0]) { |
$class = substr($class, 1); |
} |
// class map lookup |
if (isset($this->classMap[$class])) { |
return $this->classMap[$class]; |
} |
if ($this->classMapAuthoritative) { |
return false; |
} |
$file = $this->findFileWithExtension($class, '.php'); |
// Search for Hack files if we are running on HHVM |
if ($file === null && defined('HHVM_VERSION')) { |
$file = $this->findFileWithExtension($class, '.hh'); |
} |
if ($file === null) { |
// Remember that this class does not exist. |
return $this->classMap[$class] = false; |
} |
return $file; |
} |
private function findFileWithExtension($class, $ext) |
{ |
// PSR-4 lookup |
$logicalPathPsr4 = strtr($class, '\\', DIRECTORY_SEPARATOR) . $ext; |
$first = $class[0]; |
if (isset($this->prefixLengthsPsr4[$first])) { |
foreach ($this->prefixLengthsPsr4[$first] as $prefix => $length) { |
if (0 === strpos($class, $prefix)) { |
foreach ($this->prefixDirsPsr4[$prefix] as $dir) { |
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $length))) { |
return $file; |
} |
} |
} |
} |
} |
// PSR-4 fallback dirs |
foreach ($this->fallbackDirsPsr4 as $dir) { |
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) { |
return $file; |
} |
} |
// PSR-0 lookup |
if (false !== $pos = strrpos($class, '\\')) { |
// namespaced class name |
$logicalPathPsr0 = substr($logicalPathPsr4, 0, $pos + 1) |
. strtr(substr($logicalPathPsr4, $pos + 1), '_', DIRECTORY_SEPARATOR); |
} else { |
// PEAR-like class name |
$logicalPathPsr0 = strtr($class, '_', DIRECTORY_SEPARATOR) . $ext; |
} |
if (isset($this->prefixesPsr0[$first])) { |
foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) { |
if (0 === strpos($class, $prefix)) { |
foreach ($dirs as $dir) { |
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { |
return $file; |
} |
} |
} |
} |
} |
// PSR-0 fallback dirs |
foreach ($this->fallbackDirsPsr0 as $dir) { |
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { |
return $file; |
} |
} |
// PSR-0 include paths. |
if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) { |
return $file; |
} |
} |
} |
/** |
* Scope isolated include. |
* |
* Prevents access to $this/self from included files. |
*/ |
function includeFile($file) |
{ |
include $file; |
} |
/trunk/vendor/autoload.php |
---|
New file |
0,0 → 1,7 |
<?php |
// autoload.php @generated by Composer |
require_once __DIR__ . '/composer' . '/autoload_real.php'; |
return ComposerAutoloaderInit0300019570b11b0db352635473fb4a22::getLoader(); |
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/.gitignore |
---|
New file |
0,0 → 1,3 |
vendor |
phpunit.phar |
phpunit.phar.asc |
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/.travis.yml |
---|
New file |
0,0 → 1,13 |
language: php |
php: |
- 5.3 |
- 5.4 |
- 5.5 |
- hhvm |
before_script: |
- wget -nc http://getcomposer.org/composer.phar |
- php composer.phar install |
script: phpunit --configuration phpunit.xml.dist |
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/phpunit.xml.dist |
---|
New file |
0,0 → 1,19 |
<?xml version="1.0" encoding="UTF-8"?> |
<phpunit backupGlobals="false" |
backupStaticAttributes="false" |
colors="true" |
convertErrorsToExceptions="true" |
convertNoticesToExceptions="true" |
convertWarningsToExceptions="true" |
processIsolation="false" |
stopOnFailure="false" |
syntaxCheck="false" |
bootstrap="tests/bootstrap.php" |
> |
<testsuites> |
<testsuite name="PHP JSON Web Token Test Suite"> |
<directory>./tests</directory> |
</testsuite> |
</testsuites> |
</phpunit> |
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/package.xml |
---|
New file |
0,0 → 1,77 |
<?xml version="1.0" encoding="UTF-8"?> |
<package packagerversion="1.9.2" version="2.0" xmlns="http://pear.php.net/dtd/package-2.0" xmlns:tasks="http://pear.php.net/dtd/tasks-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://pear.php.net/dtd/tasks-1.0 |
