Rev 1304 | Rev 1306 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 1304 | Rev 1305 | ||
---|---|---|---|
Line 66... | Line 66... | ||
66 | if (is_null($acs)) return 'null'; |
66 | if (is_null($acs)) return 'null'; |
67 | return get_class($acs); |
67 | return get_class($acs); |
68 | } |
68 | } |
69 | 69 | ||
70 | /** |
70 | /** |
71 | * @return OIDplusAuthContentStore|null |
71 | * @return OIDplusAuthContentStoreJWT|null |
72 | * @throws OIDplusException |
72 | * @throws OIDplusException |
73 | */ |
73 | */ |
74 | protected function getAuthContentStore()/*: ?OIDplusAuthContentStore*/ { |
74 | protected function getAuthContentStore()/*: ?OIDplusAuthContentStore*/ { |
75 | // Logged in via JWT |
75 | // Logged in via JWT |
76 | // (The JWT can come from a REST Authentication Bearer, an AJAX Cookie, or an Automated AJAX Call GET/POST token.) |
76 | // (The JWT can come from a login cookie, an REST Authentication Bearer, an AJAX Cookie, or an Automated AJAX Call GET/POST token.) |
77 | $tmp = OIDplusAuthContentStoreJWT::getActiveProvider(); |
77 | $tmp = OIDplusAuthContentStoreJWT::getActiveProvider(); |
78 | if ($tmp) return $tmp; |
78 | if ($tmp) return $tmp; |
79 | 79 | ||
80 | // Normal login via web-browser |
- | |
81 | // Cookie will only be created once content is stored |
- | |
82 | $tmp = OIDplusAuthContentStoreSession::getActiveProvider(); |
- | |
83 | if ($tmp) return $tmp; |
- | |
84 | - | ||
85 | // No active session and no JWT token available. User is not logged in. |
80 | // No active session and no JWT token available. User is not logged in. |
86 | return null; |
81 | return null; |
87 | } |
82 | } |
88 | 83 | ||
89 | /** |
84 | /** |
Line 185... | Line 180... | ||
185 | 180 | ||
186 | // "High level" function including logging and checking for valid JWT alternations |
181 | // "High level" function including logging and checking for valid JWT alternations |
187 | 182 | ||
188 | /** |
183 | /** |
189 | * @param string $email |
184 | * @param string $email |
190 | * @param bool $remember_me |
- | |
191 | * @param string $origin |
185 | * @param string $origin |
192 | * @return void |
186 | * @return void |
193 | * @throws OIDplusException |
187 | * @throws OIDplusException |
194 | */ |
188 | */ |
195 | public function raLoginEx(string $email, bool $remember_me, string $origin='') { |
189 | public function raLoginEx(string $email, string $origin='') { |
196 | $loginfo = ''; |
190 | $loginfo = ''; |
197 | $acs = $this->getAuthContentStore(); |
191 | $acs = $this->getAuthContentStore(); |
198 | if (!is_null($acs)) { |
192 | if (!is_null($acs)) { |
199 | // User is already logged in (a session or JWT exists), so we modify their login status |
193 | // User is already logged in (a session or JWT exists), so we modify their login status |
200 | $acs->raLoginEx($email, $loginfo); |
194 | $acs->raLoginEx($email, $loginfo); |
201 | $acs->activate(); |
195 | $acs->activate(); |
202 | } else { |
196 | } else { |
203 | // No user is logged in (no session or JWT exists). We now create a auth content store and activate it (cookies will be set etc.) |
197 | // No user is logged in (no session or JWT exists). We now create a auth content store and activate it (cookies will be set etc.) |
204 | if ($remember_me) { |
- | |
205 | if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_LOGIN_USER', true)) { |
198 | if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_LOGIN_USER', true)) { |
206 | throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_LOGIN_USER')); |
199 | throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_LOGIN_USER')); |
207 | } |
200 | } |
208 | $ttl = OIDplus::baseConfig()->getValue('JWT_TTL_LOGIN_USER', 10*365*24*60*60); |
201 | $ttl = OIDplus::baseConfig()->getValue('JWT_TTL_LOGIN_USER', 10*365*24*60*60); |
209 | $newAuthStore = new OIDplusAuthContentStoreJWT(); |
202 | $newAuthStore = new OIDplusAuthContentStoreJWT(); |
