1: <?php
2: /*
3: You may not change or alter any portion of this comment or credits
4: of supporting developers from this source code or any supporting source code
5: which is considered copyrighted (c) material of the original comment or credit authors.
6:
7: This program is distributed in the hope that it will be useful,
8: but WITHOUT ANY WARRANTY; without even the implied warranty of
9: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10: */
11:
12: namespace Xmf\Jwt;
13:
14: use Xmf\Request;
15:
16: /**
17: * Validate and get payload from a token string
18: *
19: * @category Xmf\Jwt\TokenReader
20: * @package Xmf
21: * @author Richard Griffith <richard@geekwright.com>
22: * @copyright 2016 XOOPS Project (http://xoops.org)
23: * @license GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
24: * @link http://xoops.org
25: */
26: class TokenReader
27: {
28: /**
29: * Validate and decode a JSON Web Token string
30: *
31: * @param string $keyName name of the key to used to sign the token
32: * @param string $token the token string to validate and decode
33: * @param array|\Traversable $assertClaims traversable set of claims, claim => value, to assert
34: *
35: * @return object|false payload as stdClass, or false if token was invalid
36: */
37: public static function fromString($keyName, $token, $assertClaims = array())
38: {
39: $jwt = new JsonWebToken(KeyFactory::build($keyName));
40: return $jwt->decode($token, $assertClaims);
41: }
42:
43: /**
44: * Validate and decode a JSON Web Token string from a cookie
45: *
46: * @param string $keyName name of the key to used to sign the token
47: * @param string $cookieName name of cookie that sources the token
48: * @param array|\Traversable $assertClaims traversable set of claims, claim => value, to assert
49: *
50: * @return object|false payload as stdClass, or false if token was invalid
51: */
52: public static function fromCookie($keyName, $cookieName, $assertClaims = array())
53: {
54: $token = Request::getString($cookieName, '', 'COOKIE');
55: if (empty($token)) {
56: return false;
57: }
58: return static::fromString($keyName, $token, $assertClaims);
59: }
60:
61: /**
62: * Validate and decode a JSON Web Token string from a request (i.e. POST body)
63: *
64: * @param string $keyName name of the key to used to sign the token
65: * @param string $attributeName name of cookie that sources the token
66: * @param array|\Traversable $assertClaims traversable set of claims, claim => value, to assert
67: *
68: * @return object|false payload as stdClass, or false if token was invalid
69: */
70: public static function fromRequest($keyName, $attributeName, $assertClaims = array())
71: {
72: $token = Request::getString($attributeName, '');
73: if (empty($token)) {
74: return false;
75: }
76: return static::fromString($keyName, $token, $assertClaims);
77: }
78:
79: /**
80: * Validate and decode a JSON Web Token string from a header
81: *
82: * @param string $keyName name of the key to used to sign the token
83: * @param array|\Traversable $assertClaims traversable set of claims, claim => value, to assert
84: * @param string $headerName name of header that sources the token
85: *
86: * @return object|false payload as stdClass, or false if token was invalid
87: */
88: public static function fromHeader($keyName, $assertClaims = array(), $headerName = 'Authorization')
89: {
90: $header = Request::getHeader($headerName, '');
91: if (empty($header)) {
92: return false;
93: }
94: $header = trim($header);
95: $space = strpos($header, ' '); // expecting "Bearer base64-token-string"
96: if (false !== $space) {
97: $header = substr($header, $space);
98: }
99: $token = trim($header);
100: return static::fromString($keyName, $token, $assertClaims);
101: }
102: }
103: