PageRenderTime 38ms CodeModel.GetById 11ms RepoModel.GetById 0ms app.codeStats 0ms

/lithium/libraries/lithium/security/auth/adapter/Http.php

https://github.com/brtriver/sukonv
PHP | 155 lines | 61 code | 17 blank | 77 comment | 4 complexity | 299e9079ce674adeaaab7f922ec6315d MD5 | raw file
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * Lithium: the most rad php framework
    4. 

  4.  *
    5. 

  5.  * @copyright     Copyright 2010, Union of RAD (http://union-of-rad.org)
    6. 

  6.  * @license       http://opensource.org/licenses/bsd-license.php The BSD License
    7. 

  7.  */
    8. 

  8. 

  9. namespace lithium\security\auth\adapter;
    10. 

  10. 

  11. use lithium\core\Libraries;
    12. 

  12. 

  13. /**
    14. 

  14.  * The `Http` adapter provides basic and digest authentication based on the HTTP protocol.
    15. 

  15.  * By default, the adapter uses Http Digest based authentication.
    16. 

  16.  * {{{
    17. 

  17.  * Auth::config(array('name' => array('adapter' => 'Http', 'users' => array('gwoo' => 'li3'))))
    18. 

  18.  * }}}
    19. 

  19.  *
    20. 

  20.  * To use Basic authentication, set the `method` to basic.
    21. 

  21.  * {{{
    22. 

  22.  * Auth::config(array('name' => array(
    23. 

  23.  *     'adapter' => 'Http', 'users' => array('gwoo' => 'li3'),
    24. 

  24.  *     'method' => 'basic'
    25. 

  25.  * )))
    26. 

  26.  * }}}
    27. 

  27.  *
    28. 

  28.  * @link http://tools.ietf.org/html/rfc2068#section-14.8
    29. 

  29.  * @see `\lithium\action\Request`
    30. 

  30.  */
    31. 

  31. class Http extends \lithium\core\Object {
    32. 

  32. 

  33. 	/**
    34. 

  34. 	 * Setup default configuration options.
    35. 

  35. 	 *
    36. 

  36. 	 * @param array $config
    37. 

  37. 	 *        - `method`: default: `digest` options: `basic|digest`
    38. 

  38. 	 *        - `realm`: default: `Protected by Lithium`
    39. 

  39. 	 *        - `users`: the users to permit. key => value pair of username => password
    40. 

  40. 	 */
    41. 

  41. 	public function __construct(array $config = array()) {
    42. 

  42. 		$defaults = array(
    43. 

  43. 			'method' => 'digest', 'realm' => basename(LITHIUM_APP_PATH), 'users' => array()
    44. 

  44. 		);
    45. 

  45. 		parent::__construct($config + $defaults);
    46. 

  46. 	}
    47. 

  47. 

  48. 	/**
    49. 

  49. 	 * Called by the `Auth` class to run an authentication check against the HTTP data using the
    50. 

  50. 	 * credientials in a data container (a `Request` object), and returns an array of user
    51. 

  51. 	 * information on success, or `false` on failure.
    52. 

  52. 	 *
    53. 

  53. 	 * @param object $request A env container which wraps the authentication credentials used
    54. 

  54. 	 *               by HTTP (usually a `Request` object). See the documentation for this
    55. 

  55. 	 *               class for further details.
    56. 

  56. 	 * @param array $options Additional configuration options. Not currently implemented in this
    57. 

  57. 	 *              adapter.
    58. 

  58. 	 * @return array Returns an array containing user information on success, or `false` on failure.
    59. 

  59. 	 */
    60. 

  60. 	public function check($request, array $options = array()) {
    61. 

  61. 		$method = "_{$this->_config['method']}";
    62. 

  62. 		return $this->{$method}($request);
    63. 

  63. 	}
    64. 

  64. 

  65. 	/**
    66. 

  66. 	 * A pass-through method called by `Auth`. Returns the value of `$data`, which is written to
    67. 

  67. 	 * a user's session. When implementing a custom adapter, this method may be used to modify or
    68. 

  68. 	 * reject data before it is written to the session.
    69. 

  69. 	 *
    70. 

  70. 	 * @param array $data User data to be written to the session.
    71. 

  71. 	 * @param array $options Adapter-specific options. Not implemented in the `Form` adapter.
    72. 

  72. 	 * @return array Returns the value of `$data`.
    73. 

  73. 	 */
    74. 

