function ValidateToken() { try { $headers = getallheaders(); if (!isset($headers['Authorization'])) { return; } $tokenObject = explode(' ', $headers['Authorization']); if (count($tokenObject) != 2) { return; } $tokenValue = $tokenObject[1]; if ($tokenValue == NULL || $tokenValue == '') { return; } JWT::$leeway = 60 * 60 * 24; //24 hours $decoded = JWT::decode($tokenValue, "JWT_KEY", array('HS256')); if (empty($decoded)) { return; } $decoded_array = (array) $decoded; if (empty($decoded_array)) { return; } self::$token = $tokenValue; self::$userId = $decoded_array['uid']; self::$isAuthorized = TRUE; } catch (UnexpectedValueException $e) { return; } catch (Exception $e) { return; } }
public function getJwt() { $return = []; $key = "352352345623463246trswrgsdfgsdfgsdfgsert"; $token = array("iss" => "http://example.org", "aud" => "http://example.com", "iat" => time(), "nbf" => time() - 4123123); /** * IMPORTANT: * You must specify supported algorithms for your application. See * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40 * for a list of spec-compliant algorithms. */ $jwt = JWT::encode($token, $key); $return[] = $jwt; $decoded = JWT::decode($jwt, $key, array('HS256')); $return[] = $decoded; /* NOTE: This will now be an object instead of an associative array. To get an associative array, you will need to cast it as such: */ $decoded_array = (array) $decoded; $return[] = $decoded_array; /** * You can add a leeway to account for when there is a clock skew times between * the signing and verifying servers. It is recommended that this leeway should * not be bigger than a few minutes. * * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef */ JWT::$leeway = 60; // $leeway in seconds $decoded = JWT::decode($jwt, $key, array('HS256')); $return[] = $decoded; return $return; }
public function verifyToken() { $token = null; $headers = apache_request_headers(); /* * Look for the 'authorization' header */ $authHeader = $headers['authorization']; if ($this->debug) { $this->utils->debug(__METHOD__, $authHeader); } if ($authHeader) { //$matches = array(); //preg_match('/Token token="(.*)"/', $headers['Authorization'], $matches); //if(isset($matches[1])){ // $token = $matches[1]; //} /* * Extract the jwt from the Bearer */ //$jwt = sscanf($authHeader, 'Authorization: Bearer %s'); $jwt = str_replace('Bearer ', '', $authHeader); if ($jwt) { /* * decode the jwt using the key from config */ $privateKey = $this->utils->readFile('private/apikey'); $secretKey = base64_decode($privateKey); JWT::$leeway = 5; $token = JWT::decode($jwt, $secretKey, array('HS512')); return $token; } else { /* * No token was able to be extracted from the authorization header */ //header('HTTP/1.0 400 Bad Request'); throw new Exception('Token was not able to be extracted from the authorization header'); return false; } } else { /* * The request lacks the authorization token */ //header('HTTP/1.0 400 Bad Request'); throw new Exception('Token not found in request'); return false; } }
/** * @name isTokenValid * @description * Helps in decoding the Token. If it's valid, returns the decoded_array. Otherwise, returns null */ function isTokenValid($tokenFromClient) { try { // decode the jwt $secretKey = base64_decode(SECRET_KEY); JWT::$leeway = 60; // decode the key $token = JWT::decode($tokenFromClient, $secretKey, array('HS256')); // if no exception twron here, we are good to go. // let's also decode so we can access some info about the user. $decoded_array = (array) $token; // return return $decoded_array; } catch (Exception $e) { return NULL; } }
