Compare commits
3 Commits
23079e6040
...
0271aec31b
| Author | SHA1 | Date | |
|---|---|---|---|
|
0271aec31b | ||
|
|
6582378b6e | ||
|
|
d149e0a741 |
@ -7,7 +7,7 @@ use Ulmus\User\Entity\UserInterface;
|
||||
|
||||
interface AuthorizeMethodInterface
|
||||
{
|
||||
public function connect(ServerRequestInterface $request, UserInterface $user) : bool;
|
||||
public function connect(ServerRequestInterface $request) : ServerRequestInterface;
|
||||
|
||||
public function catchRequest(ServerRequestInterface $request) : bool;
|
||||
}
|
||||
@ -3,34 +3,31 @@
|
||||
namespace Ulmus\User\Authorize\Header;
|
||||
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Ulmus\User\Entity\BasicAuthUserInterface;
|
||||
use Ulmus\User\Entity\UserInterface;
|
||||
use Ulmus\User\Lib\Authorize;
|
||||
use Ulmus\User\Lib\AuthenticationMethodEnum;
|
||||
|
||||
class BasicMethod implements MethodInterface
|
||||
{
|
||||
public function __construct(
|
||||
protected BasicAuthUserInterface $user,
|
||||
protected string|array $arguments
|
||||
) {}
|
||||
|
||||
public function execute(ServerRequestInterface $request) : bool
|
||||
public function execute(ServerRequestInterface $request) : ServerRequestInterface
|
||||
{
|
||||
if ( false === $decoded = base64_decode($this->arguments) ) {
|
||||
throw new \RuntimeException("Base64 decoding of given username:password failed");
|
||||
}
|
||||
|
||||
list($userName, $password) = explode(':', $decoded) + [ null, null ];
|
||||
list($username, $password) = explode(':', $decoded) + [ null, null ];
|
||||
|
||||
if ( empty($userName) ) {
|
||||
if ( empty($username) ) {
|
||||
throw new \RuntimeException("A username must be provided");
|
||||
}
|
||||
elseif ( empty($password) ) {
|
||||
throw new \RuntimeException("A password must be provided");
|
||||
}
|
||||
|
||||
( new Authorize($this->user) )->authenticate([ $this->user->usernameField() => $userName ], $password);
|
||||
|
||||
return $this->user->loggedIn();
|
||||
return $request->withAttribute('authentication_middleware:method', AuthenticationMethodEnum::UsernamePassword)
|
||||
->withAttribute('authentication_middleware:username', $username)
|
||||
->withAttribute('authentication_middleware:password', $password);
|
||||
}
|
||||
}
|
||||
@ -3,32 +3,30 @@
|
||||
namespace Ulmus\User\Authorize\Header;
|
||||
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Ulmus\User\Authorize\Bearer\JsonWebToken;
|
||||
use Ulmus\User\Authorize\Bearer\JsonWebTokenDecoder;
|
||||
use Ulmus\User\Entity\UserInterface;
|
||||
use Ulmus\User\Lib\Authorize;
|
||||
use Ulmus\User\Lib\Authenticate;
|
||||
|
||||
class BearerMethod implements MethodInterface
|
||||
{
|
||||
protected JsonWebTokenDecoder $jwt;
|
||||
|
||||
public function __construct(
|
||||
protected UserInterface $user,
|
||||
# protected Authenticate $authorize,
|
||||
# protected UserInterface $user,
|
||||
protected string $token
|
||||
) {}
|
||||
|
||||
public function execute(ServerRequestInterface $request) : bool
|
||||
public function execute(ServerRequestInterface $request) : ServerRequestInterface
|
||||
{
|
||||
# $this->authorize->user = $this->user;
|
||||
|
||||
switch($this->autodetectTokenType()) {
|
||||
case BearerTokenTypeEnum::JsonWebToken:
|
||||
$authorize = new Authorize($this->user);
|
||||
|
||||
$payload = $this->jwt->getPayload();
|
||||
|
||||
if ($payload['sub'] ?? false) {
|
||||
if ( ! $authorize->logUser((int) $payload['sub']) ) {
|
||||
throw new \Exception("Given user id do not match with an existing/active user");
|
||||
}
|
||||
if ( $payload['sub'] ?? false) {
