Subversion Repositories Applications.annuaire

Compare Revisions

No changes between revisions

Ignore whitespace Rev 535 → Rev 536

/trunk/composer.json
New file
0,0 → 1,5
{
"require": {
"firebase/php-jwt": "^2.0"
}
}
/trunk/composer.lock
New file
0,0 → 1,63
{
"_readme": [
"This file locks the dependencies of your project to a known state",
"Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"hash": "cfb698d38891e70ac902b10544ba6bd0",
"packages": [
{
"name": "firebase/php-jwt",
"version": "2.0.0",
"target-dir": "Firebase/PHP-JWT",
"source": {
"type": "git",
"url": "https://github.com/firebase/php-jwt.git",
"reference": "ffcfd888ce1e4f2d70cac2dc9b7301038332fe57"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/firebase/php-jwt/zipball/ffcfd888ce1e4f2d70cac2dc9b7301038332fe57",
"reference": "ffcfd888ce1e4f2d70cac2dc9b7301038332fe57",
"shasum": ""
},
"require": {
"php": ">=5.2.0"
},
"type": "library",
"autoload": {
"classmap": [
"Authentication/",
"Exceptions/"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause"
],
"authors": [
{
"name": "Neuman Vong",
"email": "neuman+pear@twilio.com",
"role": "Developer"
},
{
"name": "Anant Narayanan",
"email": "anant@php.net",
"role": "Developer"
}
],
"description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
"homepage": "https://github.com/firebase/php-jwt",
"time": "2015-04-01 18:46:38"
}
],
"packages-dev": [],
"aliases": [],
"minimum-stability": "stable",
"stability-flags": [],
"prefer-stable": false,
"prefer-lowest": false,
"platform": [],
"platform-dev": []
}
/trunk/scripts/modules/mail/Mail.php
45,7 → 45,7
$retour = $this->traiterMailsEnAttente();
break;
// TODO: case supplémentaire pour traiter un mail par son id ?
// TODO: option "force" pour traiter les mails quelques soient leur statut ?
// TODO: option "force" pour traiter les mails quel que soit leur statut ?
default:
}
/trunk/jrest/bibliotheque/JRestService.php
57,7 → 57,7
}
 
//+----------------------------------------------------------------------------------------------------------------+
// GESTION de l'ENVOIE au NAVIGATEUR
// GESTION de l'ENVOI au NAVIGATEUR pas la PEINE de CRIER
 
protected function envoyerJson($donnees, $encodage = 'utf-8') {
$contenu = json_encode($donnees);
333,6 → 333,7
return $autorisation;
}
 
// WTF coel en dur ??
private function gererIdentificationPermanente() {
// Pour maintenir l'utilisateur tjrs réellement identifié nous sommes obligé de recréer une SESSION et de le recharger depuis la bdd
if ($this->getUtilisateur() == ''
342,6 → 343,7
}
}
 
// WTF coel en dur ??
protected function getUtilisateur() {
return (isset($_SESSION['coel_utilisateur']) ? $_SESSION['coel_utilisateur'] : '');
}
/trunk/jrest/clef-auth.defaut.ini
New file
0,0 → 1,0
)À3 RÈNJppÀ(=Va30iX'RÙ'A"'*x "cr"çà808Zre"3
/trunk/jrest/jrest.ini.defaut.php
45,6 → 45,15
; ADMIN
[jrest_admin]
admin = aurelien@tela-botanica.org,david.delon@clapas.net,jpm@tela-botanica.org,marie@tela-botanica.org
; Liste des ips (nom de domaine) autorisés à accéder aux services de DEL
; Liste des ips (nom de domaine) autorisés à accéder aux services
ip_autorisees = "127.0.0.1, 193.54.123.169, 193.54.123.216, 162.38.234.6"
 
; AUTH (SSO)
[auth]
; si true, refusera toute connexion non-HTTPS
forcer_ssl = true
nom_cookie = tb_auth
duree_cookie = 31536000
duree_jeton = 900
 
;*/?>
/trunk/jrest/services/Auth.php
New file
0,0 → 1,592
<?php
 
// composer
require_once '../vendor/autoload.php';
 
/**
* Tentative de service d'authentification / SSO bien organisé
* @author mathias
* © Tela Botanica 2015
*
* @TODO se baser sur autre chose que JRest qui est obsolète
*/
class Auth extends JRestService {
 
/** Clef utilisée pour signer les jetons JWT */
private $clef;
 
/** Si true, refusera une connexion non-HTTPS */
protected $forcerSSL = true;
 
/** Durée en secondes du jeton (doit être faible en l'absence de mécanisme d'invalidation) */
protected $dureeJeton = 900;
 
/** Durée en secondes du cookie */
protected $dureeCookie = 31536000; // 3600 * 24 * 365
 
/** Nom du cookie */
protected $nomCookie = "this_is_not_a_good_cookie_name";
 
public function __construct($config, $demarrer_session = true) {
parent::__construct($config, $demarrer_session);
$this->clef = file_get_contents("clef-auth.ini");
if (strlen($this->clef) < 16) {
throw new Exception("Clef trop courte - placez une clef d'au moins 16 caractères dans configurations/clef-auth.ini");
}
$this->forcerSSL = ($this->config['auth']['forcer_ssl'] == "1");
$this->dureeJeton = $this->config['auth']['duree_jeton'];
$this->dureeCookie = $this->config['auth']['duree_cookie'];
$this->nomCookie = $this->config['auth']['nom_cookie'];
}
 
/**
* Notice d'utilisation succincte
* @TODO essayer de choisir entre anglais et français
*/
protected function infosService() {
$uri = $this->config['settings']['baseAlternativeURL'];
if ($uri == '') {
$uri = $this->config['settings']['baseURL'];
}
$uri = $uri . "auth/";
 
$infos = array(
'service' => 'TelaBotanica/annuaire/auth',
'methodes' => array(
'connexion' => array(
"uri" => $uri . "connexion",
"parametres" => array(
"login" => "adresse email (ex: name@domain.com)",
"password" => "mot de passe"
),
"alias" => $uri . "login",
"description" => "connexion avec login et mot de passe; renvoie un jeton et un cookie " . $this->nomCookie
),
'deconnexion' => array(
"uri" => $uri . "deconnexion",
"parametres" => null,
"alias" => $uri . "logout",
"description" => "déconnexion; renvoie un jeton null et supprime le cookie " . $this->nomCookie
),
'identite' => array(
"uri" => $uri . "identite",
"parametres" => array(
"token" => "jeton JWT (facultatif)",
),
"alias" => array(
$uri . "identity",
$uri . "rafraichir",
$uri . "refresh"
),
"description" => "confirme l'authentification et la session; rafraîchit le jeton fourni (dans le cookie " . $this->nomCookie . " ou en paramètre)"
),
'verifierjeton' => array(
"uri" => $uri . "identite",
"parametres" => array(
"token" => "jeton JWT",
),
"alias" => $uri . "verifytoken",
"description" => "retourne true si le jeton fourni en paramètre est valide, une erreur sinon"
)
)
);
$this->envoyerJson($infos);
}
 
/**
* Lorsqu'appelé sans éléments d'URL (service:annuaire:auth);
* les paramètres GET sont ignorés
*/
public function getRessource() {
//echo "get ressource\n";
$this->infosService();
}
 
/**
* Lorsqu'appelé avec des éléments d'URL (service:annuaire:auth/machin/chose);
* les paramètres GET sont ignorés
*
* @param array $ressources les éléments d'URL
*/
public function getElement($ressources) {
// Achtétépéèch portouguech
$this->verifierSSL();
//echo "get element\n";
//var_dump($ressources);
// le premier paramètre d'URL définit la méthode (non-magique)
if (count($ressources) > 0) {
switch ($ressources[0]) {
case 'login':
case 'connexion':
$this->connexion($ressources);
break;
case 'logout':
case 'deconnexion':
$this->deconnexion();
break;
case 'identity':
case 'identite':
case 'rafraichir':
case 'refresh':
$this->identite();
break;
case 'verifytoken':
case 'verifierjeton':
$this->verifierJeton();
break;
case 'info':
default:
$this->infosService();
}
}
}
 