/** * Decodes the JSON Web Token received as a request header. * * @param string $authHeader Bearer <token string> * @return array The decoded payload of the JWT */ public static function tokenVerify($authHeader) { $tokenDecoded_array = []; if ($authHeader) { $jwt = substr($authHeader, 7); if ($jwt) { try { JWT::$leeway = 60; $tokenDecoded = JWT::decode($jwt, $GLOBALS['key'], array('HS256')); $tokenDecoded_array = (array) $tokenDecoded; } catch (\Exception $e) { echo "Unauthorized! " . $e->getMessage(); } } } else { echo json_encode(array('status' => 'Bad request', 'message' => "No token from Authorization header!")); } return $tokenDecoded_array; }
public function beforeFilter() { parent::beforeFilter(); $this->layout = 'ajax'; JWT::$leeway = 5; // $leeway in seconds try { $token = JWT::decode($this->request->header('Server-Token'), Configure::read('Autobahn.key'), array('HS256')); } catch (Exception $e) { throw new ForbiddenException('Could not auth your request'); } $this->loadModel('User'); if (!isset($token->userId) || !$this->User->exists($token->userId)) { throw new ForbiddenException('Could not auth your request or user does not exists'); } $this->currUserID = $token->userId; $this->currUser = $this->User->findById($token->userId); $this->Auth->login($this->currUser['User']); if ($this->Auth->loggedIn()) { $this->_initTimezone($this->currUser['User']['timezone']); $this->_initLang($this->currUser['User']['lang']); $this->Auth->allow('*'); } }
/** * @param int $leeway for checking timestamps */ public function __construct($leeway = null) { $leeway = $leeway ?: getenv('JWT_LEEWAY'); JWT::$leeway = $leeway ?: 0; }
/** * Constructor * @param string $secretKey injected kernel secret key */ public function __construct($secretKey) { $this->jwtKey = self::PREPEND_KEY . $secretKey; JWT::$leeway = 5; }
/** * JwtService constructor * * @param ClaimManagerContract $claimManager */ public function __construct(ClaimManagerContract $claimManager) { $this->key = Config::get('jwt.secret'); $this->claimManager = $claimManager; JWT::$leeway = Config::get('jwt.leeway'); }
public function show() { $Model = new Model(); $authority = M('authority'); // $USER->where('ID=201522040840')->select(); $list = $authority->select(); // echo M("authority")->getLastSql(); // $this->assign('list',$list); // $list=array('total'=>100,'row'=>$list); $token = json_encode($list); //json print_r($token); // $arr=json_decode($jlist); // echo '使用输出'.$arr->row[0]->id; // print_r($list[0]); //$arr[0]=$list[0]; // echo $list[0]['id']; /* echo 'daole'; $id=201522040840; $sql="select name from __PREFIX__user where id=$id"; $res=mysql_query($sql); $res=$Model->query($sql); $Model = new Model() */ // 实例化一个model对象 没有对应任何数据表 //$Model->query("select * from __PREFIX__user where status=1"); // 3.2.2版本以上还可以直接使用 // $Model->query("select * from __USER__ where status=1"); //json数组 /* $token = array( "iss" => "http://example.org", "aud" => "http://example.com", "iat" => 1356999524, "nbf" => 1357000000 ); */ /** * IMPORTANT: * You must specify supported algorithms for your application. See * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40 * for a list of spec-compliant algorithms. */ $key = "example_key"; $jwt = JWT::encode($token, $key); print_r($jwt); echo '<br>'; $decoded = JWT::decode($jwt, $key, array('HS256')); //json print_r($decoded); $arr = json_decode($decoded); //php数组 print_r($decoded->iss); echo '<br>'; echo $arr->iss; echo '<br>'; /* NOTE: This will now be an object instead of an associative array. To get an associative array, you will need to cast it as such: */ $decoded_array = (array) $decoded; /** * You can add a leeway to account for when there is a clock skew times between * the signing and verifying servers. It is recommended that this leeway should * not be bigger than a few minutes. * * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef */ JWT::$leeway = 60; // $leeway in seconds $decoded = JWT::decode($jwt, $key, array('HS256')); // $decoded[0]->id; /* $Model=new Model(); echo 'daole'; $id=201522040840; $sql="select name from __PREFIX__user where id=$id"; // $res=mysql_query($sql); $res=$Model->query($sql); */ /* $Model = new Model() // 实例化一个model对象 没有对应任何数据表 //$Model->query("select * from __PREFIX__user where status=1"); // 3.2.2版本以上还可以直接使用 $Model->query("select * from __USER__ where status=1"); */ print_r($res); /* $authority = M('authority'); // $USER->where('ID=201522040840')->select(); $list = $authority->select(); // echo M("authority")->getLastSql(); // $this->assign('list',$list); // $list=array('total'=>100,'row'=>$list); $jlist=json_encode($list); // $arr=json_decode($jlist); // echo '使用输出'.