|
||||
$request = $request->withAttribute('authentication_middleware:user_id', $payload['sub']);
|
||||
}
|
||||
else {
|
||||
throw new \InvalidArgumentException("Given JsonWebToken is missing a 'sub' key (which concords to user id)");
|
||||
@ -41,8 +39,7 @@ class BearerMethod implements MethodInterface
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
return $this->user->loggedIn();
|
||||
return $request;
|
||||
}
|
||||
|
||||
public function autodetectTokenType() : BearerTokenTypeEnum
|
||||
@ -55,9 +52,4 @@ class BearerMethod implements MethodInterface
|
||||
|
||||
return BearerTokenTypeEnum::UniqueKey;
|
||||
}
|
||||
|
||||
protected function userFromJWT() : UserInterface
|
||||
{
|
||||
|
||||
}
|
||||
}
|
||||
@ -4,15 +4,17 @@ namespace Ulmus\User\Authorize\Header;
|
||||
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Ulmus\User\Entity\DigestAuthUserInterface;
|
||||
use Ulmus\User\Lib\Authenticate;
|
||||
|
||||
class DigestMethod implements MethodInterface
|
||||
{
|
||||
public function __construct(
|
||||
protected DigestAuthUserInterface $user,
|
||||
# protected Authenticate $authorize,
|
||||
# protected DigestAuthUserInterface $user,
|
||||
protected string|array $arguments
|
||||
) {}
|
||||
|
||||
public function execute(ServerRequestInterface $request) : bool
|
||||
public function execute(ServerRequestInterface $request) : ServerRequestInterface
|
||||
{
|
||||
$arguments = $this->parseDigestArguments($this->arguments);
|
||||
|
||||
@ -26,7 +28,7 @@ class DigestMethod implements MethodInterface
|
||||
|
||||
$arguments['nc'] = str_pad($arguments['nc'] ?? "1", 8, '0', STR_PAD_LEFT);
|
||||
|
||||
$ha1 = $this->getSecretHash();
|
||||
$ha1 = "@TODO !@"; # $this->authorize->user->getSecretHash();
|
||||
|
||||
if ($isSess) {
|
||||
$ha1 = hash($hashMethod, implode(':', [
|
||||
@ -39,14 +41,14 @@ class DigestMethod implements MethodInterface
|
||||
$ha2 = hash($hashMethod, implode(':', [
|
||||
strtoupper($request->getMethod()), $arguments['uri'], hash($hashMethod, $body ?? "")
|
||||
]));
|
||||
break;
|
||||
break;
|
||||
|
||||
case 'auth':
|
||||
default:
|
||||
$ha2 = hash($hashMethod, implode(':', [
|
||||
strtoupper($request->getMethod()), $arguments['uri']
|
||||
]));
|
||||
break;
|
||||
break;
|
||||
}
|
||||
|
||||
if (isset($arguments['qop'])) {
|
||||
@ -60,7 +62,13 @@ class DigestMethod implements MethodInterface
|
||||
]));
|
||||
}
|
||||
|
||||
return $response === $arguments['response'];
|
||||
if ($response === $arguments['response']) {
|
||||
$request = $request->withAttribute('authentication_middleware:user_id', $arguments['username']);
|
||||
|
||||
# @TODO ! Add Type here to match login with Username Only
|
||||
}
|
||||
|
||||
return $request;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -6,5 +6,5 @@ use Psr\Http\Message\ServerRequestInterface;
|
||||
|
||||
interface MethodInterface
|
||||
{
|
||||
public function execute(ServerRequestInterface $request) : bool;
|
||||
public function execute(ServerRequestInterface $request) : ServerRequestInterface;
|
||||
}
|
||||
@ -5,54 +5,64 @@ namespace Ulmus\User\Authorize;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Ulmus\User\Common\AuthorizeContentTypeEnum;
|
||||
use Ulmus\User\Entity\{ DigestAuthUserInterface, UserInterface };
|
||||
use Ulmus\User\Lib\Authenticate;
|
||||
use Ulmus\User\Lib\HeaderAuthenticationTypeEnum;
|
||||
|
||||
class HeaderAuthentication implements AuthorizeMethodInterface
|
||||
{
|
||||
public function connect(ServerRequestInterface $request, UserInterface $user): bool
|
