diff options
Diffstat (limited to 'application/api')
| -rw-r--r-- | application/api/ApiMiddleware.php | 11 | ||||
| -rw-r--r-- | application/api/ApiUtils.php | 12 |
2 files changed, 13 insertions, 10 deletions
diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php index 162e88e0..522091ca 100644 --- a/application/api/ApiMiddleware.php +++ b/application/api/ApiMiddleware.php | |||
| @@ -98,8 +98,7 @@ class ApiMiddleware | |||
| 98 | * @throws ApiAuthorizationException The token couldn't be validated. | 98 | * @throws ApiAuthorizationException The token couldn't be validated. |
| 99 | */ | 99 | */ |
| 100 | protected function checkToken($request) { | 100 | protected function checkToken($request) { |
| 101 | $jwt = $request->getHeaderLine('jwt'); | 101 | if (! $request->hasHeader('Authorization')) { |
| 102 | if (empty($jwt)) { | ||
| 103 | throw new ApiAuthorizationException('JWT token not provided'); | 102 | throw new ApiAuthorizationException('JWT token not provided'); |
| 104 | } | 103 | } |
| 105 | 104 | ||
| @@ -107,7 +106,13 @@ class ApiMiddleware | |||
| 107 | throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration'); | 106 | throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration'); |
| 108 | } | 107 | } |
| 109 | 108 | ||
| 110 | ApiUtils::validateJwtToken($jwt, $this->conf->get('api.secret')); | 109 | $authorization = $request->getHeaderLine('Authorization'); |
| 110 | |||
| 111 | if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) { | ||
| 112 | throw new ApiAuthorizationException('Invalid JWT header'); | ||
| 113 | } | ||
| 114 | |||
| 115 | ApiUtils::validateJwtToken($matches[1], $this->conf->get('api.secret')); | ||
| 111 | } | 116 | } |
| 112 | 117 | ||
| 113 | /** | 118 | /** |
diff --git a/application/api/ApiUtils.php b/application/api/ApiUtils.php index d0242919..d4015865 100644 --- a/application/api/ApiUtils.php +++ b/application/api/ApiUtils.php | |||
| @@ -1,13 +1,11 @@ | |||
| 1 | <?php | 1 | <?php |
| 2 | |||
| 3 | namespace Shaarli\Api; | 2 | namespace Shaarli\Api; |
| 4 | 3 | ||
| 4 | use Shaarli\Base64Url; | ||
| 5 | use Shaarli\Api\Exceptions\ApiAuthorizationException; | 5 | use Shaarli\Api\Exceptions\ApiAuthorizationException; |
| 6 | 6 | ||
| 7 | /** | 7 | /** |
| 8 | * Class ApiUtils | 8 | * REST API utilities |
| 9 | * | ||
| 10 | * Utility functions for the API. | ||
| 11 | */ | 9 | */ |
| 12 | class ApiUtils | 10 | class ApiUtils |
| 13 | { | 11 | { |
| @@ -26,17 +24,17 @@ class ApiUtils | |||
| 26 | throw new ApiAuthorizationException('Malformed JWT token'); | 24 | throw new ApiAuthorizationException('Malformed JWT token'); |
| 27 | } | 25 | } |
| 28 | 26 | ||
| 29 | $genSign = hash_hmac('sha512', $parts[0] .'.'. $parts[1], $secret); | 27 | $genSign = Base64Url::encode(hash_hmac('sha512', $parts[0] .'.'. $parts[1], $secret, true)); |
| 30 | if ($parts[2] != $genSign) { | 28 | if ($parts[2] != $genSign) { |
| 31 | throw new ApiAuthorizationException('Invalid JWT signature'); | 29 | throw new ApiAuthorizationException('Invalid JWT signature'); |
| 32 | } | 30 | } |
| 33 | 31 | ||
| 34 | $header = json_decode(base64_decode($parts[0])); | 32 | $header = json_decode(Base64Url::decode($parts[0])); |
| 35 | if ($header === null) { | 33 | if ($header === null) { |
| 36 | throw new ApiAuthorizationException('Invalid JWT header'); | 34 | throw new ApiAuthorizationException('Invalid JWT header'); |
| 37 | } | 35 | } |
| 38 | 36 | ||
| 39 | $payload = json_decode(base64_decode($parts[1])); | 37 | $payload = json_decode(Base64Url::decode($parts[1])); |
| 40 | if ($payload === null) { | 38 | if ($payload === null) { |
| 41 | throw new ApiAuthorizationException('Invalid JWT payload'); | 39 | throw new ApiAuthorizationException('Invalid JWT payload'); |
| 42 | } | 40 | } |