$arr->row[0]->id; // print_r($list[0]); //$arr[0]=$list[0]; // echo $list[0]['id']; for($i=0;$i<=2;$i++){ // echo '='.$list[$i]['id'].';name='.$list[$i]['name'].'<br>'; $arr[$i]=array( '学号'=>$list[$i]['id'], '姓名'=>$list[$i]['id']); } print_r( json_encode($arr)); */ /* for ($i=1; $i<=10; $i++) { jlist[i].id; } */ // dump ($list->row[1]); // $this->display(); //header("Content-Type:text/html; charset=utf-8"); /* $Dao = M("authority"); // 实例化模型类 // 构建写入的数据数组 $data["id"] = "4"; $data["name"] = "测试";//md5("123456"); // 写入数据 if($lastInsId = $Dao->add($data)){ echo "插入数据 id 为:$lastInsId"; } else { $this->error('数据写入错误!'); } */ }
public function init() { parent::init(); JWT::$leeway = $this->leeway; self::$_instance = $this; }
public function getMatchers() { return ['beValidJWSToken' => function ($token) { /* * Ensure the token is: * - a string * - that can be decoded as a JWT, * - validates against the API key * - and contains the expected claims. */ // Token must be a string. if (!is_string($token)) { throw new FailureException(sprintf('Token must be a string. ' . gettype($token) . ' found.')); } //--- try { JWT::$leeway = 5; // $leeway in seconds $decoded = JWT::decode($token, self::API_KEY, array('HS256')); } catch (SignatureInvalidException $e) { throw new FailureException($e->getMessage()); } //--- // iss must match our service id. if ($decoded->iss !== self::SERVICE_ID) { throw new FailureException(sprintf(sprintf("Unable to validate iss claim. '%s' expected, but '%s' found.", $decoded->iss, self::SERVICE_ID))); } //--- $time = time(); // iat must be a recent timestamp. if ($decoded->iat < $time - 10 || $decoded->iat > $time + 10) { throw new FailureException(sprintf(sprintf("Unable to validate iat claim. %d expected to be within ten seconds of %d.", $decoded->iat, $time))); } return true; }, 'beInvalidJWSToken' => function ($token) { /** * Returns true when the JWT throws a SignatureInvalidException. */ try { JWT::$leeway = 5; // $leeway in seconds JWT::decode($token, self::API_KEY, array('HS256')); } catch (SignatureInvalidException $e) { return true; } throw new FailureException('Invalid token expected, but the one passed appears valid.'); }]; }
protected function jwt($payload = array()) { global $_JWTConf; //fmt $jwt = null; $jdata = array('iat' => $_JWTConf['issuedAt'], 'jti' => $_JWTConf['tokenId'], 'iss' => $_JWTConf['issuer'], 'nbf' => $_JWTConf['notBefore'], 'exp' => $_JWTConf['expire'], 'payload' => $payload); try { //set gracefully JWT::$leeway = JWT_LEEWAT_TS; //try to munge $jwt = JWT::encode($jdata, $_JWTConf['secretKey']); @header('X-WWW-Authenticate: Basic realm="Ldap-API Secured Area"'); @header('X-Authorization: Bearer ' . $jwt); //remove JWT::$leeway = 0; debug("jwt() : [INFO] {$jwt};"); } catch (\Firebase\JWT\BeforeValidException $e) { debug("jwt() : [BeforeValidException]" . $e->getMessage()); } catch (\Firebase\JWT\ExpiredException $e) { debug("jwt() : [ExpiredException]" . $e->getMessage()); } catch (\Firebase\JWT\SignatureInvalidException $e) { debug("jwt() : [SignatureInvalidException]" . $e->getMessage()); } catch (Exception $e) { debug("jwt() : [Exception]" . $e->getMessage()); } //give it back return $jwt; }
