Loading classes/IdTokenBuilder.php +24 −1 Original line number Original line Diff line number Diff line Loading @@ -56,4 +56,27 @@ class IdTokenBuilder { return $payloadArr; return $payloadArr; } } /** * @param int $lifespan in hours * @param string $audit target service */ public function generateNewToken(int $lifespan, string $audit) { $keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair(); $user = $this->locator->getSession()->getUser(); $iat = time(); $exp = $iat + $lifespan * 3600; $payload = array( 'iss' => $this->locator->config->jwtIssuer, 'sub' => strval($user->id), 'iat' => $iat, 'exp' => $exp, 'aud' => $audit ); return JWT::encode($payload, $keyPair->privateKey, $keyPair->alg, $keyPair->keyId); } } } config-example.json +7 −0 Original line number Original line Diff line number Diff line Loading @@ -47,5 +47,12 @@ "gms": { "gms": { "id": "gms", "id": "gms", "joinEndpoint": "http://localhost:8082/gms/ws/jwt/join" "joinEndpoint": "http://localhost:8082/gms/ws/jwt/join" }, "tokenIssuer": { "services": [{ "id": "fileserver", "label": "File Server" }], "lifespan": [1, 6, 12, 24] } } } } css/style.css +4 −0 Original line number Original line Diff line number Diff line Loading @@ -189,3 +189,7 @@ body { padding-right: 10px; padding-right: 10px; max-height: 50px; max-height: 50px; } } #token-issuer-btn { margin-top: 20px; } No newline at end of file include/front-controller.php +50 −0 Original line number Original line Diff line number Diff line Loading @@ -349,4 +349,54 @@ Flight::route('GET /account', function () { } } }); }); Flight::route('GET /token-issuer', function () { session_start(); if (empty($_SESSION['csrf_token'])) { $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); } $csrfToken = $_SESSION['csrf_token']; global $locator; $user = $locator->getSession()->getUser(); $config = $locator->config->tokenIssuer; if ($user === null) { Flight::redirect('/'); } else { $admin = $locator->getUserDAO()->isAdmin($user->id); Flight::render('token-issuer.php', array('title' => 'RAP Token Issuer', 'version' => $locator->getVersion(), 'session' => $locator->getSession(), 'config' => $config, 'csrfToken' => $csrfToken, 'contextRoot' => $locator->config->contextRoot)); } }); Flight::route('POST /token-issuer', function () { session_start(); global $locator; if (empty($_POST['csrf_token']) || !(hash_equals($_SESSION['csrf_token'], $_POST['csrf_token']))) { throw new \RAP\UnauthorizedException("Invalid CSRF token"); } if ($locator->getSession()->getUser() === null) { throw new \RAP\UnauthorizedException("You must be registered to perform this action"); } $postData = Flight::request()->data; if (!isset($postData['lifespan']) || !isset($postData['audit'])) { throw new \RAP\BadRequestException("Missing form parameter"); } $tokenBuilder = $locator->getIdTokenBuilder(); $token = $tokenBuilder->generateNewToken($postData['lifespan'], $postData['audit']); header('Content-Type: text/plain'); header("Content-disposition: attachment; filename=\"token.txt\""); echo $token; }); include 'admin.php'; include 'admin.php'; js/index.js +1 −0 Original line number Original line Diff line number Diff line Loading @@ -28,6 +28,7 @@ function loadTooltips() { function loadTooltips() { $('.primary-identity-icon').tooltip(); $('.primary-identity-icon').tooltip(); $('#join-btn').tooltip(); $('#join-btn').tooltip(); $('#token-issuer-btn').tooltip(); } } // When the document is loaded // When the document is loaded Loading Loading
classes/IdTokenBuilder.php +24 −1 Original line number Original line Diff line number Diff line Loading @@ -56,4 +56,27 @@ class IdTokenBuilder { return $payloadArr; return $payloadArr; } } /** * @param int $lifespan in hours * @param string $audit target service */ public function generateNewToken(int $lifespan, string $audit) { $keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair(); $user = $this->locator->getSession()->getUser(); $iat = time(); $exp = $iat + $lifespan * 3600; $payload = array( 'iss' => $this->locator->config->jwtIssuer, 'sub' => strval($user->id), 'iat' => $iat, 'exp' => $exp, 'aud' => $audit ); return JWT::encode($payload, $keyPair->privateKey, $keyPair->alg, $keyPair->keyId); } } }
config-example.json +7 −0 Original line number Original line Diff line number Diff line Loading @@ -47,5 +47,12 @@ "gms": { "gms": { "id": "gms", "id": "gms", "joinEndpoint": "http://localhost:8082/gms/ws/jwt/join" "joinEndpoint": "http://localhost:8082/gms/ws/jwt/join" }, "tokenIssuer": { "services": [{ "id": "fileserver", "label": "File Server" }], "lifespan": [1, 6, 12, 24] } } } }
css/style.css +4 −0 Original line number Original line Diff line number Diff line Loading @@ -189,3 +189,7 @@ body { padding-right: 10px; padding-right: 10px; max-height: 50px; max-height: 50px; } } #token-issuer-btn { margin-top: 20px; } No newline at end of file
include/front-controller.php +50 −0 Original line number Original line Diff line number Diff line Loading @@ -349,4 +349,54 @@ Flight::route('GET /account', function () { } } }); }); Flight::route('GET /token-issuer', function () { session_start(); if (empty($_SESSION['csrf_token'])) { $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); } $csrfToken = $_SESSION['csrf_token']; global $locator; $user = $locator->getSession()->getUser(); $config = $locator->config->tokenIssuer; if ($user === null) { Flight::redirect('/'); } else { $admin = $locator->getUserDAO()->isAdmin($user->id); Flight::render('token-issuer.php', array('title' => 'RAP Token Issuer', 'version' => $locator->getVersion(), 'session' => $locator->getSession(), 'config' => $config, 'csrfToken' => $csrfToken, 'contextRoot' => $locator->config->contextRoot)); } }); Flight::route('POST /token-issuer', function () { session_start(); global $locator; if (empty($_POST['csrf_token']) || !(hash_equals($_SESSION['csrf_token'], $_POST['csrf_token']))) { throw new \RAP\UnauthorizedException("Invalid CSRF token"); } if ($locator->getSession()->getUser() === null) { throw new \RAP\UnauthorizedException("You must be registered to perform this action"); } $postData = Flight::request()->data; if (!isset($postData['lifespan']) || !isset($postData['audit'])) { throw new \RAP\BadRequestException("Missing form parameter"); } $tokenBuilder = $locator->getIdTokenBuilder(); $token = $tokenBuilder->generateNewToken($postData['lifespan'], $postData['audit']); header('Content-Type: text/plain'); header("Content-disposition: attachment; filename=\"token.txt\""); echo $token; }); include 'admin.php'; include 'admin.php';
js/index.js +1 −0 Original line number Original line Diff line number Diff line Loading @@ -28,6 +28,7 @@ function loadTooltips() { function loadTooltips() { $('.primary-identity-icon').tooltip(); $('.primary-identity-icon').tooltip(); $('#join-btn').tooltip(); $('#join-btn').tooltip(); $('#token-issuer-btn').tooltip(); } } // When the document is loaded // When the document is loaded Loading