http://pear.php.net/dtd/tasks-1.0.xsd |
http://pear.php.net/dtd/package-2.0 |
http://pear.php.net/dtd/package-2.0.xsd"> |
<name>JWT</name> |
<channel>pear.php.net</channel> |
<summary>A JWT encoder/decoder.</summary> |
<description>A JWT encoder/decoder library for PHP.</description> |
<lead> |
<name>Neuman Vong</name> |
<user>lcfrs</user> |
<email>neuman+pear@twilio.com</email> |
<active>yes</active> |
</lead> |
<lead> |
<name>Anant Narayanan</name> |
<user>anant</user> |
<email>anant@php.net</email> |
<active>yes</active> |
</lead> |
<date>2015-04-01</date> |
<version> |
<release>2.0.0</release> |
<api>2.0.0</api> |
</version> |
<stability> |
<release>beta</release> |
<api>beta</api> |
</stability> |
<license uri="http://opensource.org/licenses/BSD-3-Clause">BSD 3-Clause License</license> |
<notes> |
Initial release with basic support for JWT encoding, decoding and signature verification. |
</notes> |
<contents> |
<dir baseinstalldir="/" name="/"> |
<dir name="tests"> |
<file name="JWTTest.php" role="test" /> |
</dir> |
<file name="Authentication/JWT.php" role="php" /> |
</dir> |
</contents> |
<dependencies> |
<required> |
<php> |
<min>5.1</min> |
</php> |
<pearinstaller> |
<min>1.7.0</min> |
</pearinstaller> |
<extension> |
<name>json</name> |
</extension> |
<extension> |
<name>hash</name> |
</extension> |
</required> |
</dependencies> |
<phprelease /> |
<changelog> |
<release> |
<version> |
<release>0.1.0</release> |
<api>0.1.0</api> |
</version> |
<stability> |
<release>beta</release> |
<api>beta</api> |
</stability> |
<date>2015-04-01</date> |
<license uri="http://opensource.org/licenses/BSD-3-Clause">BSD 3-Clause License</license> |
<notes> |
Initial release with basic support for JWT encoding, decoding and signature verification. |
</notes> |
</release> |
</changelog> |
</package> |
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/README.md |
---|
New file |
0,0 → 1,66 |
[![Build Status](https://travis-ci.org/firebase/php-jwt.png?branch=master)](https://travis-ci.org/firebase/php-jwt) |
PHP-JWT |
======= |
A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should |
conform to the [current spec](http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06) |
Installation |
------------ |
Use composer to manage your dependencies and download PHP-JWT: |
```bash |
composer require firebase/php-jwt |
``` |
Example |
------- |
```php |
<?php |
$key = "example_key"; |
$token = array( |
"iss" => "http://example.org", |
"aud" => "http://example.com", |
"iat" => 1356999524, |
"nbf" => 1357000000 |
); |
/** |
* IMPORTANT: |
* You must specify supported algorithms for your application. See |
* https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40 |
* for a list of spec-compliant algorithms. |
*/ |
$jwt = JWT::encode($token, $key); |
$decoded = JWT::decode($jwt, $key, array('HS256')); |
print_r($decoded); |
/* |
NOTE: This will now be an object instead of an associative array. To get |
an associative array, you will need to cast it as such: |
*/ |
$decoded_array = (array) $decoded; |
?> |
``` |
Tests |
----- |
Run the tests using phpunit: |
```bash |
$ pear install PHPUnit |
$ phpunit --configuration phpunit.xml.dist |
PHPUnit 3.7.10 by Sebastian Bergmann. |
..... |
Time: 0 seconds, Memory: 2.50Mb |
OK (5 tests, 5 assertions) |
``` |
License |
------- |
[3-Clause BSD](http://opensource.org/licenses/BSD-3-Clause). |
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/run-tests.sh |
---|
New file |
0,0 → 1,38 |
#!/usr/bin/env bash |
gpg --fingerprint D8406D0D82947747293778314AA394086372C20A |
if [ $? -ne 0 ]; then |
echo -e "\033[33mDownloading PGP Public Key...\033[0m" |
gpg --recv-keys D8406D0D82947747293778314AA394086372C20A |