  74. 	public function set($data, array $options = array()) {
    75. 

  75. 		return $data;
    76. 

  76. 	}
    77. 

  77. 

  78. 	/**
    79. 

  79. 	 * Called by `Auth` when a user session is terminated. Not implemented in the `Form` adapter.
    80. 

  80. 	 *
    81. 

  81. 	 * @param array $options Adapter-specific options. Not implemented in the `Form` adapter.
    82. 

  82. 	 * @return void
    83. 

  83. 	 */
    84. 

  84. 	public function clear(array $options = array()) {
    85. 

  85. 	}
    86. 

  86. 

  87. 	/**
    88. 

  88. 	 * Handler for HTTP Basic Authentication
    89. 

  89. 	 *
    90. 

  90. 	 * @param string $request a `\lithium\action\Request` object
    91. 

  91. 	 * @return void
    92. 

  92. 	 */
    93. 

  93. 	protected function _basic($request) {
    94. 

  94. 		$users = $this->_config['users'];
    95. 

  95. 		$username = $request->env('PHP_AUTH_USER');
    96. 

  96. 		$password = $request->env('PHP_AUTH_PW');
    97. 

  97. 

  98. 		if (!isset($users[$username]) || $users[$username] !== $password) {
    99. 

  99. 			$this->_writeHeader("WWW-Authenticate: Basic realm=\"{$this->_config['realm']}\"");
    100. 

  100. 			return;
    101. 

  101. 		}
    102. 

  102. 		return compact('username', 'password');
    103. 

  103. 	}
    104. 

  104. 

  105. 	/**
    106. 

  106. 	 * Handler for HTTP Digest Authentication
    107. 

  107. 	 *
    108. 

  108. 	 * @param string $request a `\lithium\action\Request` object
    109. 

  109. 	 * @return void
    110. 

  110. 	 */
    111. 

  111. 	protected function _digest($request) {
    112. 

  112. 		$realm = $this->_config['realm'];
    113. 

  113. 		$data = array(
    114. 

  114. 			'username' => null, 'nonce' => null, 'nc' => null,
    115. 

  115. 			'cnonce' => null, 'qop' => null, 'uri' => null,
    116. 

  116. 			'response' => null
    117. 

  117. 		);
    118. 

  118. 

  119. 		$result = array_map(function ($string) use (&$data) {
    120. 

  120. 			$parts = explode('=', trim($string), 2) + array('', '');
    121. 

  121. 			$data[$parts[0]] = trim($parts[1], '"');
    122. 

  122. 		}, explode(',', $request->env('PHP_AUTH_DIGEST')));
    123. 

  123. 

  124. 		$users = $this->_config['users'];
    125. 

  125. 		$password = !empty($users[$data['username']]) ? $users[$data['username']] : null;
    126. 

  126. 

  127. 		$user = md5("{$data['username']}:{$realm}:{$password}");
    128. 

  128. 		$nonce = "{$data['nonce']}:{$data['nc']}:{$data['cnonce']}:{$data['qop']}";
    129. 

  129. 		$req = md5($request->env('REQUEST_METHOD') . ':' . $data['uri']);
    130. 

  130. 		$hash = md5("{$user}:{$nonce}:{$req}");
    131. 

  131. 

  132. 		if (!$data['username'] || $hash !== $data['response']) {
    133. 

  133. 			$nonce = uniqid();
    134. 

  134. 			$opaque = md5($realm);
    135. 

  135. 

  136. 			$message = "WWW-Authenticate: Digest realm=\"{$realm}\" qop=\"auth\",";
    137. 

  137. 			$message .= "nonce=\"{$nonce}\",opaque=\"{$opaque}\"";
    138. 

  138. 			$this->_writeHeader($message);
    139. 

  139. 			return;
    140. 

  140. 		}
    141. 

  141. 		return array('username' => $data['username'], 'password' => $password);
    142. 

  142. 	}
    143. 

  143. 

  144. 	/**
    145. 

  145. 	 * Helper method for writing headers. Mainly used to override the output while testing.
    146. 

  146. 	 *
    147. 

  147. 	 * @param string $string the string the send as a header
    148. 

  148. 	 * @return void
    149. 

  149. 	 */
    150. 

  150. 	protected function _writeHeader($string) {
    151. 

  151. 		header($string, true);
    152. 

  152. 	}
    153. 

  153. }
    154. 

  154. 

  155. ?>
    156.