/** * Decode jwt token string * @param string $token * @return object|bool * @throws Exception */ public function decode($token) { JWT::$leeway = $this->leeway; try { $payload = JWT::decode($token, $this->key, [$this->algorithm]); } catch (Exception $e) { return false; } // ensure that iss, aud, and csrf are good $tokenDefaults = $this->getTokenDefaults(); if ($payload->iss != $tokenDefaults["iss"] || $payload->aud != $tokenDefaults["aud"]) { return false; } if (!empty($payload->csrf) && !$this->request->validateCsrfToken($payload->csrf)) { return false; } return $payload; }
public function testInvalidTokenWithIatLeeway() { JWT::$leeway = 60; $payload = array("message" => "abc", "iat" => time() + 65); // issued too far in future $encoded = JWT::encode($payload, 'my_key'); $this->setExpectedException('Firebase\\JWT\\BeforeValidException'); $decoded = JWT::decode($encoded, 'my_key', array('HS256')); JWT::$leeway = 0; }
<?php require_once __DIR__ . '/../vendor/autoload.php'; use Firebase\JWT\JWT; $key = "example_key"; $token = array("iss" => "http://example.org", "aud" => "http://example.com", "iat" => 1356999524, "nbf" => 1357000000); /** * IMPORTANT: * You must specify supported algorithms for your application. See * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40 * for a list of spec-compliant algorithms. */ $jwt = JWT::encode($token, $key); $decoded = JWT::decode($jwt, $key, array('HS256')); print_r($decoded); /* NOTE: This will now be an object instead of an associative array. To get an associative array, you will need to cast it as such: */ $decoded_array = (array) $decoded; /** * You can add a leeway to account for when there is a clock skew times between * the signing and verifying servers. It is recommended that this leeway should * not be bigger than a few minutes. * * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef */ JWT::$leeway = 60; // $leeway in seconds $decoded = JWT::decode($jwt, $key, array('HS256'));
public static function RequestAreAuthorized($returnUserId = false) { $request = new Request(); $authHeader = $request->getHeader('authorization'); if ($authHeader) { list($jwt) = sscanf($authHeader->toString(), 'Authorization: Bearer %s'); if ($jwt) { try { $secretKey = "CoppinPannequinAudio"; JWT::$leeway = 5; $token = JWT::decode($jwt, $secretKey, array('HS512')); if ($returnUserId) { return $token->data->userId; } return true; } catch (Exception $e) { return false; } return false; } return false; } return false; }
try { @session_start(); //set gracefully JWT::$leeway = JWT_LEEWAT_TS; //try to munge $jwt = JWT::encode($xdata, $_JWTConf['secretKey']); $str = JWT::decode($jwt, $_JWTConf['secretKey'], array('HS256')); $_SESSION['_JWT'] = $jwt; @header('Content-type: application/json'); @header('X-WWW-Authenticate: Basic realm="Ldap-API Secured Area"'); @header('X-Authorization: Bearer ' . $jwt); echo '<hr><pre>JSON-JWT-ENCDODE:' . @var_export($jwt, 1) . '</pre><hr><hr><br>'; echo '<hr><pre>JSON-JWT-DECODED:' . @var_export($str, 1) . '</pre><hr><hr><br>'; echo '<hr><pre>JSON-JWT-payload:' . @var_export($str->payload, 1) . '</pre><hr><hr><br>'; //remove JWT::$leeway = 0; } catch (\Firebase\JWT\BeforeValidException $e) { echo '<br>Caught BeforeValidException: ', $e->getMessage(), "<br>"; echo '<br>Caught BeforeValidException: ', $e->getCode(), "<br>"; } catch (\Firebase\JWT\ExpiredException $e) { echo '<br>Caught ExpiredException: ', $e->getMessage(), "<br>"; echo '<br>Caught ExpiredException: ', $e->getCode(), "<br>"; } catch (\Firebase\JWT\SignatureInvalidException $e) { echo '<br>Caught SignatureInvalidException: ', $e->getMessage(), "<br>"; echo '<br>Caught SignatureInvalidException: ', $e->getCode(), "<br>"; } catch (Exception $e) { echo '<br>Caught exception: ', $e->getMessage(), "<br>"; echo '<br>Caught exception: ', $e->getCode(), "<br>"; } $dmp = @var_export(apache_response_headers(), 1); echo "dmp:<pre> {$dmp} </pre><br />\n";