# Sebastian Bergmann <sb@sebastian-bergmann.de> |
gpg --fingerprint D8406D0D82947747293778314AA394086372C20A |
if [ $? -ne 0 ]; then |
echo -e "\033[31mCould not download PGP public key for verification\033[0m" |
exit |
fi |
fi |
# Let's grab the latest release and its signature |
if [ ! -f phpunit.phar ]; then |
wget https://phar.phpunit.de/phpunit.phar |
fi |
if [ ! -f phpunit.phar.asc ]; then |
wget https://phar.phpunit.de/phpunit.phar.asc |
fi |
# Verify before running |
gpg --verify phpunit.phar.asc phpunit.phar |
if [ $? -eq 0 ]; then |
echo |
echo -e "\033[33mBegin Unit Testing\033[0m" |
# Run the testing suite |
php --version |
php phpunit.phar --configuration phpunit.xml.dist |
else |
echo |
chmod -x phpunit.phar |
mv phpunit.phar /tmp/bad-phpunit.phar |
mv phpunit.phar.asc /tmp/bad-phpunit.phar.asc |
echo -e "\033[31mSignature did not match! PHPUnit has been moved to /tmp/bad-phpunit.phar\033[0m" |
exit 1 |
fi |
Property changes: |
Added: svn:executable |
+* |
\ No newline at end of property |
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/Authentication/JWT.php |
---|
New file |
0,0 → 1,326 |
<?php |
/** |
* JSON Web Token implementation, based on this spec: |
* http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06 |
* |
* PHP version 5 |
* |
* @category Authentication |
* @package Authentication_JWT |
* @author Neuman Vong <neuman@twilio.com> |
* @author Anant Narayanan <anant@php.net> |
* @license http://opensource.org/licenses/BSD-3-Clause 3-clause BSD |
* @link https://github.com/firebase/php-jwt |
*/ |
class JWT |
{ |
public static $supported_algs = array( |
'HS256' => array('hash_hmac', 'SHA256'), |
'HS512' => array('hash_hmac', 'SHA512'), |
'HS384' => array('hash_hmac', 'SHA384'), |
'RS256' => array('openssl', 'SHA256'), |
); |
/** |
* Decodes a JWT string into a PHP object. |
* |
* @param string $jwt The JWT |
* @param string|Array|null $key The secret key, or map of keys |
* @param Array $allowed_algs List of supported verification algorithms |
* |
* @return object The JWT's payload as a PHP object |
* |
* @throws DomainException Algorithm was not provided |
* @throws UnexpectedValueException Provided JWT was invalid |
* @throws SignatureInvalidException Provided JWT was invalid because the signature verification failed |
* @throws BeforeValidException Provided JWT is trying to be used before it's eligible as defined by 'nbf' |
* @throws BeforeValidException Provided JWT is trying to be used before it's been created as defined by 'iat' |
* @throws ExpiredException Provided JWT has since expired, as defined by the 'exp' claim |
* |
* @uses jsonDecode |
* @uses urlsafeB64Decode |
*/ |
public static function decode($jwt, $key = null, $allowed_algs = array()) |
{ |
$tks = explode('.', $jwt); |
if (count($tks) != 3) { |
throw new UnexpectedValueException('Wrong number of segments'); |
} |
list($headb64, $bodyb64, $cryptob64) = $tks; |
if (null === ($header = JWT::jsonDecode(JWT::urlsafeB64Decode($headb64)))) { |
throw new UnexpectedValueException('Invalid header encoding'); |
} |
if (null === $payload = JWT::jsonDecode(JWT::urlsafeB64Decode($bodyb64))) { |
throw new UnexpectedValueException('Invalid claims encoding'); |
} |
$sig = JWT::urlsafeB64Decode($cryptob64); |
if (isset($key)) { |
if (empty($header->alg)) { |
throw new DomainException('Empty algorithm'); |
} |
if (empty(self::$supported_algs[$header->alg])) { |
throw new DomainException('Algorithm not supported'); |
} |
if (!is_array($allowed_algs) || !in_array($header->alg, $allowed_algs)) { |
throw new DomainException('Algorithm not allowed'); |
} |
if (is_array($key)) { |
if (isset($header->kid)) { |
$key = $key[$header->kid]; |
} else { |
throw new DomainException('"kid" empty, unable to lookup correct key'); |
} |
} |