||||
public function __construct(
|
||||
protected Authenticate $authorize,
|
||||
) { }
|
||||
|
||||
public function connect(ServerRequestInterface $request): ServerRequestInterface
|
||||
{
|
||||
if (null !== ( $auth = $request->getHeaderLine('Authorization') )) {
|
||||
list($method, $value) = explode(' ', $auth, 2) + [ null, null ];
|
||||
$type = HeaderAuthenticationTypeEnum::fromRequest($request);
|
||||
|
||||
switch(strtolower($method)) {
|
||||
case "basic":
|
||||
$methodObj = new Header\BasicMethod($user, $value);
|
||||
if ( null !== $type ) {
|
||||
list(, $value) = explode(' ', $request->getHeaderLine('Authorization'), 2) + [ null, null ];
|
||||
|
||||
switch($type) {
|
||||
case HeaderAuthenticationTypeEnum::Basic:
|
||||
$methodObj = new Header\BasicMethod($value);
|
||||
break;
|
||||
|
||||
case "digest":
|
||||
if (! $user instanceof DigestAuthUserInterface) {
|
||||
throw new \RuntimeException("Your user entity must provide a valid hash of `user:realm:password` ");
|
||||
}
|
||||
case HeaderAuthenticationTypeEnum::Digest:
|
||||
#if (! $user instanceof DigestAuthUserInterface) {
|
||||
# throw new \RuntimeException("Your user entity must provide a valid hash of `user:realm:password` ");
|
||||
#}
|
||||
|
||||
$methodObj = new Header\DigestMethod($user, $value);
|
||||
$methodObj = new Header\DigestMethod($value);
|
||||
break;
|
||||
|
||||
case "bearer":
|
||||
$methodObj = new Header\BearerMethod($user, $value);
|
||||
case HeaderAuthenticationTypeEnum::Bearer:
|
||||
$methodObj = new Header\BearerMethod($value);
|
||||
break;
|
||||
|
||||
case "token":
|
||||
|
||||
case HeaderAuthenticationTypeEnum::Token:
|
||||
// @TODO !
|
||||
break;
|
||||
|
||||
default:
|
||||
throw new \InvalidArgumentException("An authentication method must be provided");
|
||||
}
|
||||
}
|
||||
|
||||
return isset($methodObj) && $methodObj->execute($request);
|
||||
}
|
||||
if (isset($methodObj)) {
|
||||
$request = $methodObj->execute($request);
|
||||
}
|
||||
|
||||
return $request;
|
||||
}
|
||||
|
||||
public function catchRequest(ServerRequestInterface $request) : bool
|
||||
{
|
||||
foreach(array_merge($request->getHeader('Accept'), $request->getHeader('Content-Type')) as $accept) {
|
||||
# Previously only catched from JSON content-type ; now accepts every connections
|
||||
|
||||
/*foreach(array_merge($request->getHeader('Accept'), $request->getHeader('Content-Type')) as $accept) {
|
||||
foreach(explode(',', $accept) as $contentType) {
|
||||
if ( AuthorizeContentTypeEnum::tryFrom(strtolower($contentType)) ) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}*/
|
||||
|
||||
return false;
|
||||
return $request->hasHeader('authorization');
|
||||
}
|
||||
}
|
||||
@ -5,21 +5,23 @@ namespace Ulmus\User\Authorize;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Ulmus\User\Entity\UserInterface;
|
||||
use Ulmus\User\Lib\Authenticate;
|
||||
use Ulmus\User\Lib\AuthenticationMethodEnum;
|
||||
|
||||
class PostRequestAuthentication implements AuthorizeMethodInterface
|
||||
{
|
||||
public function __construct(
|
||||
public Authenticate $authenticate,
|
||||
protected string $fieldUser = "email",
|
||||
protected string $postFieldUser = "email",
|
||||
protected string $postFieldPassword = "password",
|
||||
) {}
|
||||
|
||||
public function connect(ServerRequestInterface $request, UserInterface $user): bool
|
||||
public function connect(ServerRequestInterface $request) : ServerRequestInterface
|
||||
{
|
||||
$post = $request->getParsedBody();
|
||||
|
||||