/**
* Lors d'un POST avec au moins une donnée dans le body (data);
* les paramètres GET sont ignorés
* @TODO faire un point d'entrée POST qui renvoie vers les méthodes GET
*
* @param array $ressources les éléments d'URL
* @param array $pairs les paramètres POST
*/
public function updateElement($ressources, $pairs) {
//echo "update element\n";
//var_dump($ressources);
//var_dump($pairs);
$this->nonImplemente();
}
 
/**
* Lors d'un PUT (les éléments d'URL sont ignorés) ou d'un POST avec au moins
* un élément d'URL; dans tous les cas les paramètres GET sont ignorés
*
* @param array $pairs les paramètres POST
*/
public function createElement($pairs) {
//echo "create element\n";
//var_dump($pairs);
$this->nonImplemente();
}
 
/**
* Lors d'un DELETE avec au moins un élément d'URL
* @TODO utiliser pour invalider un jeton (nécessite stockage)
*
* @param array $ressources les éléments d'URL
*/
public function deleteElement($ressources) {
//echo "delete element\n";
//var_dump($ressources);
$this->nonImplemente();
}
 
/**
* Vérifie l'identité d'un utilisateur à partir de son courriel et son
* mot de passe ou d'un cookie; lui accorde un jeton et un cookie si
* tout va bien, sinon renvoie une erreur
*
* @param array $ressources non utilisé
*/
protected function connexion($ressources) {
$login = $this->getParam('login');
$password = $this->getParam('password', null);
if ($login == '' || $password == '') {
$this->erreur("parameters <login> and <password> required");
}
// vérification login / password
$acces = $this->verifierAcces($login, $password);
if ($acces === false) {
$this->erreur("authentication failed");
}
// infos utilisateur
$util = new Utilisateur($this->config);
$infos = $util->getIdentiteParCourriel($login);
if (count($infos) == 0 || empty($infos[$login])) {
$this->erreur("could not get user info");
}
// création du jeton
$jwt = $this->creerjeton($login, $infos[$login]);
// création du cookie
$this->creerCookie($jwt);
// envoi
$this->envoyerJson(array(
"session" => true,
"token" => $jwt
));
}
 
/**
* Détruit le cookie et renvoie un jeton vide ou NULL - le client
* devrait toujours remplacer son jeton par celui renvoyé par les
* méthodes de l'annuaire
*/
protected function deconnexion() {
// suppression du cookie
$this->detruireCookie();
// envoi d'un jeton vide @TODO évaluer cette méthode
// par rapport à renvoyer simplement NULL comme jeton
/*$jetonVide = array(
"iss" => "https://www.tela-botanica.org",
"sub" => null, // id utilisateur - ou courriel ?
"iat" => time(),
"exp" => time(), // @TODO trouver mieux
"scopes" => array("tela-botanica.org")
);
$jwt = JWT::encode($jetonVide, $this->clef);*/
$jwt = null;
$this->envoyerJson(array(
"session" => false,
"token" => $jwt
));
}
 
/**
* Renvoie un jeton rafraîchi (durée de validité augmentée de $this->dureeJeton
* si l'utilisateur est reconnu comme détenteur d'une session active (cookie valide
* ou jeton valide); renvoie une erreur si le cookie et/ou le jeton sont expirés;
* le cookie est prioritaire sur le paramètre "token" @TODO vérifier cette stratégie
*/
protected function identite() {
$cookieAvecJetonValide = false;
$jetonRetour = null;
$erreur = '';
// lire cookie
if (isset($_COOKIE[$this->nomCookie])) {
$jwt = $_COOKIE[$this->nomCookie];
try {
// rafraîchir jeton quelque soit son état - "true" permet
// d'ignorer les ExpiredException (on rafraîchit le jeton
// expiré car le cookie est encore valide)
$jetonRetour = $this->rafraichirJeton($jwt, true);
// on ne tentera pas de lire un jeton fourni en paramètre
$cookieAvecJetonValide = true;
} catch (Exception $e) {
// si le rafraîchissement a échoué (jeton invalide - hors expiration - ou vide)
// on ne fait rien et on tente la suite (jeton fourni hors cookie ?)
$erreur = "invalid token in cookie";
}
}
// si le cookie n'existait pas ou ne contenait pas un jeton
if (! $cookieAvecJetonValide) {
// lire jeton
$jwt = $this->getParam('token');
if ($jwt != null) {
try {
// rafraîchir jeton si non expiré
$jetonRetour = $this->rafraichirJeton($jwt);
} catch (Exception $e) {
// si le rafraîchissement a échoué (jeton invalide, expiré ou vide)
$erreur = "invalid or expired token in parameter";
}
} else {
// pas de jeton valide passé en paramètre
$erreur = ($erreur == "" ? "no token or cookie" : "invalid token in cookie; invalid or expired token in parameter");
}
}
// renvoi jeton
if ($jetonRetour === null) {
$this->erreur($erreur);
} else {
$this->envoyerJson(array(
"session" => true,
"token" => $jetonRetour
));
}
}
 
/**
* Vérifie si un jeton est valide; retourne true si oui, une erreur avec
* des détails si non
*/
protected function verifierJeton() {
// vérifie que le jeton provient bien d'ici,
// et qu'il est encore valide (date)
$jwt = $this->getParam('token');
if ($jwt == '') {
$this->erreur("parameter <token> required");
}
try {
$jeton = JWT::decode($jwt, $this->clef, array('HS256'));
$jeton = (array) $jeton;
} catch (Exception $e) {
$this->erreur($e->getMessage());
exit;
}
//print_r($jeton);
$this->envoyerJson(true);
}
 
/**
* Reçoit un jeton JWT, et s'il est non-vide ("sub" != null), lui redonne
* une période de validité de $this->dureeJeton; si $ignorerExpiration
* vaut true, rafraîchira le jeton même s'il a expiré
* (attention à ne pas appeler cette méthode n'importe comment !);
* jette une exception si le jeton est vide, mal signé ou autre erreur,
* ou s'il a expiré et que $ignorerExpiration est différent de true
*
* @param string $jwt le jeton JWT
* @return string le jeton rafraîchi
*/
protected function rafraichirJeton($jwt, $ignorerExpiration=false) /* throws Exception */ {
$infos = array();
// vérification avec lib JWT
try {
$infos = JWT::decode($jwt, $this->clef, array('HS256'));
$infos = (array) $infos;
} catch (ExpiredException $e) {
if ($ignorerExpiration === true) {
// on se fiche qu'il soit expiré
// décodage d'un jeton expiré
// @WARNING considère que la lib JWT jette ExpiredException en dernier (vrai 12/05/2015),
// ce qui signifie que la signature et le domaine sont tout de même valides - à surveiller !
$infos = $this->decoderJetonExpireManuellement($jwt);
} else {
// on renvoie l'exception plus haut
throw $e;
}
}
// vérification des infos
if (empty($infos['sub'])) {
// jeton vide (wtf?)
echo " #Jeton vide";
throw new Exception("empty token (no <sub>)");
}
// rafraîchissement
$infos['exp'] = time() + $this->dureeJeton;
$jwtSortie = JWT::encode($infos, $this->clef);
 
return $jwtSortie;
}
 
/**
* Décode manuellement un jeton JWT, SANS VÉRIFIER SA SIGNATURE OU
* SON DOMAINE ! @WARNING ne pas utiliser hors du cas d'un jeton
* correct (vérifié avec la lib JWT) mais expiré !
*
* @param string $jwt un jeton vérifié comme valide, mais expiré
*/
protected function decoderJetonExpireManuellement($jwt) {
$parts = explode('.', $jwt);
$payload = $parts[1];
$payload = base64_decode($payload);
$payload = json_decode($payload, true);
 
