Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add jsonlogic conditions on endpoints #138

Merged
merged 16 commits into from
Dec 19, 2024
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Docblocks on authorization service
rjzondervan committed Dec 18, 2024
commit 1c7ea85a32c4df1a666f711dbe53cdbb854ea925
44 changes: 44 additions & 0 deletions lib/Service/AuthorizationService.php
Original file line number Diff line number Diff line change
@@ -28,19 +28,34 @@
use OCP\IUserManager;
use OCP\IUserSession;

/**
* Service class for handling authorization on incoming calls.
*/
class AuthorizationService
{
const HMAC_ALGORITHMS = ['HS256', 'HS384', 'HS512'];
const PKCS1_ALGORITHMS = ['RS256', 'RS384', 'RS512'];
const PSS_ALGORITHMS = ['PS256', 'PS384', 'PS512'];


/**
* @param IUserManager $userManager
* @param IUserSession $userSession
* @param ConsumerMapper $consumerMapper
*/
public function __construct(
private readonly IUserManager $userManager,
private readonly IUserSession $userSession,
private readonly ConsumerMapper $consumerMapper,
) {}

/**
* Find the issuer (consumer) for the request.
*
* @param string $issuer The issuer from the JWT token.
* @return Consumer The consumer for the JWT token.
* @throws AuthenticationException Thrown if no issuer was found.
*/
private function findIssuer(string $issuer): Consumer
{
$consumers = $this->consumerMapper->findAll(filters: ['name' => $issuer]);
@@ -52,6 +67,12 @@ private function findIssuer(string $issuer): Consumer
return $consumers[0];
}

/**
* Check if the headers of a JWT token are valid.
*
* @param JWS $token The unserialized token.
* @return void
*/
private function checkHeaders(JWS $token): void {
$headerChecker = new HeaderCheckerManager(
checkers: [
@@ -63,6 +84,14 @@ private function checkHeaders(JWS $token): void {

}

/**
* Get the Json Web Key for a public key combined with an algorithm.
*
* @param string $publicKey The public key to create a JWK for
* @param string $algorithm The algorithm deciding how the key should be defined.
* @return JWKSet The resulting JWK-set.
* @throws AuthenticationException
*/
private function getJWK(string $publicKey, string $algorithm): JWKSet
{

@@ -94,6 +123,13 @@ private function getJWK(string $publicKey, string $algorithm): JWKSet
throw new AuthenticationException(message: 'The token algorithm is not supported', details: ['algorithm' => $algorithm]);
}

/**
* Validate data in the payload.
*
* @param array $payload The payload of the JWT token.
* @return void
* @throws AuthenticationException
*/
public function validatePayload(array $payload): void
{
$now = new DateTime();
@@ -115,6 +151,14 @@ public function validatePayload(array $payload): void
throw new AuthenticationException(message: 'The token has expired', details: ['iat' => $iat->getTimestamp(), 'exp' => $exp->getTimestamp(), 'time checked' => $now->getTimestamp()]);
}
}

/**
* Checks if authorization header contains a valid JWT token.
*
* @param string $authorization The authorization header.
* @return void
* @throws AuthenticationException
*/
public function authorize(string $authorization): void
{
$token = substr(string: $authorization, offset: strlen('Bearer '));