-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathSharedDataTrait.php
More file actions
162 lines (141 loc) · 3.83 KB
/
SharedDataTrait.php
File metadata and controls
162 lines (141 loc) · 3.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
<?php
declare(strict_types=1);
/**
* Trait to access the shared claims of a JWT token.
*
* @category Token
* @copyright 2017-2025 Staffbase SE.
* @author Daniel Grosse
* @license http://www.apache.org/licenses/LICENSE-2.0
* @link https://github.com/staffbase/plugins-sdk-php
*/
namespace Staffbase\plugins\sdk\SSOData;
use DateTimeImmutable;
use TypeError;
/**
* Trait to access the shared claims of a JWT token.
*/
trait SharedDataTrait
{
use ClaimAccessTrait;
private static string $userRoleEditor = 'editor';
private static string $remoteCallDelete = 'delete';
/**
* Get targeted audience of the token. Currently only
* one audience is supported.
*
* @return null|string
*/
public function getAudience(): ?string
{
/** @var array<string>|string|null $audience */
$audience = $this->getClaimSafe(SharedClaimsInterface::CLAIM_AUDIENCE);
if (is_array($audience)) {
$audience = current($audience);
}
if (is_string($audience) || is_null($audience)) {
return $audience;
}
throw new TypeError('Audience must be of the type string or null, got: ' . gettype($audience));
}
/**
* Get the time when the token expires.
*
* @return DateTimeImmutable
*/
public function getExpireAtTime(): ?DateTimeImmutable
{
return $this->getClaimSafe(SharedClaimsInterface::CLAIM_EXPIRE_AT);
}
/**
* Get the time when the token starts to be valid.
*
* @return DateTimeImmutable
*/
public function getNotBeforeTime(): ?DateTimeImmutable
{
return $this->getClaimSafe(SharedClaimsInterface::CLAIM_NOT_BEFORE);
}
/**
* Get the time when the token was issued.
*
* @return DateTimeImmutable
*/
public function getIssuedAtTime(): ?DateTimeImmutable
{
return $this->getClaimSafe(SharedClaimsInterface::CLAIM_ISSUED_AT);
}
/**
* Get issuer of the token.
*
* @return null|string
*/
public function getIssuer(): ?string
{
return $this->getClaimSafe(SharedClaimsInterface::CLAIM_ISSUER);
}
/**
* Get the id of the token
*
* @return string|null
*/
public function getId(): ?string
{
return $this->getClaimSafe(SharedClaimsInterface::CLAIM_JWT_ID);
}
/**
* Get the id of the token
*
* @return string|null
*/
public function getSubject(): ?string
{
return $this->getClaimSafe(SharedClaimsInterface::CLAIM_SUBJECT);
}
/**
* Get the role of the accessing user.
*
* If this is set to “editor”, the requesting user may manage the contents
* of the plugin instance, i.e. she has administration rights.
* The type of the accessing entity can be either a “user” or a “editor”.
*
* @return null|string
*/
public function getRole(): ?string
{
return $this->getClaimSafe(SharedClaimsInterface::CLAIM_USER_ROLE);
}
/**
* Get all stored data.
*
* @return array<string,mixed>
*/
public function getData(): array
{
return $this->getAllClaims();
}
/**
* Check if the SSO call is an instance deletion call.
*
* If an editor deletes a plugin instance in Staffbase,
* this will be true.
*
* @return boolean
*/
public function isDeleteInstanceCall(): bool
{
return $this->getUserId() === self::$remoteCallDelete;
}
/**
* Check if the user is an editor.
*
* Only when the editor role is explicitly
* provided the user will be marked as editor.
*
* @return boolean
*/
public function isEditor(): bool
{
return $this->getClaimSafe(SharedClaimsInterface::CLAIM_USER_ROLE) === self::$userRoleEditor;
}
}