return $payload;
}
 
/**
* Crée un jeton JWT signé avec la clef
*
* @param mixed $sub subject: l'id utilisateur du détenteur du jeton si authentifié, null sinon
* @param string $exp la date d'expiration du jeton, par défaut la date actuelle plus $this->dureeJeton
* @param array $donnees les données à ajouter au jeton (infos utilisateur)
*
* @return string un jeton JWT signé
*/
protected function creerJeton($sub, $donnees=array(), $exp=null) {
if ($exp === null) {
$exp = time() + $this->dureeJeton;
}
$jeton = array(
"iss" => "https://www.tela-botanica.org",
//"aud" => "http://example.com",
"sub" => $sub,
"iat" => time(),
"exp" => $exp,
//"nbf" => time() + 60,
"scopes" => array("tela-botanica.org")
);
if (! empty($donnees)) {
$jeton = array_merge($jeton, $donnees);
}
$jwt = JWT::encode($jeton, $this->clef);
 
return $jwt;
}
 
/**
* Crée un cookie de durée $this->dureeCookie, nommé $this->nomCookie et
* contenant $valeur
*
* @param string $valeur le contenu du cookie (de préférence un jeton JWT)
*/
protected function creerCookie($valeur) {
setcookie($this->nomCookie, $valeur, time() + $this->dureeCookie, '/');
}
 
/**
* Renvoie le cookie avec une valeur vide et une date d'expiration dans le
* passé, afin que le navigateur le détruise au prochain appel
* @TODO envisager l'envoi d'un jeton vide plutôt que la suppression du cookie
*
* @param string $valeur la valeur du cookie, par défaut ""
*/
protected function detruireCookie() {
setcookie($this->nomCookie, "", -1, '/');
}
 
// ---------------- Méthodes à génériciser ci-dessous ----------------------------------
 
/**
* Message succinct pour méthodes / actions non implémentées
*/
protected function nonImplemente() {
$this->erreur("not implemented");
}
/**
* Si $this->forcerSSL vaut true, envoie une erreur et termine le programme si SSL n'est pas utilisé
*/
protected function verifierSSL() {
if ($this->forcerSSL === true) {
if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == 'off') {
$this->erreur("HTTPS required");
exit;
}
}
}
 
protected function getParamChain($names) {
if (! is_array($names)) {
}
}
 
/**
* Capture un paramètre de requête ($_REQUEST)
*
* @param string $name nom du paramètre à capturer
* @param string $default valeur par défaut si le paramètre n'est pas défini (ou vide, voir ci-dessous)
* @param bool $traiterVideCommeDefaut si le paramètre est défini mais vide (''), le considèrera comme non défini
*
* @return string la valeur du paramètre si défini, sinon la valeur par défaut
*/
protected function getParam($name, $default=null, $traiterVideCommeDefaut=false) {
$ret = $default;
if (isset($_REQUEST[$name])) {
if ($traiterVideCommeDefaut === false || $_REQUEST[$name] !== '') {
$ret = $_REQUEST[$name];
}
}
return $ret;
}
 
/**
* Capture un paramètre GET
*
* @param string $name nom du paramètre GET à capturer
* @param string $default valeur par défaut si le paramètre n'est pas défini (ou vide, voir ci-dessous)
* @param bool $traiterVideCommeDefaut si le paramètre est défini mais vide (''), le considèrera comme non défini
*
* @return string la valeur du paramètre si défini, sinon la valeur par défaut
*/
protected function getGetParam($name, $default=null, $traiterVideCommeDefaut=false) {
$ret = $default;
if (isset($_GET[$name])) {
if ($traiterVideCommeDefaut === false || $_GET[$name] !== '') {
$ret = $_GET[$name];
}
}
return $ret;
}
 
/**
* Capture un paramètre POST
*
* @param string $name nom du paramètre POST à capturer
* @param string $default valeur par défaut si le paramètre n'est pas défini (ou vide, voir ci-dessous)
* @param bool $traiterVideCommeDefaut si le paramètre est défini mais vide (''), le considèrera comme non défini
*
* @return string la valeur du paramètre si défini, sinon la valeur par défaut
*/
protected function getPostParam($name, $default=null, $traiterVideCommeDefaut=false) {
$ret = $default;
if (isset($_POST[$name])) {
if ($traiterVideCommeDefaut === false || $_POST[$name] !== '') {
$ret = $_POST[$name];
}
}
return $ret;
}
 
/**
* Envoie une erreur HTTP $code (400 par défaut) avec les données $data en JSON
*
* @param mixed $data données JSON de l'erreur - généralement array("error" => "raison de l'erreur") - si
* seule une chaîne est transmise, sera convertie en array("error" => $data)
* @param number $code code HTTP de l'erreur, par défaut 400 (bad request)
* @param boolean $exit si true (par défaut), termine le script après avoir envoyé l'erreur
*/
protected function erreur($data, $code=400, $exit=true) {
if (! is_array($data)) {
$data = array(
"error" => $data
);
}
http_response_code($code);
$this->envoyerJson($data);
if ($exit === true) {
exit;
}
}
}
 
/**
* Mode moderne pour PHP < 5.4
*/
if (!function_exists('http_response_code')) {
function http_response_code($code = NULL) {
if ($code !== NULL) {
switch ($code) {
case 100: $text = 'Continue'; break;
case 101: $text = 'Switching Protocols'; break;
case 200: $text = 'OK'; break;
case 201: $text = 'Created'; break;
case 202: $text = 'Accepted'; break;
case 203: $text = 'Non-Authoritative Information'; break;
case 204: $text = 'No Content'; break;
case 205: $text = 'Reset Content'; break;
case 206: $text = 'Partial Content'; break;
case 300: $text = 'Multiple Choices'; break;
case 301: $text = 'Moved Permanently'; break;
case 302: $text = 'Moved Temporarily'; break;
case 303: $text = 'See Other'; break;
case 304: $text = 'Not Modified'; break;
case 305: $text = 'Use Proxy'; break;
case 400: $text = 'Bad Request'; break;
case 401: $text = 'Unauthorized'; break;
case 402: $text = 'Payment Required'; break;
case 403: $text = 'Forbidden'; break;
case 404: $text = 'Not Found'; break;
case 405: $text = 'Method Not Allowed'; break;
case 406: $text = 'Not Acceptable'; break;
case 407: $text = 'Proxy Authentication Required'; break;
case 408: $text = 'Request Time-out'; break;
case 409: $text = 'Conflict'; break;
case 410: $text = 'Gone'; break;
case 411: $text = 'Length Required'; break;
case 412: $text = 'Precondition Failed'; break;
case 413: $text = 'Request Entity Too Large'; break;
case 414: $text = 'Request-URI Too Large'; break;
case 415: $text = 'Unsupported Media Type'; break;
case 500: $text = 'Internal Server Error'; break;
case 501: $text = 'Not Implemented'; break;
case 502: $text = 'Bad Gateway'; break;
case 503: $text = 'Service Unavailable'; break;
case 504: $text = 'Gateway Time-out'; break;
case 505: $text = 'HTTP Version not supported'; break;
case 666: $text = 'Couscous overheat'; break;
default:
exit('Unknown http status code "' . htmlentities($code) . '"');
break;
}
 
$protocol = (isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.0');
header($protocol . ' ' . $code . ' ' . $text);
$GLOBALS['http_response_code'] = $code;
} else {
$code = (isset($GLOBALS['http_response_code']) ? $GLOBALS['http_response_code'] : 200);
}
return $code;
}
}
/trunk/jrest/services/Utilisateur.php
27,12 → 27,16
const FORMAT_XML = "xml";
const FORMAT_LDEHYDE = "méthanal"; // hihi hoho
 
public function __construct($config, $demarrer_session = true) {
parent::__construct($config, $demarrer_session);
$this->idAnnuaire = Config::get('annuaire_defaut');
}
 