// Check the signature |
if (!JWT::verify("$headb64.$bodyb64", $sig, $key, $header->alg)) { |
throw new SignatureInvalidException('Signature verification failed'); |
} |
// Check if the nbf if it is defined. This is the time that the |
// token can actually be used. If it's not yet that time, abort. |
if (isset($payload->nbf) && $payload->nbf > time()) { |
throw new BeforeValidException( |
'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf) |
); |
} |
// Check that this token has been created before 'now'. This prevents |
// using tokens that have been created for later use (and haven't |
// correctly used the nbf claim). |
if (isset($payload->iat) && $payload->iat > time()) { |
throw new BeforeValidException( |
'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->iat) |
); |
} |
// Check if this token has expired. |
if (isset($payload->exp) && time() >= $payload->exp) { |
throw new ExpiredException('Expired token'); |
} |
} |
return $payload; |
} |
/** |
* Converts and signs a PHP object or array into a JWT string. |
* |
* @param object|array $payload PHP object or array |
* @param string $key The secret key |
* @param string $alg The signing algorithm. Supported |
* algorithms are 'HS256', 'HS384' and 'HS512' |
* |
* @return string A signed JWT |
* @uses jsonEncode |
* @uses urlsafeB64Encode |
*/ |
public static function encode($payload, $key, $alg = 'HS256', $keyId = null) |
{ |
$header = array('typ' => 'JWT', 'alg' => $alg); |
if ($keyId !== null) { |
$header['kid'] = $keyId; |
} |
$segments = array(); |
$segments[] = JWT::urlsafeB64Encode(JWT::jsonEncode($header)); |
$segments[] = JWT::urlsafeB64Encode(JWT::jsonEncode($payload)); |
$signing_input = implode('.', $segments); |
$signature = JWT::sign($signing_input, $key, $alg); |
$segments[] = JWT::urlsafeB64Encode($signature); |
return implode('.', $segments); |
} |
/** |
* Sign a string with a given key and algorithm. |
* |
* @param string $msg The message to sign |
* @param string|resource $key The secret key |
* @param string $alg The signing algorithm. Supported algorithms |
* are 'HS256', 'HS384', 'HS512' and 'RS256' |
* |
* @return string An encrypted message |
* @throws DomainException Unsupported algorithm was specified |
*/ |
public static function sign($msg, $key, $alg = 'HS256') |
{ |
if (empty(self::$supported_algs[$alg])) { |
throw new DomainException('Algorithm not supported'); |
} |
list($function, $algorithm) = self::$supported_algs[$alg]; |
switch($function) { |
case 'hash_hmac': |
return hash_hmac($algorithm, $msg, $key, true); |
case 'openssl': |
$signature = ''; |
$success = openssl_sign($msg, $signature, $key, $algorithm); |
if (!$success) { |
throw new DomainException("OpenSSL unable to sign data"); |
} else { |
return $signature; |
} |
} |
} |
/** |
* Verify a signature with the mesage, key and method. Not all methods |
* are symmetric, so we must have a separate verify and sign method. |
* @param string $msg the original message |
* @param string $signature |
* @param string|resource $key for HS*, a string key works. for RS*, must be a resource of an openssl public key |
* @param string $alg |
* @return bool |
* @throws DomainException Invalid Algorithm or OpenSSL failure |
*/ |
private static function verify($msg, $signature, $key, $alg) |
{ |
if (empty(self::$supported_algs[$alg])) { |
throw new DomainException('Algorithm not supported'); |
} |
list($function, $algorithm) = self::$supported_algs[$alg]; |
switch($function) { |
case 'openssl': |
$success = openssl_verify($msg, $signature, $key, $algorithm); |
if (!$success) { |
throw new DomainException("OpenSSL unable to verify data: " . openssl_error_string()); |
} else { |
return $signature; |
} |
case 'hash_hmac': |
default: |
$hash = hash_hmac($algorithm, $msg, $key, true); |
