public function testUsfAuthHmacGoodTokenTest()
{
Utils::setMethod('GET');
Utils::setRequestHeader('key1', 'value1');
Utils::setRequestHeader('key2', 'value2');
Utils::setRequestHeader('Content-Type', 'text/plain');
Utils::setRequestHeader('Date', date('r'));
Utils::setBody('This is the body.');
Utils::setResourceUri('/test.php');
$signer = new RequestSigner();
$signer->setProvider('USF');
$signature = $signer->getAuthorization(new SimpleRequest(), 'testId', 'testSecret');
Utils::setRequestHeader('Authorization', $signature);
$keyArray = ["testId" => "testSecret"];
$usfAuthHmac = new UsfAuthHmac($keyArray, "+30 minutes");
$usfAuthHmac->setRequestWrapper(new SimpleRequest());
$result = $usfAuthHmac->authenticate();
$this->assertTrue($result);
}
/**
* Authenticate request
*
* @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request
* @return void
* @throws Exception
*/
private function authenticate($request)
{
switch (strtolower($this->authN_type)) {
case 'cas':
// Use CAS authentication.
$casAuth = new UsfAuthCAS($this->config['cas']);
$casAuth->auth();
//Authorization check
$this->isAuthorized = $casAuth->isAuthorized($this->authZ_roles);
//Add the username and entitlements to the request
$request = $request->withHeader('AUTH_PRINCIPAL', $casAuth->getPrincipal());
$request = $request->withHeader('AUTH_ENTITLEMENTS', $casAuth->getEntitlements());
//Add all Attributes
foreach ($casAuth->getAttributes() as $key => $value) {
$request = $request->withHeader('AUTH_ATTR_' . strtoupper($key), $value);
}
break;
case 'token':
// Use the USF Token Auth library.
$tokenAuth = new UsfAuthToken($this->config['token']['app_id'], $this->config['token']['token_url']);
$tokenAuth->setRequestMethod($request->getMethod());
$tokenAuth->setReferrer($request->getHeader('HTTP_REFERER'));
//Validate request token
$tokenAuth->validateRequest($request->getHeader('HTTP_X_AUTH_TOKEN'));
//Authorization check
$this->isAuthorized = $tokenAuth->isAuthorized($this->authZ_roles);
//Add the username and entitlements to the request
$request = $request->withHeader('AUTH_PRINCIPAL', $tokenAuth->getPrincipal());
$request = $request->withHeader('AUTH_ENTITLEMENTS', $tokenAuth->getEntitlements());
//Add all Attributes
foreach ($tokenAuth->getAttributes() as $key => $value) {
$request = $request->withHeader('AUTH_ATTR_' . strtoupper($key), $value);
}
break;
case 'hmac':
// HMAC authentication: https://github.com/acquia/http-hmac-spec
$hmacAuth = new UsfAuthHmac($this->config['hmac']['keyRegistry']);
if (!empty($this->config['hmac']['timeout'])) {
$hmacAuth->setTimeout($this->config['hmac']['timeout']);
}
$hmacAuth->setRequestWrapper(new Psr7Request($request));
try {
$hmacAuth->authenticate();
$this->isAuthorized = true;
} catch (\Exception $exception) {
$this->isAuthorized = false;
}
//Add the username to the request
$request = $request->withHeader('AUTH_PRINCIPAL', $hmacAuth->getPrincipal());
break;
case 'permitall':
// No authentication - let everyone in.
$this->isAuthorized = true;
break;
case 'denyall':
// No authentication - keep everyone out.
$this->isAuthorized = false;
break;
default:
throw new \Exception("Unknown Authentication type: " . $this->authN_type, 500);
break;
}
return $request;
}
<?php
namespace USF\auth;
use Acquia\Hmac\RequestAuthenticator;
use Acquia\Hmac\RequestSigner;
require_once 'vendor/autoload.php';
$keyArray = ['apiKeyId' => 'secretKey'];
$auth = new UsfAuthHmac($keyArray);
$auth->setTimeout('+1 minutes');
if ($auth->authenticate()) {
echo $auth->getPrincipal() . " blah";
} else {
echo "auth failure";
}
