| 1: | <?php |
| 2: | /* |
| 3: | You may not change or alter any portion of this comment or credits |
| 4: | of supporting developers from this source code or any supporting source code |
| 5: | which is considered copyrighted (c) material of the original comment or credit authors. |
| 6: | |
| 7: | This program is distributed in the hope that it will be useful, |
| 8: | but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 9: | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
| 10: | */ |
| 11: | |
| 12: | namespace Xmf\Jwt; |
| 13: | |
| 14: | use Xmf\Request; |
| 15: | use Xmf\Jwt\KeyFactory; |
| 16: | use Xmf\Key\KeyAbstract; |
| 17: | |
| 18: | /** |
| 19: | * Validate and get payload from a token string |
| 20: | * |
| 21: | * @category Xmf\Jwt\TokenReader |
| 22: | * @package Xmf |
| 23: | * @author Richard Griffith <richard@geekwright.com> |
| 24: | * @copyright 2016-2018 XOOPS Project (https://xoops.org) |
| 25: | * @license GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html) |
| 26: | * @link https://xoops.org |
| 27: | */ |
| 28: | class TokenReader |
| 29: | { |
| 30: | /** |
| 31: | * Validate and decode a JSON Web Token string |
| 32: | * |
| 33: | * @param KeyAbstract|string $key the key to use to sign the token, or name of key to build |
| 34: | * @param string $token the token string to validate and decode |
| 35: | * @param array|\Traversable $assertClaims traversable set of claims, claim => value, to assert |
| 36: | * |
| 37: | * @return \stdClass|false payload as stdClass, or false if token was invalid |
| 38: | * |
| 39: | * @throws \InvalidArgumentException on unusable key name |
| 40: | */ |
| 41: | public static function fromString($key, $token, $assertClaims = array()) |
| 42: | { |
| 43: | $key = ($key instanceof KeyAbstract) ? $key : KeyFactory::build($key); |
| 44: | $jwt = new JsonWebToken($key); |
| 45: | return $jwt->decode($token, $assertClaims); |
| 46: | } |
| 47: | |
| 48: | /** |
| 49: | * Validate and decode a JSON Web Token string from a cookie |
| 50: | * |
| 51: | * @param KeyAbstract|string $key the key to use to sign the token, or name of key to build |
| 52: | * @param string $cookieName name of cookie that sources the token |
| 53: | * @param array|\Traversable $assertClaims traversable set of claims, claim => value, to assert |
| 54: | * |
| 55: | * @return \stdClass|false payload as stdClass, or false if token was invalid |
| 56: | * |
| 57: | * @throws \InvalidArgumentException on unusable key name |
| 58: | */ |
| 59: | public static function fromCookie($key, $cookieName, $assertClaims = array()) |
| 60: | { |
| 61: | $token = Request::getString($cookieName, '', 'COOKIE'); |
| 62: | if (empty($token)) { |
| 63: | return false; |
| 64: | } |
| 65: | return static::fromString($key, $token, $assertClaims); |
| 66: | } |
| 67: | |
| 68: | /** |
| 69: | * Validate and decode a JSON Web Token string from a request (i.e. POST body) |
| 70: | * |
| 71: | * @param KeyAbstract|string $key the key to use to sign the token, or name of key to build |
| 72: | * @param string $attributeName name of cookie that sources the token |
| 73: | * @param array|\Traversable $assertClaims traversable set of claims, claim => value, to assert |
| 74: | * |
| 75: | * @return \stdClass|false payload as stdClass, or false if token was invalid |
| 76: | * |
| 77: | * @throws \InvalidArgumentException on unusable key name |
| 78: | */ |
| 79: | public static function fromRequest($key, $attributeName, $assertClaims = array()) |
| 80: | { |
| 81: | $token = Request::getString($attributeName, ''); |
| 82: | if (empty($token)) { |
| 83: | return false; |
| 84: | } |
| 85: | return static::fromString($key, $token, $assertClaims); |
| 86: | } |
| 87: | |
| 88: | /** |
| 89: | * Validate and decode a JSON Web Token string from a header |
| 90: | * |
| 91: | * @param KeyAbstract|string $key the key to use to sign the token, or name of key to build |
| 92: | * @param array|\Traversable $assertClaims traversable set of claims, claim => value, to assert |
| 93: | * @param string $headerName name of header that sources the token |
| 94: | * |
| 95: | * @return \stdClass|false payload as stdClass, or false if token was invalid |
| 96: | * |
| 97: | * @throws \InvalidArgumentException on unusable key name |
| 98: | */ |
| 99: | public static function fromHeader($key, $assertClaims = array(), $headerName = 'Authorization') |
| 100: | { |
| 101: | $header = Request::getHeader($headerName, ''); |
| 102: | if (empty($header)) { |
| 103: | return false; |
| 104: | } |
| 105: | $header = trim($header); |
| 106: | $space = strpos($header, ' '); // expecting "Bearer base64-token-string" |
| 107: | if (false !== $space) { |
| 108: | $header = substr($header, $space); |
| 109: | } |
| 110: | $token = trim($header); |
| 111: | return static::fromString($key, $token, $assertClaims); |
| 112: | } |
| 113: | } |
| 114: |