if (function_exists('hash_equals')) { |
return hash_equals($signature, $hash); |
} |
$len = min(self::safeStrlen($signature), self::safeStrlen($hash)); |
$status = 0; |
for ($i = 0; $i < $len; $i++) { |
$status |= (ord($signature[$i]) ^ ord($hash[$i])); |
} |
$status |= (self::safeStrlen($signature) ^ self::safeStrlen($hash)); |
return ($status === 0); |
} |
} |
/** |
* Decode a JSON string into a PHP object. |
* |
* @param string $input JSON string |
* |
* @return object Object representation of JSON string |
* @throws DomainException Provided string was invalid JSON |
*/ |
public static function jsonDecode($input) |
{ |
if (version_compare(PHP_VERSION, '5.4.0', '>=') && !(defined('JSON_C_VERSION') && PHP_INT_SIZE > 4)) { |
/** In PHP >=5.4.0, json_decode() accepts an options parameter, that allows you |
* to specify that large ints (like Steam Transaction IDs) should be treated as |
* strings, rather than the PHP default behaviour of converting them to floats. |
*/ |
$obj = json_decode($input, false, 512, JSON_BIGINT_AS_STRING); |
} else { |
/** Not all servers will support that, however, so for older versions we must |
* manually detect large ints in the JSON string and quote them (thus converting |
*them to strings) before decoding, hence the preg_replace() call. |
*/ |
$max_int_length = strlen((string) PHP_INT_MAX) - 1; |
$json_without_bigints = preg_replace('/:\s*(-?\d{'.$max_int_length.',})/', ': "$1"', $input); |
$obj = json_decode($json_without_bigints); |
} |
if (function_exists('json_last_error') && $errno = json_last_error()) { |
JWT::handleJsonError($errno); |
} elseif ($obj === null && $input !== 'null') { |
throw new DomainException('Null result with non-null input'); |
} |
return $obj; |
} |
/** |
* Encode a PHP object into a JSON string. |
* |
* @param object|array $input A PHP object or array |
* |
* @return string JSON representation of the PHP object or array |
* @throws DomainException Provided object could not be encoded to valid JSON |
*/ |
public static function jsonEncode($input) |
{ |
$json = json_encode($input); |
if (function_exists('json_last_error') && $errno = json_last_error()) { |
JWT::handleJsonError($errno); |
} elseif ($json === 'null' && $input !== null) { |
throw new DomainException('Null result with non-null input'); |
} |
return $json; |
} |
/** |
* Decode a string with URL-safe Base64. |
* |
* @param string $input A Base64 encoded string |
* |
* @return string A decoded string |
*/ |
public static function urlsafeB64Decode($input) |
{ |
$remainder = strlen($input) % 4; |
if ($remainder) { |
$padlen = 4 - $remainder; |
$input .= str_repeat('=', $padlen); |
} |
return base64_decode(strtr($input, '-_', '+/')); |
} |
/** |
* Encode a string with URL-safe Base64. |
* |
* @param string $input The string you want encoded |
* |
* @return string The base64 encode of what you passed in |
*/ |
public static function urlsafeB64Encode($input) |
{ |
return str_replace('=', '', strtr(base64_encode($input), '+/', '-_')); |
} |
/** |
* Helper method to create a JSON error. |
* |
* @param int $errno An error number from json_last_error() |
* |
* @return void |
*/ |
private static function handleJsonError($errno) |
{ |
$messages = array( |
JSON_ERROR_DEPTH => 'Maximum stack depth exceeded', |
JSON_ERROR_CTRL_CHAR => 'Unexpected control character found', |
JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON' |
); |
throw new DomainException( |
isset($messages[$errno]) |
? $messages[$errno] |
: 'Unknown JSON error: ' . $errno |
); |
} |
/** |
* Get the number of bytes in cryptographic strings. |
* |
* @param string |
* @return int |
*/ |
private static function safeStrlen($str) |
{ |
if (function_exists('mb_strlen')) { |
return mb_strlen($str, '8bit'); |
} |