/*+----------------------------------------------------------------------------------------------------+*/
// GET : consultation
 
public function getElement($ressources){
$this->ressources = $ressources;
$this->idAnnuaire = Config::get('annuaire_defaut');
$infos = null;
 
if (isset($this->ressources[0])) {
171,14 → 175,14
/**
* Permet d'obtenir les prénoms et noms des courriels des utilisateurs indiqués dans la ressource.
* RESSOURCE : /utilisateur/prenom-nom-par-courriel/[courriel,courriel,...]
* PARAMÈTRES : aucun
* PARAMÈTRES : $courriels des adresses courriel séparées par des virgules; si != null, sera utilisé à la place de la ressource d'URL
* RÉPONSE : Tableau possédant un courriel de la ressource en clé et en valeur :
* - id : identifiant numérique de l'utilisateur
* - prenom : prénom
* - nom : nom de famille.
*/
public function getPrenomNomParCourriel() {
$courriels = explode(',', $this->ressources[0]);
public function getPrenomNomParCourriel($courriels) {
$courriels = explode(',', $courriels);
$infos = $this->getAnnuaire()->obtenirPrenomNomParCourriel($this->idAnnuaire, $courriels);
return $infos;
}
186,7 → 190,7
/**
* Permet d'obtenir les identités des utilisateurs indiqués dans la ressource.
* RESSOURCE : /utilisateur/identite-par-courriel/[courriel,courriel,...]
* PARAMÈTRES : aucun
* PARAMÈTRES : $courriels des adresses courriel séparées par des virgules; si != null, sera utilisé à la place de la ressource d'URL
* RÉPONSE : Tableau possédant un courriel de la ressource en clé et en valeur :
* - id : identifiant numérique de l'utilisateur
* - pseudoUtilise : indique si on doit utiliser le pseudo à la place de Prénom NOM
194,9 → 198,9
* - prenom : prénom
* - nom : nom de famille.
*/
public function getIdentiteParCourriel() {
public function getIdentiteParCourriel($courriels) {
$infos_utilisateurs = array();
$utilisateurs = $this->getPrenomNomParCourriel();
$utilisateurs = $this->getPrenomNomParCourriel($courriels);
foreach ($utilisateurs as $courriel => $utilisateur) {
$id = $utilisateur['id'];
$utilisateur['pseudo'] = $this->obtenirPseudo($id);
/trunk/vendor/composer/autoload_namespaces.php
New file
0,0 → 1,9
<?php
 
// autoload_namespaces.php @generated by Composer
 
$vendorDir = dirname(dirname(__FILE__));
$baseDir = dirname($vendorDir);
 
return array(
);
/trunk/vendor/composer/autoload_classmap.php
New file
0,0 → 1,13
<?php
 
// autoload_classmap.php @generated by Composer
 
$vendorDir = dirname(dirname(__FILE__));
$baseDir = dirname($vendorDir);
 
return array(
'BeforeValidException' => $vendorDir . '/firebase/php-jwt/Firebase/PHP-JWT/Exceptions/BeforeValidException.php',
'ExpiredException' => $vendorDir . '/firebase/php-jwt/Firebase/PHP-JWT/Exceptions/ExpiredException.php',
'JWT' => $vendorDir . '/firebase/php-jwt/Firebase/PHP-JWT/Authentication/JWT.php',
'SignatureInvalidException' => $vendorDir . '/firebase/php-jwt/Firebase/PHP-JWT/Exceptions/SignatureInvalidException.php',
);
/trunk/vendor/composer/autoload_real.php
New file
0,0 → 1,50
<?php
 
// autoload_real.php @generated by Composer
 
class ComposerAutoloaderInit0300019570b11b0db352635473fb4a22
{
private static $loader;
 
public static function loadClassLoader($class)
{
if ('Composer\Autoload\ClassLoader' === $class) {
require __DIR__ . '/ClassLoader.php';
}
}
 
public static function getLoader()
{
if (null !== self::$loader) {
return self::$loader;
}
 
spl_autoload_register(array('ComposerAutoloaderInit0300019570b11b0db352635473fb4a22', 'loadClassLoader'), true, true);
self::$loader = $loader = new \Composer\Autoload\ClassLoader();
spl_autoload_unregister(array('ComposerAutoloaderInit0300019570b11b0db352635473fb4a22', 'loadClassLoader'));
 
$map = require __DIR__ . '/autoload_namespaces.php';
foreach ($map as $namespace => $path) {
$loader->set($namespace, $path);
}
 
$map = require __DIR__ . '/autoload_psr4.php';
foreach ($map as $namespace => $path) {
$loader->setPsr4($namespace, $path);
}
 
$classMap = require __DIR__ . '/autoload_classmap.php';
if ($classMap) {
$loader->addClassMap($classMap);
}
 
$loader->register(true);
 
return $loader;
}
}
 
function composerRequire0300019570b11b0db352635473fb4a22($file)
{
require $file;
}
/trunk/vendor/composer/ClassLoader.php
New file
0,0 → 1,413
<?php
 
/*
* This file is part of Composer.
*
* (c) Nils Adermann <naderman@naderman.de>
* Jordi Boggiano <j.boggiano@seld.be>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
 
namespace Composer\Autoload;
 
/**
* ClassLoader implements a PSR-0 class loader
*
* See https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md
*
* $loader = new \Composer\Autoload\ClassLoader();
*
* // register classes with namespaces
* $loader->add('Symfony\Component', __DIR__.'/component');
* $loader->add('Symfony', __DIR__.'/framework');
*
* // activate the autoloader
* $loader->register();
*
* // to enable searching the include path (eg. for PEAR packages)
* $loader->setUseIncludePath(true);
*
* In this example, if you try to use a class in the Symfony\Component
* namespace or one of its children (Symfony\Component\Console for instance),
* the autoloader will first look for the class under the component/
* directory, and it will then fallback to the framework/ directory if not
* found before giving up.
*
* This class is loosely based on the Symfony UniversalClassLoader.
*
* @author Fabien Potencier <fabien@symfony.com>
* @author Jordi Boggiano <j.boggiano@seld.be>
*/
class ClassLoader
{
// PSR-4
private $prefixLengthsPsr4 = array();
private $prefixDirsPsr4 = array();
private $fallbackDirsPsr4 = array();
 
// PSR-0
private $prefixesPsr0 = array();
private $fallbackDirsPsr0 = array();
 
private $useIncludePath = false;
private $classMap = array();
 
private $classMapAuthoritative = false;
 
public function getPrefixes()
{
if (!empty($this->prefixesPsr0)) {
return call_user_func_array('array_merge', $this->prefixesPsr0);
}
 
return array();
}
 
public function getPrefixesPsr4()
{
return $this->prefixDirsPsr4;
}
 
public function getFallbackDirs()
{
return $this->fallbackDirsPsr0;
}
 
public function getFallbackDirsPsr4()
{
return $this->fallbackDirsPsr4;
}
 
public function getClassMap()
{
return $this->classMap;
}
 
/**
* @param array $classMap Class to filename map
*/
public function addClassMap(array $classMap)
{
if ($this->classMap) {
$this->classMap = array_merge($this->classMap, $classMap);
} else {
$this->classMap = $classMap;
}
}
 
/**
* Registers a set of PSR-0 directories for a given prefix, either
* appending or prepending to the ones previously set for this prefix.
*
* @param string $prefix The prefix
* @param array|string $paths The PSR-0 root directories
* @param bool $prepend Whether to prepend the directories
*/
public function add($prefix, $paths, $prepend = false)
{
if (!$prefix) {
if ($prepend) {
$this->fallbackDirsPsr0 = array_merge(
(array) $paths,
$this->fallbackDirsPsr0
);
} else {
$this->fallbackDirsPsr0 = array_merge(
$this->fallbackDirsPsr0,
(array) $paths
);
}
 
return;
}
 
$first = $prefix[0];
if (!isset($this->prefixesPsr0[$first][$prefix])) {
$this->prefixesPsr0[$first][$prefix] = (array) $paths;
 
return;
}
if ($prepend) {
$this->prefixesPsr0[$first][$prefix] = array_merge(
(array) $paths,
$this->prefixesPsr0[$first][$prefix]
);
} else {
$this->prefixesPsr0[$first][$prefix] = array_merge(
$this->prefixesPsr0[$first][$prefix],
(array) $paths
);
}
}
 
