WebSVN – oidplus – Diff – /trunk/includes/classes/OIDplusAuthContentStoreJWT.class.php



        }
 
        /**
         * Do various checks if the token is allowed and not blacklisted
         * @param OIDplusAuthContentStore $contentProvider
         * @param int|null $validGenerators Bitmask which generators to allow (null = allow all)
         * @return void
         * @throws OIDplusException
         */
        private static function jwtSecurityCheck(OIDplusAuthContentStore $contentProvider, int $validGenerators=null) {
                // Check if the token is intended for us
                if ($contentProvider->getValue('aud','') !== OIDplus::getEditionInfo()['jwtaud']) {
                        throw new OIDplusException(_L('Token has wrong audience'));
                }
                $gen = $contentProvider->getValue('oidplus_generator', -1);

                                throw new OIDplusException(_L('Your IP address is not allowed to use this token'));
                        }
                }
 
                // Checks if JWT are dependent on the generator
                if (!is_null($validGenerators)) {
                        if (($gen & $validGenerators) === 0) {
                                throw new OIDplusException(_L('This kind of JWT token (%1) cannot be used in this request type', self::generatorName($gen)));
                        }
                }
        }

Subversion Repositories oidplus

oidplus/trunk/includes/classes/OIDplusAuthContentStoreJWT.class.php @ 1301 – Rev 1265 → 1277

Rev 1265		Rev 1277
Line 97...		Line 97...
97	}	97	}
98		98
99	/**	99	/**
100	* Do various checks if the token is allowed and not blacklisted	100	* Do various checks if the token is allowed and not blacklisted
101	* @param OIDplusAuthContentStore $contentProvider	101	* @param OIDplusAuthContentStore $contentProvider
102	* @param int $validGenerators Bitmask which generators to allow (-1 = allow all)	102	* @param int\|null $validGenerators Bitmask which generators to allow (null = allow all)
103	* @return void	103	* @return void
104	* @throws OIDplusException	104	* @throws OIDplusException
105	*/	105	*/
106	private static function jwtSecurityCheck(OIDplusAuthContentStore $contentProvider, int $validGenerators=-1) {	106	private static function jwtSecurityCheck(OIDplusAuthContentStore $contentProvider, int $validGenerators=null) {
107	// Check if the token is intended for us	107	// Check if the token is intended for us
108	if ($contentProvider->getValue('aud','') !== OIDplus::getEditionInfo()['jwtaud']) {	108	if ($contentProvider->getValue('aud','') !== OIDplus::getEditionInfo()['jwtaud']) {
109	throw new OIDplusException(_L('Token has wrong audience'));	109	throw new OIDplusException(_L('Token has wrong audience'));
110	}	110	}
111	$gen = $contentProvider->getValue('oidplus_generator', -1);	111	$gen = $contentProvider->getValue('oidplus_generator', -1);
Line 180...		Line 180...
180	throw new OIDplusException(_L('Your IP address is not allowed to use this token'));	180	throw new OIDplusException(_L('Your IP address is not allowed to use this token'));
181	}	181	}
182	}	182	}
183		183
184	// Checks if JWT are dependent on the generator	184	// Checks if JWT are dependent on the generator
185	if ($validGenerators !== -1) {	185	if (!is_null($validGenerators)) {
186	if (($gen & $validGenerators) === 0) {	186	if (($gen & $validGenerators) === 0) {
187	throw new OIDplusException(_L('This kind of JWT token (%1) cannot be used in this request type', self::generatorName($gen)));	187	throw new OIDplusException(_L('This kind of JWT token (%1) cannot be used in this request type', self::generatorName($gen)));
188	}	188	}
189	}	189	}
190	}	190	}