return strlen($str); |
} |
} |
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/composer.json |
---|
New file |
0,0 → 1,27 |
{ |
"name": "firebase/php-jwt", |
"description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", |
"homepage": "https://github.com/firebase/php-jwt", |
"authors": [ |
{ |
"name": "Neuman Vong", |
"email": "neuman+pear@twilio.com", |
"role": "Developer" |
}, |
{ |
"name": "Anant Narayanan", |
"email": "anant@php.net", |
"role": "Developer" |
} |
], |
"version": "2.0.0", |
"license": "BSD-3-Clause", |
"require": { |
"php": ">=5.2.0" |
}, |
"autoload": { |
"classmap": ["Authentication/", "Exceptions/"] |
}, |
"target-dir": "Firebase/PHP-JWT", |
"minimum-stability": "dev" |
} |
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/Exceptions/ExpiredException.php |
---|
New file |
0,0 → 1,6 |
<?php |
class ExpiredException extends UnexpectedValueException |
{ |
} |
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/Exceptions/BeforeValidException.php |
---|
New file |
0,0 → 1,6 |
<?php |
class BeforeValidException extends UnexpectedValueException |
{ |
} |
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/Exceptions/SignatureInvalidException.php |
---|
New file |
0,0 → 1,6 |
<?php |
class SignatureInvalidException extends UnexpectedValueException |
{ |
} |
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/LICENSE |
---|
New file |
0,0 → 1,30 |
Copyright (c) 2011, Neuman Vong |
All rights reserved. |
Redistribution and use in source and binary forms, with or without |
modification, are permitted provided that the following conditions are met: |
* Redistributions of source code must retain the above copyright |
notice, this list of conditions and the following disclaimer. |
* Redistributions in binary form must reproduce the above |
copyright notice, this list of conditions and the following |
disclaimer in the documentation and/or other materials provided |
with the distribution. |
* Neither the name of Neuman Vong nor the names of other |
contributors may be used to endorse or promote products derived |
from this software without specific prior written permission. |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/tests/autoload.php.dist |
---|
New file |
0,0 → 1,17 |
<?php |
// if the library is the project, try to use the composer's autoload for the tests |
$composerAutoload = __DIR__ . '/../vendor/autoload.php'; |
if (is_file($composerAutoload)) { |
include $composerAutoload; |
} else { |
die('Unable to find autoload.php file, please use composer to load dependencies: |
wget http://getcomposer.org/composer.phar |
php composer.phar install |
Visit http://getcomposer.org/ for more information. |
'); |
} |
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/tests/bootstrap.php |
---|
New file |
0,0 → 1,7 |
<?php |
if (file_exists($file = __DIR__ . '/autoload.php')) { |
require_once $file; |
} elseif (file_exists($file = __DIR__ . '/autoload.php.dist')) { |
require_once $file; |
} |
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/tests/JWTTest.php |
---|
New file |
0,0 → 1,150 |
<?php |
class JWTTest extends PHPUnit_Framework_TestCase |
{ |
public function testEncodeDecode() |
{ |
$msg = JWT::encode('abc', 'my_key'); |
$this->assertEquals(JWT::decode($msg, 'my_key', array('HS256')), 'abc'); |
} |
public function testDecodeFromPython() |
{ |
$msg = 'eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.Iio6aHR0cDovL2FwcGxpY2F0aW9uL2NsaWNreT9ibGFoPTEuMjMmZi5vbz00NTYgQUMwMDAgMTIzIg.E_U8X2YpMT5K1cEiT_3-IvBYfrdIFIeVYeOqre_Z5Cg'; |
$this->assertEquals( |
JWT::decode($msg, 'my_key', array('HS256')), |
'*:http://application/clicky?blah=1.23&f.oo=456 AC000 123' |
); |
} |
public function testUrlSafeCharacters() |
{ |
$encoded = JWT::encode('f?', 'a'); |