/**
* Registers a set of PSR-4 directories for a given namespace, either
* appending or prepending to the ones previously set for this namespace.
*
* @param string $prefix The prefix/namespace, with trailing '\\'
* @param array|string $paths The PSR-0 base directories
* @param bool $prepend Whether to prepend the directories
*
* @throws \InvalidArgumentException
*/
public function addPsr4($prefix, $paths, $prepend = false)
{
if (!$prefix) {
// Register directories for the root namespace.
if ($prepend) {
$this->fallbackDirsPsr4 = array_merge(
(array) $paths,
$this->fallbackDirsPsr4
);
} else {
$this->fallbackDirsPsr4 = array_merge(
$this->fallbackDirsPsr4,
(array) $paths
);
}
} elseif (!isset($this->prefixDirsPsr4[$prefix])) {
// Register directories for a new namespace.
$length = strlen($prefix);
if ('\\' !== $prefix[$length - 1]) {
throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator.");
}
$this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length;
$this->prefixDirsPsr4[$prefix] = (array) $paths;
} elseif ($prepend) {
// Prepend directories for an already registered namespace.
$this->prefixDirsPsr4[$prefix] = array_merge(
(array) $paths,
$this->prefixDirsPsr4[$prefix]
);
} else {
// Append directories for an already registered namespace.
$this->prefixDirsPsr4[$prefix] = array_merge(
$this->prefixDirsPsr4[$prefix],
(array) $paths
);
}
}
 
/**
* Registers a set of PSR-0 directories for a given prefix,
* replacing any others previously set for this prefix.
*
* @param string $prefix The prefix
* @param array|string $paths The PSR-0 base directories
*/
public function set($prefix, $paths)
{
if (!$prefix) {
$this->fallbackDirsPsr0 = (array) $paths;
} else {
$this->prefixesPsr0[$prefix[0]][$prefix] = (array) $paths;
}
}
 
/**
* Registers a set of PSR-4 directories for a given namespace,
* replacing any others previously set for this namespace.
*
* @param string $prefix The prefix/namespace, with trailing '\\'
* @param array|string $paths The PSR-4 base directories
*
* @throws \InvalidArgumentException
*/
public function setPsr4($prefix, $paths)
{
if (!$prefix) {
$this->fallbackDirsPsr4 = (array) $paths;
} else {
$length = strlen($prefix);
if ('\\' !== $prefix[$length - 1]) {
throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator.");
}
$this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length;
$this->prefixDirsPsr4[$prefix] = (array) $paths;
}
}
 
/**
* Turns on searching the include path for class files.
*
* @param bool $useIncludePath
*/
public function setUseIncludePath($useIncludePath)
{
$this->useIncludePath = $useIncludePath;
}
 
/**
* Can be used to check if the autoloader uses the include path to check
* for classes.
*
* @return bool
*/
public function getUseIncludePath()
{
return $this->useIncludePath;
}
 
/**
* Turns off searching the prefix and fallback directories for classes
* that have not been registered with the class map.
*
* @param bool $classMapAuthoritative
*/
public function setClassMapAuthoritative($classMapAuthoritative)
{
$this->classMapAuthoritative = $classMapAuthoritative;
}
 
/**
* Should class lookup fail if not found in the current class map?
*
* @return bool
*/
public function isClassMapAuthoritative()
{
return $this->classMapAuthoritative;
}
 
/**
* Registers this instance as an autoloader.
*
* @param bool $prepend Whether to prepend the autoloader or not
*/
public function register($prepend = false)
{
spl_autoload_register(array($this, 'loadClass'), true, $prepend);
}
 
/**
* Unregisters this instance as an autoloader.
*/
public function unregister()
{
spl_autoload_unregister(array($this, 'loadClass'));
}
 
/**
* Loads the given class or interface.
*
* @param string $class The name of the class
* @return bool|null True if loaded, null otherwise
*/
public function loadClass($class)
{
if ($file = $this->findFile($class)) {
includeFile($file);
 
return true;
}
}
 
/**
* Finds the path to the file where the class is defined.
*
* @param string $class The name of the class
*
* @return string|false The path if found, false otherwise
*/
public function findFile($class)
{
// work around for PHP 5.3.0 - 5.3.2 https://bugs.php.net/50731
if ('\\' == $class[0]) {
$class = substr($class, 1);
}
 
// class map lookup
if (isset($this->classMap[$class])) {
return $this->classMap[$class];
}
if ($this->classMapAuthoritative) {
return false;
}
 
$file = $this->findFileWithExtension($class, '.php');
 
// Search for Hack files if we are running on HHVM
if ($file === null && defined('HHVM_VERSION')) {
$file = $this->findFileWithExtension($class, '.hh');
}
 
if ($file === null) {
// Remember that this class does not exist.
return $this->classMap[$class] = false;
}
 
return $file;
}
 
private function findFileWithExtension($class, $ext)
{
// PSR-4 lookup
$logicalPathPsr4 = strtr($class, '\\', DIRECTORY_SEPARATOR) . $ext;
 
$first = $class[0];
if (isset($this->prefixLengthsPsr4[$first])) {
foreach ($this->prefixLengthsPsr4[$first] as $prefix => $length) {
if (0 === strpos($class, $prefix)) {
foreach ($this->prefixDirsPsr4[$prefix] as $dir) {
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $length))) {
return $file;
}
}
}
}
}
 
// PSR-4 fallback dirs
foreach ($this->fallbackDirsPsr4 as $dir) {
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) {
return $file;
}
}
 
// PSR-0 lookup
if (false !== $pos = strrpos($class, '\\')) {
// namespaced class name
$logicalPathPsr0 = substr($logicalPathPsr4, 0, $pos + 1)
. strtr(substr($logicalPathPsr4, $pos + 1), '_', DIRECTORY_SEPARATOR);
} else {
// PEAR-like class name
$logicalPathPsr0 = strtr($class, '_', DIRECTORY_SEPARATOR) . $ext;
}
 
if (isset($this->prefixesPsr0[$first])) {
foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) {
if (0 === strpos($class, $prefix)) {
foreach ($dirs as $dir) {
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) {
return $file;
}
}
}
}
}
 
// PSR-0 fallback dirs
foreach ($this->fallbackDirsPsr0 as $dir) {
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) {
return $file;
}
}
 
// PSR-0 include paths.
if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) {
return $file;
}
}
}
 
/**
* Scope isolated include.
*
* Prevents access to $this/self from included files.
*/
function includeFile($file)
{
include $file;
}
/trunk/vendor/composer/autoload_psr4.php
New file
0,0 → 1,9
<?php
 
// autoload_psr4.php @generated by Composer
 
$vendorDir = dirname(dirname(__FILE__));
$baseDir = dirname($vendorDir);
 
return array(
);
/trunk/vendor/composer/installed.json
New file
0,0 → 1,49
[
{
"name": "firebase/php-jwt",
"version": "2.0.0",
"version_normalized": "2.0.0.0",
"target-dir": "Firebase/PHP-JWT",
"source": {
"type": "git",
"url": "https://github.com/firebase/php-jwt.git",
"reference": "ffcfd888ce1e4f2d70cac2dc9b7301038332fe57"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/firebase/php-jwt/zipball/ffcfd888ce1e4f2d70cac2dc9b7301038332fe57",
"reference": "ffcfd888ce1e4f2d70cac2dc9b7301038332fe57",
"shasum": ""
},
"require": {
"php": ">=5.2.0"
},
"time": "2015-04-01 18:46:38",
"type": "library",
"installation-source": "dist",
"autoload": {
"classmap": [
"Authentication/",
"Exceptions/"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause"
],
"authors": [
{
"name": "Neuman Vong",
"email": "neuman+pear@twilio.com",
"role": "Developer"
},
{
"name": "Anant Narayanan",
"email": "anant@php.net",
"role": "Developer"
}
],
"description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
"homepage": "https://github.com/firebase/php-jwt"
}
]
/trunk/vendor/autoload.php
New file
0,0 → 1,7
<?php
 
