public function __invoke(RequestInterface $request, ResponseInterface $response, callable $next)
{
$host = $request->getUri()->getHost();
$scheme = $request->getUri()->getScheme();
$server_params = $request->getServerParams();
/* If rules say we should not authenticate call next and return. */
if (false === $this->shouldAuthenticate($request)) {
return $next($request, $response);
}
/* HTTP allowed only if secure is false or server is in relaxed array. */
if ("https" !== $scheme && true === $this->options["secure"]) {
if (!in_array($host, $this->options["relaxed"])) {
$message = sprintf("Insecure use of middleware over %s denied by configuration.", strtoupper($scheme));
throw new \RuntimeException($message);
}
}
/* Just in case. */
$user = false;
$password = false;
/* If using PHP in CGI mode. */
if (isset($server_params[$this->options["environment"]])) {
if (preg_match("/Basic\\s+(.*)\$/i", $server_params[$this->options["environment"]], $matches)) {
list($user, $password) = explode(":", base64_decode($matches[1]));
}
} else {
if (isset($server_params["PHP_AUTH_USER"])) {
$user = $server_params["PHP_AUTH_USER"];
}
if (isset($server_params["PHP_AUTH_PW"])) {
$password = $server_params["PHP_AUTH_PW"];
}
}
$params = array("user" => $user, "password" => $password);
/* Check if user authenticates. */
if (false === $this->options["authenticator"]($params)) {
return $this->error($request, $response, ["message" => "Authentication failed"])->withStatus(401)->withHeader("WWW-Authenticate", sprintf('Basic realm="%s"', $this->options["realm"]));
}
/* If callback returns false return with 401 Unauthorized. */
if (is_callable($this->options["callback"])) {
if (false === $this->options["callback"]($request, $response, $params)) {
return $this->error($request, $response, ["message" => "Callback returned false"])->withStatus(401)->withHeader("WWW-Authenticate", sprintf('Basic realm="%s"', $this->options["realm"]));
}
}
/* Everything ok, call next middleware. */
return $next($request, $response);
}
/**
* Clone and modify a request with the given changes.
*
* The changes can be one of:
* - method: (string) Changes the HTTP method.
* - set_headers: (array) Sets the given headers.
* - remove_headers: (array) Remove the given headers.
* - body: (mixed) Sets the given body.
* - uri: (UriInterface) Set the URI.
* - query: (string) Set the query string value of the URI.
* - version: (string) Set the protocol version.
*
* @param RequestInterface $request Request to clone and modify.
* @param array $changes Changes to apply.
*
* @return RequestInterface
*/
function modify_request(RequestInterface $request, array $changes)
{
if (!$changes) {
return $request;
}
$headers = $request->getHeaders();
if (!isset($changes['uri'])) {
$uri = $request->getUri();
} else {
// Remove the host header if one is on the URI
if ($host = $changes['uri']->getHost()) {
$changes['set_headers']['Host'] = $host;
if ($port = $changes['uri']->getPort()) {
$standardPorts = ['http' => 80, 'https' => 443];
$scheme = $changes['uri']->getScheme();
if (isset($standardPorts[$scheme]) && $port != $standardPorts[$scheme]) {
$changes['set_headers']['Host'] .= ':' . $port;
}
}
}
$uri = $changes['uri'];
}
if (!empty($changes['remove_headers'])) {
$headers = _caseless_remove($changes['remove_headers'], $headers);
}
if (!empty($changes['set_headers'])) {
$headers = _caseless_remove(array_keys($changes['set_headers']), $headers);
$headers = $changes['set_headers'] + $headers;
}
if (isset($changes['query'])) {
$uri = $uri->withQuery($changes['query']);
}
if ($request instanceof ServerRequestInterface) {
return new ServerRequest(isset($changes['method']) ? $changes['method'] : $request->getMethod(), $uri, $headers, isset($changes['body']) ? $changes['body'] : $request->getBody(), isset($changes['version']) ? $changes['version'] : $request->getProtocolVersion(), $request->getServerParams());
}
return new Request(isset($changes['method']) ? $changes['method'] : $request->getMethod(), $uri, $headers, isset($changes['body']) ? $changes['body'] : $request->getBody(), isset($changes['version']) ? $changes['version'] : $request->getProtocolVersion());
}
public function generateSessionId(RequestInterface $request)
{
$sessid = '';
while (strlen($sessid) < 32) {
$sessid .= mt_rand(0, mt_getrandmax());
}
$keyPayload = uniqid($sessid, TRUE) . time();
if ($request instanceof ServerRequestInterface) {
$server = $request->getServerParams();
$keyPayload .= isset($server['REMOTE_ADDR']) ? $server['REMOTE_ADDR'] : '';
}
$sessid = sha1($keyPayload);
return $sessid;
}
/**
* Fetch the access token
*
* @return string|null Base64 encoded JSON Web Token or null if not found.
*/
public function fetchToken(RequestInterface $request)
{
/* If using PHP in CGI mode and non standard environment */
$server_params = $request->getServerParams();
if (isset($server_params[$this->options["environment"]])) {
$message = "Using token from environent";
$header = $server_params[$this->options["environment"]];
} else {
$message = "Using token from request header";
$header = $request->getHeader("Authorization");
$header = isset($header[0]) ? $header[0] : "";
}
if (preg_match("/Bearer\\s+(.*)\$/i", $header, $matches)) {
$this->log(LogLevel::DEBUG, $message);
return $matches[1];
}
/* Bearer not found, try a cookie. */
$cookie_params = $request->getCookieParams();
if (isset($cookie_params[$this->options["cookie"]])) {
$this->log(LogLevel::DEBUG, "Using token from cookie");
$this->log(LogLevel::DEBUG, $cookie_params[$this->options["cookie"]]);
return $cookie_params[$this->options["cookie"]];
}
/* If everything fails log and return false. */
$this->message = "Token not found";
$this->log(LogLevel::WARNING, $this->message);
return false;
}
/**
* Fetch the access token
*
* @return string|null Base64 encoded JSON Web Token or null if not found.
*/
public function fetchToken(RequestInterface $request)
{
/* If using PHP in CGI mode and non standard environment */
$server_params = $request->getServerParams();
$header = "";
/* Check for each given environment */
foreach ((array) $this->options["environment"] as $environment) {
if (isset($server_params[$environment])) {
$message = "Using token from environment";
$header = $server_params[$environment];
}
}
/* Nothing in environment, try header instead */
if (empty($header)) {
$message = "Using token from request header";
$headers = $request->getHeader("Authorization");
$header = isset($headers[0]) ? $headers[0] : "";
}
/* Try apache_request_headers() as last resort */
if (empty($header) && function_exists("apache_request_headers")) {
$headers = apache_request_headers();
$header = isset($headers["Authorization"]) ? $headers["Authorization"] : "";
}
if (preg_match("/Bearer\\s+(.*)\$/i", $header, $matches)) {
$this->log(LogLevel::DEBUG, $message);
return $matches[1];
}
/* Bearer not found, try a cookie. */
$cookie_params = $request->getCookieParams();
if (isset($cookie_params[$this->options["cookie"]])) {
$this->log(LogLevel::DEBUG, "Using token from cookie");
$this->log(LogLevel::DEBUG, $cookie_params[$this->options["cookie"]]);
return $cookie_params[$this->options["cookie"]];
}
/* If everything fails log and return false. */
$this->message = "Token not found";
$this->log(LogLevel::WARNING, $this->message);
return false;
}
