oidplusalarmingautosfxaysaliacalllibchecksum-toolscolormanagercryptochatcurrency_converterdecoderdelphiutilsdistributeddpcstudiodpg2fastphpfileformatsfilter_foundryforestgridgameht46f47_simulatorindexer_suiteipe_artfile_utilsjavautilsjumperlightgamelogviewermusikboxmystic_houseoidconverteroidinfo_apioidinfo_new_designpersonal-webbasephp_antispamphp_clientchallengephp_guestbookphp_utilsplumbersprependrecyclebinunitsimple_log_eventsokobanspacemissionstackmanuserdetect2uuid_mac_utilsvgwhoisvnagwebcounterwinbugtrackeryt_downloader

BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → /trunk/includes/classes/OIDplusAuthContentStoreJWT.class.php @ 1305

  → /trunk/includes/classes/OIDplusAuthContentStoreJWT.class.php @ 1306

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Regard whitespace Rev 1305 → Rev 1306

/trunk/includes/classes/OIDplusAuthContentStoreJWT.class.php
26,7 → 26,7
/**
* Auth content store for JWT tokens (web browser login cookies, Automated AJAX argument, or REST Bearer)
*/
class OIDplusAuthContentStoreJWT {
class OIDplusAuthContentStoreJWT implements OIDplusGetterSetterInterface {
/**
* Cookie name for the JWT auth token
196,6 → 196,14
throw new OIDplusException(_L('Token generator %1 not recognized',$gen));
}
// Check if token has expired
$exp = $contentProvider->getValue('exp',null);
if (!is_null($exp)) {
if (time() > $exp) {
throw new OIDplusException(_L('Token has expired on %1',date('d F Y, H:i:s',$exp)));
}
}
// Make sure that the IAT (issued at time) isn't in a blacklisted timeframe
// When an user believes that a token was compromised, then they can blacklist the tokens identified by their "iat" ("Issued at") property
// When a user logs out of a web browser session, the JWT token will be blacklisted as well
482,7 → 490,7
}
} catch (\Exception $e) {
if (!$silent_error) {
if (!$silent_error || OIDplus::baseConfig()->getValue('DEBUG',false)) {
// Most likely an AJAX request. We can throw an Exception
throw new OIDplusException(_L('The JWT token was rejected: %1',$e->getMessage()));
} else {
528,6 → 536,8
$this->raLogin($email);
$loginfo = 'into existing JWT session';
}
$ttl = OIDplus::baseConfig()->getValue('JWT_TTL_LOGIN_USER', 10*365*24*60*60);
$this->setValue('exp', time()+$ttl); // JWT "exp" attribute
}
/**
559,6 → 569,8
$this->adminLogin();
$loginfo = 'into existing JWT session';
}
$ttl = OIDplus::baseConfig()->getValue('JWT_TTL_LOGIN_ADMIN', 10*365*24*60*60);
$this->setValue('exp', time()+$ttl); // JWT "exp" attribute
}
// Individual functions
594,7 → 606,10
$payload["aud"] = OIDplus::getEditionInfo()['jwtaud'];
$payload["jti"] = gen_uuid();
$payload["iat"] = time();
if (!isset($payload["exp"])) $payload["exp"] = time()+3600/*1h*/;
uksort($payload, "strnatcmp"); // this is natsort on the key. Just to make the JWT look nicer.
if (OIDplus::getPkiStatus()) {
$privKey = OIDplus::getSystemPrivateKey();
return \Firebase\JWT\JWT::encode($payload, $privKey, 'RS256'); // RSA+SHA256 is hardcoded in getPkiStatus() generation