// autoload.php @generated by Composer
 
require_once __DIR__ . '/composer' . '/autoload_real.php';
 
return ComposerAutoloaderInit0300019570b11b0db352635473fb4a22::getLoader();
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/package.xml
New file
0,0 → 1,77
<?xml version="1.0" encoding="UTF-8"?>
<package packagerversion="1.9.2" version="2.0" xmlns="http://pear.php.net/dtd/package-2.0" xmlns:tasks="http://pear.php.net/dtd/tasks-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://pear.php.net/dtd/tasks-1.0
http://pear.php.net/dtd/tasks-1.0.xsd
http://pear.php.net/dtd/package-2.0
http://pear.php.net/dtd/package-2.0.xsd">
<name>JWT</name>
<channel>pear.php.net</channel>
<summary>A JWT encoder/decoder.</summary>
<description>A JWT encoder/decoder library for PHP.</description>
<lead>
<name>Neuman Vong</name>
<user>lcfrs</user>
<email>neuman+pear@twilio.com</email>
<active>yes</active>
</lead>
<lead>
<name>Anant Narayanan</name>
<user>anant</user>
<email>anant@php.net</email>
<active>yes</active>
</lead>
<date>2015-04-01</date>
<version>
<release>2.0.0</release>
<api>2.0.0</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://opensource.org/licenses/BSD-3-Clause">BSD 3-Clause License</license>
<notes>
Initial release with basic support for JWT encoding, decoding and signature verification.
</notes>
<contents>
<dir baseinstalldir="/" name="/">
<dir name="tests">
<file name="JWTTest.php" role="test" />
</dir>
<file name="Authentication/JWT.php" role="php" />
</dir>
</contents>
<dependencies>
<required>
<php>
<min>5.1</min>
</php>
<pearinstaller>
<min>1.7.0</min>
</pearinstaller>
<extension>
<name>json</name>
</extension>
<extension>
<name>hash</name>
</extension>
</required>
</dependencies>
<phprelease />
<changelog>
<release>
<version>
<release>0.1.0</release>
<api>0.1.0</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<date>2015-04-01</date>
<license uri="http://opensource.org/licenses/BSD-3-Clause">BSD 3-Clause License</license>
<notes>
Initial release with basic support for JWT encoding, decoding and signature verification.
</notes>
</release>
</changelog>
</package>
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/README.md
New file
0,0 → 1,66
[![Build Status](https://travis-ci.org/firebase/php-jwt.png?branch=master)](https://travis-ci.org/firebase/php-jwt)
 
PHP-JWT
=======
A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should
conform to the [current spec](http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06)
 
Installation
------------
 
Use composer to manage your dependencies and download PHP-JWT:
 
```bash
composer require firebase/php-jwt
```
 
Example
-------
```php
<?php
 
$key = "example_key";
$token = array(
"iss" => "http://example.org",
"aud" => "http://example.com",
"iat" => 1356999524,
"nbf" => 1357000000
);
 
/**
* IMPORTANT:
* You must specify supported algorithms for your application. See
* https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
* for a list of spec-compliant algorithms.
*/
$jwt = JWT::encode($token, $key);
$decoded = JWT::decode($jwt, $key, array('HS256'));
 
print_r($decoded);
 
/*
NOTE: This will now be an object instead of an associative array. To get
an associative array, you will need to cast it as such:
*/
 
$decoded_array = (array) $decoded;
 
?>
```
 
Tests
-----
Run the tests using phpunit:
 
```bash
$ pear install PHPUnit
$ phpunit --configuration phpunit.xml.dist
PHPUnit 3.7.10 by Sebastian Bergmann.
.....
Time: 0 seconds, Memory: 2.50Mb
OK (5 tests, 5 assertions)
```
 
License
-------
[3-Clause BSD](http://opensource.org/licenses/BSD-3-Clause).
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/run-tests.sh
New file
0,0 → 1,38
 
#!/usr/bin/env bash
gpg --fingerprint D8406D0D82947747293778314AA394086372C20A
if [ $? -ne 0 ]; then
echo -e "\033[33mDownloading PGP Public Key...\033[0m"
gpg --recv-keys D8406D0D82947747293778314AA394086372C20A
# Sebastian Bergmann <sb@sebastian-bergmann.de>
gpg --fingerprint D8406D0D82947747293778314AA394086372C20A
if [ $? -ne 0 ]; then
echo -e "\033[31mCould not download PGP public key for verification\033[0m"
exit
fi
fi
 
# Let's grab the latest release and its signature
if [ ! -f phpunit.phar ]; then
wget https://phar.phpunit.de/phpunit.phar
fi
if [ ! -f phpunit.phar.asc ]; then
wget https://phar.phpunit.de/phpunit.phar.asc
fi
 
# Verify before running
gpg --verify phpunit.phar.asc phpunit.phar
if [ $? -eq 0 ]; then
echo
echo -e "\033[33mBegin Unit Testing\033[0m"
# Run the testing suite
php --version
php phpunit.phar --configuration phpunit.xml.dist
else
echo
chmod -x phpunit.phar
mv phpunit.phar /tmp/bad-phpunit.phar
mv phpunit.phar.asc /tmp/bad-phpunit.phar.asc
echo -e "\033[31mSignature did not match! PHPUnit has been moved to /tmp/bad-phpunit.phar\033[0m"
exit 1
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/Authentication/JWT.php
New file
0,0 → 1,326
<?php
 
/**
* JSON Web Token implementation, based on this spec:
* http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06
*
* PHP version 5
*
* @category Authentication
* @package Authentication_JWT
* @author Neuman Vong <neuman@twilio.com>
* @author Anant Narayanan <anant@php.net>
* @license http://opensource.org/licenses/BSD-3-Clause 3-clause BSD
* @link https://github.com/firebase/php-jwt
*/
class JWT
{
public static $supported_algs = array(
'HS256' => array('hash_hmac', 'SHA256'),
'HS512' => array('hash_hmac', 'SHA512'),
'HS384' => array('hash_hmac', 'SHA384'),
'RS256' => array('openssl', 'SHA256'),
);
 
/**
* Decodes a JWT string into a PHP object.
*
* @param string $jwt The JWT
* @param string|Array|null $key The secret key, or map of keys
* @param Array $allowed_algs List of supported verification algorithms
*
* @return object The JWT's payload as a PHP object
*
* @throws DomainException Algorithm was not provided
* @throws UnexpectedValueException Provided JWT was invalid
* @throws SignatureInvalidException Provided JWT was invalid because the signature verification failed
* @throws BeforeValidException Provided JWT is trying to be used before it's eligible as defined by 'nbf'
* @throws BeforeValidException Provided JWT is trying to be used before it's been created as defined by 'iat'
* @throws ExpiredException Provided JWT has since expired, as defined by the 'exp' claim
*
* @uses jsonDecode
* @uses urlsafeB64Decode
*/
public static function decode($jwt, $key = null, $allowed_algs = array())
{
$tks = explode('.', $jwt);
if (count($tks) != 3) {
throw new UnexpectedValueException('Wrong number of segments');
}
list($headb64, $bodyb64, $cryptob64) = $tks;
if (null === ($header = JWT::jsonDecode(JWT::urlsafeB64Decode($headb64)))) {
throw new UnexpectedValueException('Invalid header encoding');
}
if (null === $payload = JWT::jsonDecode(JWT::urlsafeB64Decode($bodyb64))) {
throw new UnexpectedValueException('Invalid claims encoding');
}
$sig = JWT::urlsafeB64Decode($cryptob64);
if (isset($key)) {
if (empty($header->alg)) {
throw new DomainException('Empty algorithm');
}
if (empty(self::$supported_algs[$header->alg])) {
throw new DomainException('Algorithm not supported');
}
if (!is_array($allowed_algs) || !in_array($header->alg, $allowed_algs)) {
throw new DomainException('Algorithm not allowed');
}
if (is_array($key)) {
if (isset($header->kid)) {
$key = $key[$header->kid];
} else {
throw new DomainException('"kid" empty, unable to lookup correct key');
}
}
 
