Initial commit.

Author: ADmad

.gitignore

@@ -0,0 +1,3 @@
+/composer.lock
+/phpunit.xml
+/vendor

.travis.yml

@@ -0,0 +1,46 @@
+language: php
+
+php:
+  - 5.4
+  - 5.5
+  - 5.6
+
+env:
+  matrix:
+    - DB=mysql db_class='Cake\Database\Driver\Mysql' db_dsn='mysql:host=0.0.0.0;dbname=cakephp_test' db_database='cakephp_test' db_login='travis' db_password=''
+  global:
+    - DEFAULT=1
+
+matrix:
+  fast_finish: true
+
+  include:
+    - php: 5.4
+      env: DB=pgsql db_class='Cake\Database\Driver\Postgres' db_dsn='pgsql:host=127.0.0.1;dbname=cakephp_test' db_database="cakephp_test" db_login='postgres' db_password=''
+
+    - php: 5.4
+      env: DB=sqlite db_class='Cake\Database\Driver\Sqlite' db_dsn='sqlite::memory:'
+
+    - php: 5.4
+      env: PHPCS=1 DEFAULT=0
+
+before_script:
+  - composer self-update
+  - composer install --prefer-dist --no-interaction --dev
+
+  - sh -c "if [ '$DB' = 'mysql' ]; then mysql -e 'CREATE DATABASE cakephp_test;'; fi"
+
+  - sh -c "if [ '$DB' = 'pgsql' ]; then psql -c 'CREATE DATABASE cakephp_test;' -U postgres; fi"
+
+  - sh -c "if [ '$PHPCS' = '1' ]; then pear channel-discover pear.cakephp.org; fi"
+  - sh -c "if [ '$PHPCS' = '1' ]; then pear install --alldeps cakephp/CakePHP_CodeSniffer; fi"
+
+  - phpenv rehash
+  - set +H
+
+script:
+  - sh -c "if [ '$DEFAULT' = '1' ]; then phpunit --stderr; fi"
+  - sh -c "if [ '$PHPCS' = '1' ]; then phpcs -p --extensions=php --standard=CakePHP --ignore=vendor --ignore=docs . ; fi"
+
+notifications:
+  email: false

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2013 A. Sarela, aka ADmad
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -0,0 +1,55 @@
+# CakePHP JWT Authenticate plugin
+
+[![Build Status](https://travis-ci.org/ADmad/cakephp-jwt-auth.png?branch=master)](https://travis-ci.org/ADmad/cakephp-jwt-auth)
+
+Plugin containing AuthComponent's authenticate class for authenticating using
+[JSON Web Tokens](http://jwt.io/). You can read about it's specification in
+detail [here](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-27).
+
+## Requirements
+
+* CakePHP 3.0+
+
+## Installation
+
+_[Composer]_
+
+run: `composer require admad/cakephp-jwt-auth:1.0.x-dev`.
+
+## Usage
+
+In your app's `config/bootstrap.php` add: `CakePlugin::load('ADmad/JwtAuth')`;
+
+## Configuration:
+
+Setup the authentication class settings:
+
+```php
+    //in $components
+    public $components = [
+        'Auth' => [
+            'authenticate' => [
+                'ADmad/JwtAuth.Jwt' => [
+                    'parameter' => '_token',
+                    'userModel' => 'Users',
+                    'scope' => ['Users.active' => 1],
+                    'fields' => [
+                        'id' => 'id'
+                    ]
+                ]
+            ]
+        ]
+    ];
+
+    //Or in beforeFilter()
+    $this->Auth->config('authenticate', [
+        'ADmad/JwtAuth.Jwt' => [
+            'parameter' => '_token',
+            'userModel' => 'Users',
+            'scope' => ['Users.active' => 1],
+            'fields' => [
+                'id' => 'id'
+            ]
+        ]
+    ]);
+```

