Rev 1307 | Rev 1310 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 1307 | Rev 1308 | ||
---|---|---|---|
Line 136... | Line 136... | ||
136 | * @return void |
136 | * @return void |
137 | * @throws OIDplusException |
137 | * @throws OIDplusException |
138 | */ |
138 | */ |
139 | private static function jwtSecurityCheck(OIDplusAuthContentStoreJWT $contentProvider, int $validGenerators=null) { |
139 | private static function jwtSecurityCheck(OIDplusAuthContentStoreJWT $contentProvider, int $validGenerators=null) { |
140 | // Check if the token is intended for us |
140 | // Check if the token is intended for us |
141 | // Note 'aud' is mandatory, so we do not check of exists() |
141 | // Note 'aud' is mandatory, so we do not check for exists() |
142 | if ($contentProvider->getValue('aud','') !== OIDplus::getEditionInfo()['jwtaud']) { |
142 | if ($contentProvider->getValue('aud','') !== OIDplus::getEditionInfo()['jwtaud']) { |
143 | throw new OIDplusException(_L('Token has wrong audience')); |
143 | throw new OIDplusException(_L('Token has wrong audience')); |
144 | } |
144 | } |
145 | 145 | ||
146 | // Note CLAIM_SSH is mandatory, so we do not check of exists() |
146 | // Note CLAIM_SSH is mandatory, so we do not check for exists() |
147 | if ($contentProvider->getValue(self::CLAIM_SSH, '') !== self::getSsh()) { |
147 | if ($contentProvider->getValue(self::CLAIM_SSH, '') !== self::getSsh()) { |
148 | throw new OIDplusException(_L('"Server Secret" was changed; therefore the JWT is not valid anymore')); |
148 | throw new OIDplusException(_L('"Server Secret" was changed; therefore the JWT is not valid anymore')); |
149 | } |
149 | } |
150 | 150 | ||
151 | // Note CLAIM_GENERATOR is mandatory, so we do not check of exists() |
151 | // Note CLAIM_GENERATOR is mandatory, so we do not check for exists() |
152 | $gen = $contentProvider->getValue(self::CLAIM_GENERATOR, -1); |
152 | $gen = $contentProvider->getValue(self::CLAIM_GENERATOR, -1); |
153 | 153 | ||
154 | $has_admin = $contentProvider->isAdminLoggedIn(); |
154 | $has_admin = $contentProvider->isAdminLoggedIn(); |
155 | $has_ra = $contentProvider->raNumLoggedIn() > 0; |
155 | $has_ra = $contentProvider->raNumLoggedIn() > 0; |
156 | 156 |