/**
* Authenticates the user based on the current request.
*
* If authentication is successful, true must be returned.
* If authentication fails, an exception must be thrown.
*
* @param DAV\Server $server
* @param string $realm
* @throws DAV\Exception\NotAuthenticated
* @return bool
*/
function authenticate(DAV\Server $server, $realm)
{
$digest = new HTTP\Auth\Digest($realm, $server->httpRequest, $server->httpResponse);
$digest->init();
$username = $digest->getUsername();
// No username was given
if (!$username) {
$digest->requireLogin();
throw new DAV\Exception\NotAuthenticated('No digest authentication headers were found');
}
$hash = $this->getDigestHash($realm, $username);
// If this was false, the user account didn't exist
if ($hash === false || is_null($hash)) {
$digest->requireLogin();
throw new DAV\Exception\NotAuthenticated('The supplied username was not on file');
}
if (!is_string($hash)) {
throw new DAV\Exception('The returned value from getDigestHash must be a string or null');
}
// If this was false, the password or part of the hash was incorrect.
if (!$digest->validateA1($hash)) {
$digest->requireLogin();
throw new DAV\Exception\NotAuthenticated('Incorrect username');
}
$this->currentUser = $username;
return true;
}
/**
* This method is called when a user could not be authenticated, and
* authentication was required for the current request.
*
* This gives you the opportunity to set authentication headers. The 401
* status code will already be set.
*
* In this case of Basic Auth, this would for example mean that the
* following header needs to be set:
*
* $response->addHeader('WWW-Authenticate', 'Basic realm=SabreDAV');
*
* Keep in mind that in the case of multiple authentication backends, other
* WWW-Authenticate headers may already have been set, and you'll want to
* append your own WWW-Authenticate header instead of overwriting the
* existing one.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return void
*/
function challenge(RequestInterface $request, ResponseInterface $response)
{
$auth = new HTTP\Auth\Digest($this->realm, $request, $response);
$auth->init();
$oldStatus = $response->getStatus() ?: 200;
$auth->requireLogin();
// Preventing the digest utility from modifying the http status code,
// this should be handled by the main plugin.
$response->setStatus($oldStatus);
}
/**
* This method is called when a user could not be authenticated, and
* authentication was required for the current request.
*
* This gives you the opportunity to set authentication headers. The 401
* status code will already be set.
*
* In this case of Basic Auth, this would for example mean that the
* following header needs to be set:
*
* $response->addHeader('WWW-Authenticate', 'Basic realm=SabreDAV');
*
* Keep in mind that in the case of multiple authentication backends, other
* WWW-Authenticate headers may already have been set, and you'll want to
* append your own WWW-Authenticate header instead of overwriting the
* existing one.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return void
*/
function challenge(RequestInterface $request, ResponseInterface $response)
{
$auth = new HTTP\Auth\Digest($this->realm, $request, $response);
$auth->init();
$auth->requireLogin();
}
* @author Markus Staab
* @license http://sabre.io/license/ Modified BSD License
*/
$userList = ["user1" => "password", "user2" => "password"];
use Sabre\HTTP\Sapi;
use Sabre\HTTP\Response;
use Sabre\HTTP\Auth;
// Find the autoloader
$paths = [__DIR__ . '/../vendor/autoload.php', __DIR__ . '/../../../autoload.php', __DIR__ . '/vendor/autoload.php'];
foreach ($paths as $path) {
if (file_exists($path)) {
include $path;
break;
}
}
$request = Sapi::getRequest();
$response = new Response();
$digestAuth = new Auth\Digest("Locked down area", $request, $response);
$digestAuth->init();
if (!($userName = $digestAuth->getUsername())) {
// No username given
$digestAuth->requireLogin();
} elseif (!isset($userList[$userName]) || !$digestAuth->validatePassword($userList[$userName])) {
// Username or password are incorrect
$digestAuth->requireLogin();
} else {
// Success !
$response->setBody('You are logged in!');
}
// Sending the response
Sapi::sendResponse($response);