composer.json

@@ -0,0 +1,44 @@
+{
+    "name": "admad/jwt-auth",
+    "type": "cakephp-plugin",
+    "description": "CakePHP plugin for authenticating using JSON Web Tokens",
+    "keywords":[
+        "cakephp",
+        "authenticate",
+        "authentication",
+        "jwt"
+    ],
+    "homepage": "http://github.com/ADmad/cakephp-jwt-auth",
+    "authors": [
+        {
+            "name":"ADmad",
+            "role":"Author",
+            "homepage":"https://github.com/ADmad"
+        }
+    ],
+    "license": "MIT",
+    "support": {
+        "source":"https://github.com/ADmad/cakephp-jwt-auth",
+        "issues":"https://github.com/ADmad/cakephp-jwt-auth/issues"
+    },
+    "require": {
+        "cakephp/cakephp": "3.0.*-dev",
+        "cakephp/plugin-installer": "*",
+        "firebase/php-jwt": "~1.0"
+    },
+    "autoload": {
+        "psr-4": {
+            "ADmad\\JwtAuth\\": "src"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "ADmad\\JwtAuth\\Test\\": "tests"
+        }
+    },
+    "extra": {
+        "branch-alias": {
+            "dev-master": "1.0.x-dev"
+        }
+    }
+}

phpunit.xml.dist

@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit
+	colors="true"
+	processIsolation="false"
+	stopOnFailure="false"
+	syntaxCheck="false"
+	bootstrap="./tests/bootstrap.php"
+	>
+	<php>
+		<ini name="memory_limit" value="-1"/>
+	</php>
+
+	<!-- Add any additional test suites you want to run here -->
+	<testsuites>
+		<testsuite name="All Tests">
+			<directory>./tests/TestCase</directory>
+		</testsuite>
+		<!-- Add plugin test suites here. -->
+	</testsuites>
+
+	<!-- Setup a listener for fixtures -->
+	<listeners>
+		<listener
+		class="\Cake\TestSuite\Fixture\FixtureInjector"
+		file="./vendor/cakephp/cakephp/src/TestSuite/Fixture/FixtureInjector.php">
+			<arguments>
+				<object class="\Cake\TestSuite\Fixture\FixtureManager" />
+			</arguments>
+		</listener>
+	</listeners>
+
+	<php>
+		<!-- Postgres
+		<env name="db_class" value="Cake\Database\Driver\Postgres"/>
+		<env name="db_database" value="cake_test"/>
+		<env name="db_login" value=""/>
+		<env name="db_password" value=""/>
+		-->
+		<!-- Mysql
+		<env name="db_class" value="Cake\Database\Driver\Mysql"/>
+		<env name="db_dsn" value="mysql:host=localhost;dbname=cake_test"/>
+		<env name="db_database" value=""/>
+		<env name="db_login" value=""/>
+		<env name="db_password" value=""/>
+		-->
+	</php>
+</phpunit>