$this->assertEquals('f?', JWT::decode($encoded, 'a', array('HS256'))); |
} |
public function testMalformedUtf8StringsFail() |
{ |
$this->setExpectedException('DomainException'); |
JWT::encode(pack('c', 128), 'a'); |
} |
public function testMalformedJsonThrowsException() |
{ |
$this->setExpectedException('DomainException'); |
JWT::jsonDecode('this is not valid JSON string'); |
} |
public function testExpiredToken() |
{ |
$this->setExpectedException('ExpiredException'); |
$payload = array( |
"message" => "abc", |
"exp" => time() - 20); // time in the past |
$encoded = JWT::encode($payload, 'my_key'); |
JWT::decode($encoded, 'my_key', array('HS256')); |
} |
public function testBeforeValidTokenWithNbf() |
{ |
$this->setExpectedException('BeforeValidException'); |
$payload = array( |
"message" => "abc", |
"nbf" => time() + 20); // time in the future |
$encoded = JWT::encode($payload, 'my_key'); |
JWT::decode($encoded, 'my_key', array('HS256')); |
} |
public function testBeforeValidTokenWithIat() |
{ |
$this->setExpectedException('BeforeValidException'); |
$payload = array( |
"message" => "abc", |
"iat" => time() + 20); // time in the future |
$encoded = JWT::encode($payload, 'my_key'); |
JWT::decode($encoded, 'my_key', array('HS256')); |
} |
public function testValidToken() |
{ |
$payload = array( |
"message" => "abc", |
"exp" => time() + 20); // time in the future |
$encoded = JWT::encode($payload, 'my_key'); |
$decoded = JWT::decode($encoded, 'my_key', array('HS256')); |
$this->assertEquals($decoded->message, 'abc'); |
} |
public function testValidTokenWithList() |
{ |
$payload = array( |
"message" => "abc", |
"exp" => time() + 20); // time in the future |
$encoded = JWT::encode($payload, 'my_key'); |
$decoded = JWT::decode($encoded, 'my_key', array('HS256', 'HS512')); |
$this->assertEquals($decoded->message, 'abc'); |
} |
public function testValidTokenWithNbf() |
{ |
$payload = array( |
"message" => "abc", |
"iat" => time(), |
"exp" => time() + 20, // time in the future |
"nbf" => time() - 20); |
$encoded = JWT::encode($payload, 'my_key'); |
$decoded = JWT::decode($encoded, 'my_key', array('HS256')); |
$this->assertEquals($decoded->message, 'abc'); |
} |
public function testInvalidToken() |
{ |
$payload = array( |
"message" => "abc", |
"exp" => time() + 20); // time in the future |
$encoded = JWT::encode($payload, 'my_key'); |
$this->setExpectedException('SignatureInvalidException'); |
$decoded = JWT::decode($encoded, 'my_key2', array('HS256')); |
} |
public function testRSEncodeDecode() |
{ |
$privKey = openssl_pkey_new(array('digest_alg' => 'sha256', |
'private_key_bits' => 1024, |
'private_key_type' => OPENSSL_KEYTYPE_RSA)); |
$msg = JWT::encode('abc', $privKey, 'RS256'); |
$pubKey = openssl_pkey_get_details($privKey); |
$pubKey = $pubKey['key']; |
$decoded = JWT::decode($msg, $pubKey, array('RS256')); |
$this->assertEquals($decoded, 'abc'); |
} |
public function testKIDChooser() |
{ |
$keys = array('1' => 'my_key', '2' => 'my_key2'); |
$msg = JWT::encode('abc', $keys['1'], 'HS256', '1'); |
$decoded = JWT::decode($msg, $keys, array('HS256')); |
$this->assertEquals($decoded, 'abc'); |
} |
public function testNoneAlgorithm() |
{ |
$msg = JWT::encode('abc', 'my_key'); |
$this->setExpectedException('DomainException'); |
JWT::decode($msg, 'my_key', array('none')); |
} |
public function testIncorrectAlgorithm() |
{ |
$msg = JWT::encode('abc', 'my_key'); |
$this->setExpectedException('DomainException'); |
JWT::decode($msg, 'my_key', array('RS256')); |
} |
public function testMissingAlgorithm() |
{ |
$msg = JWT::encode('abc', 'my_key'); |
$this->setExpectedException('DomainException'); |
JWT::decode($msg, 'my_key'); |
} |
} |
/trunk/composer.json |
---|
New file |
0,0 → 1,5 |
{ |
"require": { |
"firebase/php-jwt": "^2.0" |
} |
} |