| 161,10 → 161,13 |
|---|
| } |
| } |
| else if ($gen === self::JWT_GENERATOR_MANUAL) { |
| // Generator 2 are "hand-crafted" tokens |
| if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_MANUAL', false)) { |
| throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_MANUAL')); |
| // Generator: "hand-crafted" tokens |
| if (($has_admin) && !OIDplus::baseConfig()->getValue('JWT_ALLOW_MANUAL_ADMIN', false)) { |
| throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_MANUAL_ADMIN')); |
| } |
| if (($has_ra) && !OIDplus::baseConfig()->getValue('JWT_ALLOW_MANUAL_USER', false)) { |
| throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_MANUAL_USER')); |
| } |
| } else { |
| throw new OIDplusException(_L('Token generator %1 not recognized',$gen)); |
| } |
| 194,7 → 197,7 |
|---|
| |
| // Optional feature: Limit the JWT to a specific IP address |
| // Currently not used in OIDplus |
| $ip = $contentProvider->getValue('ip',''); |
| $ip = $contentProvider->getValue('oidplus_limit_ip',''); |
| if ($ip !== '') { |
| if (isset($_SERVER['REMOTE_ADDR']) && ($ip !== $_SERVER['REMOTE_ADDR'])) { |
| throw new OIDplusException(_L('Your IP address is not allowed to use this token')); |
| 441,11 → 444,11 |
|---|
| */ |
| public function getJWTToken(): string { |
| $payload = $this->content; |
| $payload["oidplus_ssh"] = self::getSsh(); // SSH = Server Secret Hash |
| $payload["iss"] = OIDplus::getEditionInfo()['jwtaud']; |
| $payload["aud"] = OIDplus::getEditionInfo()['jwtaud']; |
| $payload["jti"] = gen_uuid(); |
| $payload["iat"] = time(); |
| $payload["oidplus_ssh"] = self::getSsh(); // SSH = Server Secret Hash |
| |
| if (OIDplus::getPkiStatus()) { |
| $privKey = OIDplus::getSystemPrivateKey(); |