WebSVN – oidplus – Diff – /trunk/includes/classes/OIDplusAuthContentStoreJWT.class.php



         * @return void
         * @throws OIDplusException
         */
        private static function jwtSecurityCheck(OIDplusAuthContentStoreJWT $contentProvider, int $validGenerators=null) {
                // Check if the token is intended for us
                // Note 'aud' is mandatory, so we do not check for exists()
                if ($contentProvider->getValue('aud','') !== OIDplus::getEditionInfo()['jwtaud']) {
                        throw new OIDplusException(_L('Token has wrong audience'));
                }
 
                // Note CLAIM_SSH is mandatory, so we do not check for exists()
                if ($contentProvider->getValue(self::CLAIM_SSH, '') !== self::getSsh()) {
                        throw new OIDplusException(_L('"Server Secret" was changed; therefore the JWT is not valid anymore'));
                }
 
                // Note CLAIM_GENERATOR is mandatory, so we do not check for exists()
                $gen = $contentProvider->getValue(self::CLAIM_GENERATOR, -1);
 
                $has_admin = $contentProvider->isAdminLoggedIn();
                $has_ra = $contentProvider->raNumLoggedIn() > 0;
 

Subversion Repositories oidplus

oidplus/trunk/includes/classes/OIDplusAuthContentStoreJWT.class.php – Rev 1307 → 1308

Rev 1307		Rev 1308
Line 136...		Line 136...
136	* @return void	136	* @return void
137	* @throws OIDplusException	137	* @throws OIDplusException
138	*/	138	*/
139	private static function jwtSecurityCheck(OIDplusAuthContentStoreJWT $contentProvider, int $validGenerators=null) {	139	private static function jwtSecurityCheck(OIDplusAuthContentStoreJWT $contentProvider, int $validGenerators=null) {
140	// Check if the token is intended for us	140	// Check if the token is intended for us
141	// Note 'aud' is mandatory, so we do not check of exists()	141	// Note 'aud' is mandatory, so we do not check for exists()
142	if ($contentProvider->getValue('aud','') !== OIDplus::getEditionInfo()['jwtaud']) {	142	if ($contentProvider->getValue('aud','') !== OIDplus::getEditionInfo()['jwtaud']) {
143	throw new OIDplusException(_L('Token has wrong audience'));	143	throw new OIDplusException(_L('Token has wrong audience'));
144	}	144	}
145		145
146	// Note CLAIM_SSH is mandatory, so we do not check of exists()	146	// Note CLAIM_SSH is mandatory, so we do not check for exists()
147	if ($contentProvider->getValue(self::CLAIM_SSH, '') !== self::getSsh()) {	147	if ($contentProvider->getValue(self::CLAIM_SSH, '') !== self::getSsh()) {
148	throw new OIDplusException(_L('"Server Secret" was changed; therefore the JWT is not valid anymore'));	148	throw new OIDplusException(_L('"Server Secret" was changed; therefore the JWT is not valid anymore'));
149	}	149	}
150		150
151	// Note CLAIM_GENERATOR is mandatory, so we do not check of exists()	151	// Note CLAIM_GENERATOR is mandatory, so we do not check for exists()
152	$gen = $contentProvider->getValue(self::CLAIM_GENERATOR, -1);	152	$gen = $contentProvider->getValue(self::CLAIM_GENERATOR, -1);
153		153
154	$has_admin = $contentProvider->isAdminLoggedIn();	154	$has_admin = $contentProvider->isAdminLoggedIn();
155	$has_ra = $contentProvider->raNumLoggedIn() > 0;	155	$has_ra = $contentProvider->raNumLoggedIn() > 0;
156		156