210 | $newAuthStore->setValue('oidplus_generator', OIDplusAuthContentStoreJWT::JWT_GENERATOR_LOGIN); |
203 | $newAuthStore->setValue(OIDplusAuthContentStoreJWT::CLAIM_GENERATOR, OIDplusAuthContentStoreJWT::JWT_GENERATOR_LOGIN); |
211 | $newAuthStore->setValue('exp', time()+$ttl); // JWT "exp" attribute |
204 | $newAuthStore->setValue('exp', time()+$ttl); // JWT "exp" attribute |
212 | } else { |
- | |
213 | $newAuthStore = new OIDplusAuthContentStoreSession(); |
- | |
214 | } |
- | |
215 | $newAuthStore->raLoginEx($email, $loginfo); |
205 | $newAuthStore->raLoginEx($email, $loginfo); |
216 | $newAuthStore->activate(); |
206 | $newAuthStore->activate(); |
217 | } |
207 | } |
218 | $logmsg = "RA '$email' logged in"; |
208 | $logmsg = "RA '$email' logged in"; |
219 | if ($origin != '') $logmsg .= " via $origin"; |
209 | if ($origin != '') $logmsg .= " via $origin"; |
Line 315... | Line 305... | ||
315 | } |
305 | } |
316 | } |
306 | } |
317 | 307 | ||
318 | /** |
308 | /** |
319 | * "High level" function including logging and checking for valid JWT alternations |
309 | * "High level" function including logging and checking for valid JWT alternations |
320 | * @param bool $remember_me |
- | |
321 | * @param string $origin |
310 | * @param string $origin |
322 | * @return void |
311 | * @return void |
323 | * @throws OIDplusException |
312 | * @throws OIDplusException |
324 | */ |
313 | */ |
325 | public function adminLoginEx(bool $remember_me, string $origin='') { |
314 | public function adminLoginEx(string $origin='') { |
326 | $loginfo = ''; |
315 | $loginfo = ''; |
327 | $acs = $this->getAuthContentStore(); |
316 | $acs = $this->getAuthContentStore(); |
328 | if (!is_null($acs)) { |
317 | if (!is_null($acs)) { |
329 | // User is already logged in (a session or JWT exists), so we modify their login status |
318 | // User is already logged in (a session or JWT exists), so we modify their login status |
330 | $acs->adminLoginEx($loginfo); |
319 | $acs->adminLoginEx($loginfo); |
331 | $acs->activate(); |
320 | $acs->activate(); |
332 | } else { |
321 | } else { |
333 | // No user is logged in (no session or JWT exists). We now create a auth content store and activate it (cookies will be set etc.) |
322 | // No user is logged in (no session or JWT exists). We now create a auth content store and activate it (cookies will be set etc.) |
334 | if ($remember_me) { |
- | |
335 | if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_LOGIN_ADMIN', true)) { |
323 | if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_LOGIN_ADMIN', true)) { |
336 | throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_LOGIN_ADMIN')); |
324 | throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_LOGIN_ADMIN')); |
337 | } |
325 | } |
338 | $ttl = OIDplus::baseConfig()->getValue('JWT_TTL_LOGIN_ADMIN', 10*365*24*60*60); |
326 | $ttl = OIDplus::baseConfig()->getValue('JWT_TTL_LOGIN_ADMIN', 10*365*24*60*60); |
339 | $newAuthStore = new OIDplusAuthContentStoreJWT(); |
327 | $newAuthStore = new OIDplusAuthContentStoreJWT(); |
340 | $newAuthStore->setValue('oidplus_generator', OIDplusAuthContentStoreJWT::JWT_GENERATOR_LOGIN); |
328 | $newAuthStore->setValue(OIDplusAuthContentStoreJWT::CLAIM_GENERATOR, OIDplusAuthContentStoreJWT::JWT_GENERATOR_LOGIN); |
341 | $newAuthStore->setValue('exp', time()+$ttl); // JWT "exp" attribute |
329 | $newAuthStore->setValue('exp', time()+$ttl); // JWT "exp" attribute |
342 | } else { |
- | |
343 | $newAuthStore = new OIDplusAuthContentStoreSession(); |
- | |
344 | } |
- | |
345 | $newAuthStore->adminLoginEx($loginfo); |
330 | $newAuthStore->adminLoginEx($loginfo); |
346 | $newAuthStore->activate(); |
331 | $newAuthStore->activate(); |
347 | } |
332 | } |
348 | $logmsg = "Admin logged in"; |
333 | $logmsg = "Admin logged in"; |
349 | if ($origin != '') $logmsg .= " via $origin"; |
334 | if ($origin != '') $logmsg .= " via $origin"; |