56 lines
1.7 KiB
PHP
56 lines
1.7 KiB
PHP
<?php
|
|
|
|
namespace OCA\SCIMServiceProvider\Util\Authentication;
|
|
|
|
use Exception;
|
|
use Opf\ScimServerPhp\Firebase\JWT\JWT;
|
|
use Opf\ScimServerPhp\Firebase\JWT\Key;
|
|
use OCA\SCIMServiceProvider\Util\Util;
|
|
use OCP\IUserManager;
|
|
use Opf\Util\Authentication\AuthenticatorInterface;
|
|
use Psr\Container\ContainerInterface;
|
|
use Psr\Log\LoggerInterface;
|
|
|
|
class BearerAuthenticator implements AuthenticatorInterface
|
|
{
|
|
/** @var \Psr\Log\LoggerInterface */
|
|
private LoggerInterface $logger;
|
|
|
|
/** @var \OCP\IUserManager */
|
|
private IUserManager $userManager;
|
|
|
|
public function __construct(ContainerInterface $container)
|
|
{
|
|
$this->logger = $container->get(LoggerInterface::class);
|
|
$this->userManager = $container->get(IUserManager::class);
|
|
}
|
|
|
|
public function authenticate(string $credentials, array $authorizationInfo): bool
|
|
{
|
|
$jwtPayload = [];
|
|
$jwtSecret = Util::getConfigFile()['jwt']['secret'];
|
|
try {
|
|
$jwtPayload = (array) JWT::decode($credentials, new Key($jwtSecret, 'HS256'));
|
|
} catch (Exception $e) {
|
|
$this->logger->error($e->getMessage());
|
|
return false;
|
|
}
|
|
|
|
// If the 'user' claim is missing from the JWT, then auth is considered to have failed
|
|
if (!isset($jwtPayload['user']) || empty($jwtPayload['user'])) {
|
|
$this->logger->error("No \"user\" claim found in JWT");
|
|
return false;
|
|
}
|
|
|
|
$username = $jwtPayload['user'];
|
|
|
|
// If we managed to find a user with that username, then auth succeeded
|
|
$user = $this->userManager->get($username);
|
|
if ($user !== null) {
|
|
return true;
|
|
}
|
|
|
|
$this->logger->error("User with this username doesn't exist");
|
|
return false;
|
|
}
|
|
}
|