| 1,92 → 1,83 |
|---|
| <?php |
| |
| /** |
| * Donne l'utilisateur en cours s'il est connecté, en lisant le cookie SSO |
| * |
| * Pour l'instant, utilisé uniquement dans popup_contact |
| */ |
| class Utilisateur { |
| |
| const NIVEAU_DEBUTANT = 1; |
| const NIVEAU_INTERMEDIAIRE = 2; |
| const NIVEAU_EXPERT = 3; |
| protected $nomCookieSSO = ''; |
| //protected $urlServiceAnnuaire = ''; |
| protected $urlConnexionSite = ''; |
| protected $identifie = false; |
| protected $courriel = null; |
| |
| private $dureeSauvegarde = null; |
| private $nomCookieUtilisateur = ''; |
| private $nomCookieUtilisateurPersistant = ''; |
| private $nomCookieNiveau = ''; |
| private $niveauDefaut = ''; |
| private $urlWsAnnuaire = ''; |
| private $restClient = null; |
| |
| private $niveau = null; |
| private $identifie = false; |
| private $courriel = null; |
| private $md5Mdp = null; |
| |
| public function __construct(Conteneur $conteneur) { |
| $this->dureeSauvegarde = $conteneur->getParametre('cookies.duree'); |
| $this->nomCookieUtilisateur = $conteneur->getParametre('cookies.utilisateur'); |
| $this->nomCookieUtilisateurPersistant = $conteneur->getParametre('cookies.utilisateurPersistant'); |
| $this->nomCookieNiveau = $conteneur->getParametre('cookies.niveau'); |
| $this->niveauDefaut = $conteneur->getParametre('utilisateur.niveau.defaut'); |
| $this->urlWsAnnuaire = $conteneur->getParametre('baseUrlServicesAnnuaireTpl'); |
| $this->restClient = $conteneur->getRestClient(); |
| $this->analyserCookies(); |
| $this->nomCookieSSO = $conteneur->getParametre('auth.nomCookieSSO'); |
| //$this->urlServiceAnnuaire = $conteneur->getParametre('baseUrlServicesAnnuaireTpl'); |
| $this->urlConnexionSite = $conteneur->getParametre('auth.baseUrlConnexionSite'); |
| $this->lireCookieSSO(); |
| } |
| |
| public function getCourriel() { |
| return $this->courriel; |
| /** |
| * Retourne l'adresse email de l'utilisateur actuellement identifié |
| */ |
| public function getCourriel() { |
| return $this->courriel; |
| } |
| |
| public function getNiveau() { |
| return $this->niveau; |
| /** |
| * Retourne true si l'utilisateur est en possession d'un cookie qui |
| * l'identifie |
| */ |
| public function estIdentifie() { |
| return $this->identifie; |
| } |
| |
| public function sauver() { |
| setcookie($this->nomCookieNiveau, time()+$this->dureeSauvegarde, '/'); |
| /** |
| * Retourne l'URL de connexion au SSO |
| */ |
| public function getUrlConnexion() { |
| return $this->urlConnexionSite; |
| } |
| |
| public function etreIdentifie() { |
| $this->analyserCookies(); |
| return $this->identifie; |
| protected function lireCookieSSO() { |
| if (isset($_COOKIE[$this->nomCookieSSO])) { |
| $jeton = $_COOKIE[$this->nomCookieSSO]; |
| // On ne valide pas le jeton car il vient directement du cookie |
| // (supposé être sur HTTPS uniquement) |
| $jetonDecode = $this->decoderJeton($jeton); |
| //var_dump($jetonDecode); echo "<br><br>"; |
| if ($jetonDecode && ! empty($jetonDecode['sub'])) { |
| $this->courriel = $jetonDecode['sub']; |
| $this->identifie = true; |
| } |
| } |
| } |
| |
| public function connecter($courriel, $mdp, $persistance = false) { |
| $url = sprintf($this->urlWsAnnuaire, 'utilisateur'); |
| $donnees['methode'] = 'connexion'; |
| $donnees['courriel'] = $courriel; |
| $donnees['mdp'] = $mdp; |
| $donnees['persistance'] = $persistance; |
| /** |
| * Décode un jeton SSO et retourne son contenu |
| */ |
| protected function decoderJeton($jeton) { |
| $parts = explode('.', $jeton); |
| $payload = $parts[1]; |
| $payload = $this->urlsafeB64Decode($payload); |
| $payload = json_decode($payload, true); |
| |
| $json = $this->restClient->ajouter($url, $donnees); |
| $forceTableauAssociatif = true; |
| $resultat = json_decode($json, $forceTableauAssociatif); |
| return $resultat['identifie']; |
| } |
| return $payload; |
| } |
| |
| private function analyserCookies() { |
| $this->analyserCookiesIdentite(); |
| $this->analyserCookiesNiveau(); |
| } |
| /** |
| * Décode le base64 de manière "urlsafe" (copié de la lib JWT) |
| */ |
| protected function urlsafeB64Decode($input) { |
| $remainder = strlen($input) % 4; |
| if ($remainder) { |
| $padlen = 4 - $remainder; |
| $input .= str_repeat('=', $padlen); |
| } |
| return base64_decode(strtr($input, '-_', '+/')); |
| } |
| |
| private function analyserCookiesIdentite() { |
| if ($this->identifie == false) { |
| if (isset($_COOKIE[$this->nomCookieUtilisateurPersistant])) { |
| $idTela = $_COOKIE[$this->nomCookieUtilisateurPersistant]; |
| $this->extraireMdpEtCourriel($idTela); |
| } else if (isset($_COOKIE[$this->nomCookieUtilisateur])) { |
| $idTela = $_COOKIE[$this->nomCookieUtilisateur]; |
| $this->extraireMdpEtCourriel($idTela); |
| } |
| } |
| } |
| |
| private function extraireMdpEtCourriel($idTela) { |
| $this->md5Mdp = substr($idTela, 0, 32); |
| $this->courriel = substr($idTela, 32); |
| $this->identifie = true; |
| } |
| |
| private function analyserCookiesNiveau() { |
| $this->niveau = $this->niveauDefaut; |
| if (isset($_COOKIE[$this->nomCookieNiveau])) { |
| $this->niveau = $_COOKIE[$this->nomCookieNiveau]; |
| } |
| } |
| } |
| ?> |