// Check the signature
if (!JWT::verify("$headb64.$bodyb64", $sig, $key, $header->alg)) {
throw new SignatureInvalidException('Signature verification failed');
}
 
// Check if the nbf if it is defined. This is the time that the
// token can actually be used. If it's not yet that time, abort.
if (isset($payload->nbf) && $payload->nbf > time()) {
throw new BeforeValidException(
'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf)
);
}
 
// Check that this token has been created before 'now'. This prevents
// using tokens that have been created for later use (and haven't
// correctly used the nbf claim).
if (isset($payload->iat) && $payload->iat > time()) {
throw new BeforeValidException(
'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->iat)
);
}
 
// Check if this token has expired.
if (isset($payload->exp) && time() >= $payload->exp) {
throw new ExpiredException('Expired token');
}
}
 
return $payload;
}
 
/**
* Converts and signs a PHP object or array into a JWT string.
*
* @param object|array $payload PHP object or array
* @param string $key The secret key
* @param string $alg The signing algorithm. Supported
* algorithms are 'HS256', 'HS384' and 'HS512'
*
* @return string A signed JWT
* @uses jsonEncode
* @uses urlsafeB64Encode
*/
public static function encode($payload, $key, $alg = 'HS256', $keyId = null)
{
$header = array('typ' => 'JWT', 'alg' => $alg);
if ($keyId !== null) {
$header['kid'] = $keyId;
}
$segments = array();
$segments[] = JWT::urlsafeB64Encode(JWT::jsonEncode($header));
$segments[] = JWT::urlsafeB64Encode(JWT::jsonEncode($payload));
$signing_input = implode('.', $segments);
 
$signature = JWT::sign($signing_input, $key, $alg);
$segments[] = JWT::urlsafeB64Encode($signature);
 
return implode('.', $segments);
}
 
/**
* Sign a string with a given key and algorithm.
*
* @param string $msg The message to sign
* @param string|resource $key The secret key
* @param string $alg The signing algorithm. Supported algorithms
* are 'HS256', 'HS384', 'HS512' and 'RS256'
*
* @return string An encrypted message
* @throws DomainException Unsupported algorithm was specified
*/
public static function sign($msg, $key, $alg = 'HS256')
{
if (empty(self::$supported_algs[$alg])) {
throw new DomainException('Algorithm not supported');
}
list($function, $algorithm) = self::$supported_algs[$alg];
switch($function) {
case 'hash_hmac':
return hash_hmac($algorithm, $msg, $key, true);
case 'openssl':
$signature = '';
$success = openssl_sign($msg, $signature, $key, $algorithm);
if (!$success) {
throw new DomainException("OpenSSL unable to sign data");
} else {
return $signature;
}
}
}
 
/**
* Verify a signature with the mesage, key and method. Not all methods
* are symmetric, so we must have a separate verify and sign method.
* @param string $msg the original message
* @param string $signature
* @param string|resource $key for HS*, a string key works. for RS*, must be a resource of an openssl public key
* @param string $alg
* @return bool
* @throws DomainException Invalid Algorithm or OpenSSL failure
*/
private static function verify($msg, $signature, $key, $alg)
{
if (empty(self::$supported_algs[$alg])) {
throw new DomainException('Algorithm not supported');
}
 
list($function, $algorithm) = self::$supported_algs[$alg];
switch($function) {
case 'openssl':
$success = openssl_verify($msg, $signature, $key, $algorithm);
if (!$success) {
throw new DomainException("OpenSSL unable to verify data: " . openssl_error_string());
} else {
return $signature;
}
case 'hash_hmac':
default:
$hash = hash_hmac($algorithm, $msg, $key, true);
if (function_exists('hash_equals')) {
return hash_equals($signature, $hash);
}
$len = min(self::safeStrlen($signature), self::safeStrlen($hash));
 
$status = 0;
for ($i = 0; $i < $len; $i++) {
$status |= (ord($signature[$i]) ^ ord($hash[$i]));
}
$status |= (self::safeStrlen($signature) ^ self::safeStrlen($hash));
 
return ($status === 0);
}
}
 
/**
* Decode a JSON string into a PHP object.
*
* @param string $input JSON string
*
* @return object Object representation of JSON string
* @throws DomainException Provided string was invalid JSON
*/
public static function jsonDecode($input)
{
if (version_compare(PHP_VERSION, '5.4.0', '>=') && !(defined('JSON_C_VERSION') && PHP_INT_SIZE > 4)) {
/** In PHP >=5.4.0, json_decode() accepts an options parameter, that allows you
* to specify that large ints (like Steam Transaction IDs) should be treated as
* strings, rather than the PHP default behaviour of converting them to floats.
*/
$obj = json_decode($input, false, 512, JSON_BIGINT_AS_STRING);
} else {
/** Not all servers will support that, however, so for older versions we must
* manually detect large ints in the JSON string and quote them (thus converting
*them to strings) before decoding, hence the preg_replace() call.
*/
$max_int_length = strlen((string) PHP_INT_MAX) - 1;
$json_without_bigints = preg_replace('/:\s*(-?\d{'.$max_int_length.',})/', ': "$1"', $input);
$obj = json_decode($json_without_bigints);
}
 
if (function_exists('json_last_error') && $errno = json_last_error()) {
JWT::handleJsonError($errno);
} elseif ($obj === null && $input !== 'null') {
throw new DomainException('Null result with non-null input');
}
return $obj;
}
 
/**
* Encode a PHP object into a JSON string.
*
* @param object|array $input A PHP object or array
*
* @return string JSON representation of the PHP object or array
* @throws DomainException Provided object could not be encoded to valid JSON
*/
public static function jsonEncode($input)
{
$json = json_encode($input);
if (function_exists('json_last_error') && $errno = json_last_error()) {
JWT::handleJsonError($errno);
} elseif ($json === 'null' && $input !== null) {
throw new DomainException('Null result with non-null input');
}
return $json;
}
 
/**
* Decode a string with URL-safe Base64.
*
* @param string $input A Base64 encoded string
*
* @return string A decoded string
*/
public static function urlsafeB64Decode($input)
{
$remainder = strlen($input) % 4;
if ($remainder) {
$padlen = 4 - $remainder;
$input .= str_repeat('=', $padlen);
}
return base64_decode(strtr($input, '-_', '+/'));
}
 
/**
* Encode a string with URL-safe Base64.
*
* @param string $input The string you want encoded
*
* @return string The base64 encode of what you passed in
*/
public static function urlsafeB64Encode($input)
{
return str_replace('=', '', strtr(base64_encode($input), '+/', '-_'));
}
 
/**
* Helper method to create a JSON error.
*
* @param int $errno An error number from json_last_error()
*
* @return void
*/
private static function handleJsonError($errno)
{
$messages = array(
JSON_ERROR_DEPTH => 'Maximum stack depth exceeded',
JSON_ERROR_CTRL_CHAR => 'Unexpected control character found',
JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON'
);
throw new DomainException(
isset($messages[$errno])
? $messages[$errno]
: 'Unknown JSON error: ' . $errno
);
}
 
/**
* Get the number of bytes in cryptographic strings.
*
* @param string
* @return int
*/
private static function safeStrlen($str)
{
if (function_exists('mb_strlen')) {
return mb_strlen($str, '8bit');
}
return strlen($str);
}
}
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/composer.json
New file
0,0 → 1,27
{
"name": "firebase/php-jwt",
"description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
"homepage": "https://github.com/firebase/php-jwt",
"authors": [
{
"name": "Neuman Vong",
"email": "neuman+pear@twilio.com",
"role": "Developer"
},
{
"name": "Anant Narayanan",
"email": "anant@php.net",
"role": "Developer"
}
],
"version": "2.0.0",
"license": "BSD-3-Clause",
"require": {
"php": ">=5.2.0"
},
"autoload": {
"classmap": ["Authentication/", "Exceptions/"]
},
"target-dir": "Firebase/PHP-JWT",
"minimum-stability": "dev"
}
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/Exceptions/SignatureInvalidException.php
New file
0,0 → 1,6
<?php
 
class SignatureInvalidException extends UnexpectedValueException
{
 
}
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/Exceptions/ExpiredException.php
New file
0,0 → 1,6
<?php
 
class ExpiredException extends UnexpectedValueException
{
 
}
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/Exceptions/BeforeValidException.php
New file
0,0 → 1,6
<?php
 
class BeforeValidException extends UnexpectedValueException
{
 
}
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/LICENSE
New file
0,0 → 1,30
Copyright (c) 2011, Neuman Vong
 
All rights reserved.
 