return $this->authenticate->authenticate([ $this->fieldUser => $post[$this->postFieldUser] ], $post[$this->postFieldPassword]);
|
||||
return $request->withAttribute('authentication_middleware:method', AuthenticationMethodEnum::UsernamePassword)
|
||||
->withAttribute('authentication_middleware:username', [ $this->fieldUser => $post[$this->postFieldUser] ])
|
||||
->withAttribute('authentication_middleware:password', $post[$this->postFieldPassword]);
|
||||
}
|
||||
|
||||
public function catchRequest(ServerRequestInterface $request): bool
|
||||
|
||||
@ -42,10 +42,14 @@ class Authenticate {
|
||||
$this->session->destroy();
|
||||
}
|
||||
|
||||
public function authenticate(array $userLogin, string $password) : bool
|
||||
public function authenticate(string|array $userLogin, string $password) : bool
|
||||
{
|
||||
$repository = $this->user::repository();
|
||||
|
||||
if (is_string($userLogin)) {
|
||||
$userLogin = [ $this->user->usernameField() => $userLogin ];
|
||||
}
|
||||
|
||||
foreach($userLogin as $field => $value) {
|
||||
$repository->or($field, $value);
|
||||
}
|
||||
@ -120,7 +124,7 @@ class Authenticate {
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function logUser(?int $id) : ? UserInterface
|
||||
public function loadUser(?int $id) : ? UserInterface
|
||||
{
|
||||
try {
|
||||
if ($id === null || null === ($entity = $this->user::repository()->loadFromPk($id))) {
|
||||
@ -133,8 +137,17 @@ class Authenticate {
|
||||
|
||||
$this->user->fromArray($entity);
|
||||
|
||||
$this->user->loggedIn(true);
|
||||
|
||||
return $this->user;
|
||||
}
|
||||
|
||||
public function logUser(?int $id) : ? UserInterface
|
||||
{
|
||||
if ( null !== $this->loadUser($id) ) {
|
||||
$this->user->loggedIn(true);
|
||||
|
||||
return $this->user;
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
9
src/Lib/AuthenticationMethodEnum.php
Normal file
9
src/Lib/AuthenticationMethodEnum.php
Normal file
@ -0,0 +1,9 @@
|
||||
<?php
|
||||
|
||||
namespace Ulmus\User\Lib;
|
||||
|
||||
enum AuthenticationMethodEnum
|
||||
{
|
||||
case ForceLogin;
|
||||
case UsernamePassword;
|
||||
}
|
||||
24
src/Lib/HeaderAuthenticationTypeEnum.php
Normal file
24
src/Lib/HeaderAuthenticationTypeEnum.php
Normal file
@ -0,0 +1,24 @@
|
||||
<?php
|
||||
|
||||
namespace Ulmus\User\Lib;
|
||||
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
|
||||
enum HeaderAuthenticationTypeEnum : string
|
||||
{
|
||||
case Basic = "basic";
|
||||
case Digest = "digest";
|
||||
case Bearer = "bearer";
|
||||
case Token = "token";
|
||||
|
||||
public static function fromRequest(ServerRequestInterface $request) : ? static
|
||||
{
|
||||
if ($request->hasHeader('authorization')) {
|
||||
list($method, ) = explode(' ', $request->getHeaderLine('authorization'), 2);
|
||||
|
||||
return static::tryFrom(strtolower($method));
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
50
src/Middleware/AuthenticationMiddleware.php
Normal file
50
src/Middleware/AuthenticationMiddleware.php
Normal file
@ -0,0 +1,50 @@
|
||||
<?php
|
||||
|
||||
namespace Ulmus\User\Middleware;
|
||||
|
||||
use Psr\Http\{
|
||||
Message\ResponseInterface,
|
||||
Message\ServerRequestInterface,
|
||||
Server\MiddlewareInterface,
|
||||
Server\RequestHandlerInterface
|
||||
};
|
||||
use Ulmus\User\Entity\UserInterface;
|
||||
use Ulmus\User\Authorize\PostRequestAuthentication;
|
||||
use Ulmus\User\Lib\Authenticate;
|
||||
use Ulmus\User\Lib\AuthenticationMethodEnum;
|
||||
|
||||
class AuthenticationMiddleware implements MiddlewareInterface
|
||||
{
|
||||
public function __construct(
|
||||