src/Auth/JwtAuthenticate.php

@@ -0,0 +1,167 @@
+<?php
+namespace ADmad\JwtAuth\Auth;
+
+use Cake\Auth\BaseAuthenticate;
+use Cake\Controller\ComponentRegistry;
+use Cake\Network\Request;
+use Cake\Network\Response;
+use Cake\ORM\TableRegistry;
+use Cake\Utility\Security;
+use \JWT;
+
+/**
+ * An authentication adapter for authenticating using JSON Web Tokens.
+ *
+ * {{{
+ *	$this->Auth->config('authenticate', [
+ *		'ADmad/JwtAuth.Jwt' => [
+ *			'parameter' => '_token',
+ *			'userModel' => 'Users',
+ *			'scope' => ['User.active' => 1]
+ *			'fields' => [
+ *				'id' => 'id'
+ *			],
+ *		]
+ *	]);
+ * }}}
+ *
+ * @copyright 2014 A. Sarela aka ADmad
+ * @license MIT
+ * @see http://jwt.io
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-json-web-token
+ */
+class JwtAuthenticate extends BaseAuthenticate {
+
+/**
+ * Constructor.
+ *
+ * Settings for this object.
+ *
+ * - `parameter` - The url parameter name of the token. Defaults to `_token`.
+ *   First $_SERVER['HTTP_AUTHORIZATION'] is checked for token value.
+ *   It's value should be of form "Bearer <token>". If empty this query string
+ *   paramater is checked.
+ * - `userModel` - The model name of the User, defaults to `Users`.
+ * - `fields` - Has key `id` whose value contains primary key field name.
+ *   Defaults to ['id' => 'id'].
+ * - `scope` - Additional conditions to use when looking up and authenticating
+ *   users, i.e. `['Users.is_active' => 1].`
+ * - `contain` - Extra models to contain.
+ * - `unauthenticatedException` - Fully namespaced exception name. Exception to
+ *   throw if authentication fails. Set to false to do nothing.
+ *   Defaults to '\Cake\Network\Exception\UnauthorizedException'.
+ *
+ * @param \Cake\Controller\ComponentRegistry $registry The Component registry
+ *   used on this request.
+ * @param array $config Array of config to use.
+ */
+	public function __construct(ComponentRegistry $registry, $config) {
+		$this->config([
+			'parameter' => '_token',
+			'fields' => ['id' => 'id'],
+			'unauthenticatedException' => '\Cake\Network\Exception\UnauthorizedException'
+		]);
+
+		parent::__construct($registry, $config);
+	}
+
+/**
+ * Unused, since this is a stateless authentication provider.
+ *
+ * @param Request $request The request object.
+ * @param Response $response response object.
+ * @return bool Always false.
+ */
+	public function authenticate(Request $request, Response $response) {
+		return false;
+	}
+
+/**
+ * Get token information from the request.
+ *
+ * @param \Cake\Network\Request $request Request object.
+ * @return bool|array Either false or an array of user information
+ */
+	public function getUser(Request $request) {
+		$token = $request->env('HTTP_AUTHORIZATION');
+		if ($token) {
+			$token = explode(' ', $token);
+			if (!empty($token[1])) {
+				return $this->_findUser($token[1]);
+			}
+		}
+
+		if (!empty($this->_config['parameter']) &&
+			$token = $request->query($this->_config['parameter'])
+		) {
+			return $this->_findUser($token);
+		}
+
+		return false;
+	}
+
+/**
+ * Find a user record.
+ *
+ * @param string $token The token identifier.
+ * @param string $password Unused password.
+ * @return bool|array Either false on failure, or an array of user data.
+ */
+	protected function _findUser($token, $password = null) {
+		$token = JWT::decode($token, Security::salt());
+
+		// Token has full user record.
+		if (isset($token->record)) {
+			// Trick to convert object of stdClass to array. Typecasting to
+			// array doesn't convert property values which are themselves objects.
+			return json_decode(json_encode($token->record), true);
+		}
+
+		$userModel = $this->_config['userModel'];
+		list($plugin, $model) = pluginSplit($userModel);
+		$fields = $this->_config['fields'];
+
+		$conditions = [$model . '.' . $fields['id'] => $token->id];
+		if (!empty($this->_config['scope'])) {
+			$conditions = array_merge($conditions, $this->_config['scope']);
+		}
+		$table = TableRegistry::get($userModel)->find('all');
+		if ($this->_config['contain']) {
+			$table = $table->contain($contain);
+		}
+
+		$result = $table
+			->where($conditions)
+			->hydrate(false)
+			->first();
+
+		if (empty($result)) {
+			return false;
+		}
+
+		unset($result[$fields['password']]);
+		return $result;
+	}
+
+/**
+ * Handles an unauthenticated access attempt. Depending on value of config
+ * `unauthenticatedException` either throws the specified exception or returns
+ * null.
+ *
+ * @param \Cake\Network\Request $request A request object.
+ * @param \Cake\Network\Response $response A response object.
+ * @return void
+ * @throws \Cake\Network\Exception\UnauthorizedException
+ */
+	public function unauthenticated(Request $request, Response $response) {
+		if (!$this->_config['unauthenticatedException']) {
+			return;
+		}
+
+		$exception = $this->_config['unauthenticatedException'];
+		// @codingStandardsIgnoreStart
+		throw new $exception($this->_registry->Auth->_config['authError']);
+		// @codingStandardsIgnoreEnd
+	}
+
+}