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
 
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
 
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
 
* Neither the name of Neuman Vong nor the names of other
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
 
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/tests/JWTTest.php
New file
0,0 → 1,150
<?php
 
class JWTTest extends PHPUnit_Framework_TestCase
{
public function testEncodeDecode()
{
$msg = JWT::encode('abc', 'my_key');
$this->assertEquals(JWT::decode($msg, 'my_key', array('HS256')), 'abc');
}
 
public function testDecodeFromPython()
{
$msg = 'eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.Iio6aHR0cDovL2FwcGxpY2F0aW9uL2NsaWNreT9ibGFoPTEuMjMmZi5vbz00NTYgQUMwMDAgMTIzIg.E_U8X2YpMT5K1cEiT_3-IvBYfrdIFIeVYeOqre_Z5Cg';
$this->assertEquals(
JWT::decode($msg, 'my_key', array('HS256')),
'*:http://application/clicky?blah=1.23&f.oo=456 AC000 123'
);
}
 
public function testUrlSafeCharacters()
{
$encoded = JWT::encode('f?', 'a');
$this->assertEquals('f?', JWT::decode($encoded, 'a', array('HS256')));
}
 
public function testMalformedUtf8StringsFail()
{
$this->setExpectedException('DomainException');
JWT::encode(pack('c', 128), 'a');
}
 
public function testMalformedJsonThrowsException()
{
$this->setExpectedException('DomainException');
JWT::jsonDecode('this is not valid JSON string');
}
 
public function testExpiredToken()
{
$this->setExpectedException('ExpiredException');
$payload = array(
"message" => "abc",
"exp" => time() - 20); // time in the past
$encoded = JWT::encode($payload, 'my_key');
JWT::decode($encoded, 'my_key', array('HS256'));
}
 
public function testBeforeValidTokenWithNbf()
{
$this->setExpectedException('BeforeValidException');
$payload = array(
"message" => "abc",
"nbf" => time() + 20); // time in the future
$encoded = JWT::encode($payload, 'my_key');
JWT::decode($encoded, 'my_key', array('HS256'));
}
 
public function testBeforeValidTokenWithIat()
{
$this->setExpectedException('BeforeValidException');
$payload = array(
"message" => "abc",
"iat" => time() + 20); // time in the future
$encoded = JWT::encode($payload, 'my_key');
JWT::decode($encoded, 'my_key', array('HS256'));
}
 
public function testValidToken()
{
$payload = array(
"message" => "abc",
"exp" => time() + 20); // time in the future
$encoded = JWT::encode($payload, 'my_key');
$decoded = JWT::decode($encoded, 'my_key', array('HS256'));
$this->assertEquals($decoded->message, 'abc');
}
 
public function testValidTokenWithList()
{
$payload = array(
"message" => "abc",
"exp" => time() + 20); // time in the future
$encoded = JWT::encode($payload, 'my_key');
$decoded = JWT::decode($encoded, 'my_key', array('HS256', 'HS512'));
$this->assertEquals($decoded->message, 'abc');
}
 
public function testValidTokenWithNbf()
{
$payload = array(
"message" => "abc",
"iat" => time(),
"exp" => time() + 20, // time in the future
"nbf" => time() - 20);
$encoded = JWT::encode($payload, 'my_key');
$decoded = JWT::decode($encoded, 'my_key', array('HS256'));
$this->assertEquals($decoded->message, 'abc');
}
 
public function testInvalidToken()
{
$payload = array(
"message" => "abc",
"exp" => time() + 20); // time in the future
$encoded = JWT::encode($payload, 'my_key');
$this->setExpectedException('SignatureInvalidException');
$decoded = JWT::decode($encoded, 'my_key2', array('HS256'));
}
 
public function testRSEncodeDecode()
{
$privKey = openssl_pkey_new(array('digest_alg' => 'sha256',
'private_key_bits' => 1024,
'private_key_type' => OPENSSL_KEYTYPE_RSA));
$msg = JWT::encode('abc', $privKey, 'RS256');
$pubKey = openssl_pkey_get_details($privKey);
$pubKey = $pubKey['key'];
$decoded = JWT::decode($msg, $pubKey, array('RS256'));
$this->assertEquals($decoded, 'abc');
}
 
public function testKIDChooser()
{
$keys = array('1' => 'my_key', '2' => 'my_key2');
$msg = JWT::encode('abc', $keys['1'], 'HS256', '1');
$decoded = JWT::decode($msg, $keys, array('HS256'));
$this->assertEquals($decoded, 'abc');
}
 
public function testNoneAlgorithm()
{
$msg = JWT::encode('abc', 'my_key');
$this->setExpectedException('DomainException');
JWT::decode($msg, 'my_key', array('none'));
}
 
public function testIncorrectAlgorithm()
{
$msg = JWT::encode('abc', 'my_key');
$this->setExpectedException('DomainException');
JWT::decode($msg, 'my_key', array('RS256'));
}
 
public function testMissingAlgorithm()
{
$msg = JWT::encode('abc', 'my_key');
$this->setExpectedException('DomainException');
JWT::decode($msg, 'my_key');
}
}
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/tests/autoload.php.dist
New file
0,0 → 1,17
<?php
 
// if the library is the project, try to use the composer's autoload for the tests
$composerAutoload = __DIR__ . '/../vendor/autoload.php';
 
if (is_file($composerAutoload)) {
include $composerAutoload;
} else {
die('Unable to find autoload.php file, please use composer to load dependencies:
 
wget http://getcomposer.org/composer.phar
php composer.phar install
 
Visit http://getcomposer.org/ for more information.
 
');
}
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/tests/bootstrap.php
New file
0,0 → 1,7
<?php
 
if (file_exists($file = __DIR__ . '/autoload.php')) {
require_once $file;
} elseif (file_exists($file = __DIR__ . '/autoload.php.dist')) {
require_once $file;
}
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/.gitignore
New file
0,0 → 1,3
vendor
phpunit.phar
phpunit.phar.asc
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/.travis.yml
New file
0,0 → 1,13
language: php
 
php:
- 5.3
- 5.4
- 5.5
- hhvm
 
before_script:
- wget -nc http://getcomposer.org/composer.phar
- php composer.phar install
 
script: phpunit --configuration phpunit.xml.dist
/trunk/vendor/firebase/php-jwt/Firebase/PHP-JWT/phpunit.xml.dist
New file
0,0 → 1,19
<?xml version="1.0" encoding="UTF-8"?>
 
<phpunit backupGlobals="false"
backupStaticAttributes="false"
colors="true"
convertErrorsToExceptions="true"
convertNoticesToExceptions="true"
convertWarningsToExceptions="true"
processIsolation="false"
stopOnFailure="false"
syntaxCheck="false"
bootstrap="tests/bootstrap.php"
>
<testsuites>
<testsuite name="PHP JSON Web Token Test Suite">
<directory>./tests</directory>
</testsuite>
</testsuites>
</phpunit>