protected Authenticate $authenticator,
|
||||
protected \Closure $loginFailedResponse,
|
||||
) {}
|
||||
|
||||
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
|
||||
{
|
||||
try {
|
||||
if (null !== $id = $request->getAttribute('authentication_middleware:user_id')) {
|
||||
$this->authenticator->loadUser($id);
|
||||
|
||||
if ( ! $this->authenticator->user->isLoaded() ) {
|
||||
throw new \Exception("Given user id do not match with an existing/active user");
|
||||
}
|
||||
}
|
||||
|
||||
switch($request->getAttribute('authentication_middleware:method')) {
|
||||
case AuthenticationMethodEnum::ForceLogin:
|
||||
$this->authenticator->login();
|
||||
break;
|
||||
|
||||
case AuthenticationMethodEnum::UsernamePassword:
|
||||
$this->authenticator->authenticate($request->getAttribute('authentication_middleware:username'), $request->getAttribute('authentication_middleware:password'));
|
||||
break;
|
||||
}
|
||||
}
|
||||
catch(\Exception $e) {
|
||||
return call_user_func($this->loginFailedResponse, [ 'api.error_message' => $e->getMessage() ]);
|
||||
}
|
||||
|
||||
return $handler->handle($request);
|
||||
}
|
||||
}
|
||||
@ -10,30 +10,18 @@ use Psr\Http\{
|
||||
};
|
||||
use Ulmus\User\Entity\UserInterface;
|
||||
use Ulmus\User\Authorize\HeaderAuthentication;
|
||||
use Ulmus\User\Lib\Authenticate;
|
||||
|
||||
class HeaderAuthenticationMiddleware implements MiddlewareInterface
|
||||
{
|
||||
protected HeaderAuthentication $authenticator;
|
||||
|
||||
public function __construct(
|
||||
protected UserInterface $entity,
|
||||
protected \Closure $loginFailedResponse,
|
||||
HeaderAuthentication $authenticator = null,
|
||||
) {
|
||||
$this->authenticator = $authenticator ?: new HeaderAuthentication();
|
||||
}
|
||||
protected HeaderAuthentication $authenticator,
|
||||
) { }
|
||||
|
||||
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
|
||||
{
|
||||
try {
|
||||
if ( $this->authenticator->catchRequest($request) ) {
|
||||
if ( ! $this->authenticator->connect($request, $this->entity) ) {
|
||||
return call_user_func($this->loginFailedResponse, [ 'api.process' => "Auth failed" ]);
|
||||
}
|
||||
}
|
||||
}
|
||||
catch(\Exception $e) {
|
||||
return call_user_func($this->loginFailedResponse, [ 'api.error_message' => $e->getMessage() ]);
|
||||
if ( $this->authenticator->catchRequest($request) ) {
|
||||
$request = $this->authenticator->connect($request);
|
||||
}
|
||||
|
||||
return $handler->handle($request);
|
||||
|
||||
@ -14,24 +14,15 @@ use Ulmus\User\Lib\Authenticate;
|
||||
|
||||
class PostRequestAuthenticationMiddleware implements MiddlewareInterface
|
||||
{
|
||||
protected PostRequestAuthentication $authenticator;
|
||||
|
||||
public function __construct(
|
||||
protected UserInterface $entity,
|
||||
protected \Closure $loginFailedResponse,
|
||||
PostRequestAuthentication $authenticator = null,
|
||||
protected PostRequestAuthentication $authenticator,
|
||||
) {
|
||||
$this->authenticator = $authenticator ?: new PostRequestAuthentication(new Authenticate($entity));
|
||||
}
|
||||
|
||||
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
|
||||
{
|
||||
$this->authenticator->authenticate->rememberMe();
|
||||
|
||||
if ( $this->authenticator->catchRequest($request) ) {
|
||||
if ( ! $this->authenticator->connect($request, $this->entity) ) {
|
||||
return call_user_func($this->loginFailedResponse, "Login failed");
|
||||
}
|
||||
$request = $this->authenticator->connect($request);
|
||||
}
|
||||
|
||||
return $handler->handle($request);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user