/** * Authenticates the user based on the current request. * * If authentication is successful, true must be returned. * If authentication fails, an exception must be thrown. * * @param Sabre_DAV_Server $server * @param string $realm * @throws Sabre_DAV_Exception_NotAuthenticated * @return bool */ public function authenticate(Sabre_DAV_Server $server, $realm) { $digest = new Sabre_HTTP_DigestAuth(); // Hooking up request and response objects $digest->setHTTPRequest($server->httpRequest); $digest->setHTTPResponse($server->httpResponse); $digest->setRealm($realm); $digest->init(); $username = $digest->getUsername(); // No username was given if (!$username) { $digest->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('No digest authentication headers were found'); } $hash = $this->getDigestHash($realm, $username); // If this was false, the user account didn't exist if ($hash === false || is_null($hash)) { $digest->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('The supplied username was not on file'); } if (!is_string($hash)) { throw new Sabre_DAV_Exception('The returned value from getDigestHash must be a string or null'); } // If this was false, the password or part of the hash was incorrect. if (!$digest->validateA1($hash)) { $digest->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('Incorrect username'); } $this->currentUser = $username; return true; }
/** * Authenticates the user based on the current request. * * If authentication is succesful, true must be returned. * If authentication fails, an exception must be thrown. * * @throws Sabre_DAV_Exception_NotAuthenticated * @return bool */ public function authenticate(Sabre_DAV_Server $server, $realm) { $digest = new Sabre_HTTP_DigestAuth(); // Hooking up request and response objects $digest->setHTTPRequest($server->httpRequest); $digest->setHTTPResponse($server->httpResponse); $digest->setRealm($realm); $digest->init(); $username = $digest->getUsername(); // No username was given if (!$username) { $digest->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('No digest authentication headers were found'); } $userData = $this->getUserInfo($realm, $username); // If this was false, the user account didn't exist if ($userData === false) { $digest->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('The supplied username was not on file'); } if (!is_array($userData)) { throw new Sabre_DAV_Exception('The returntype for getUserInfo must be either false or an array'); } if (!isset($userData['uri']) || !isset($userData['digestHash'])) { throw new Sabre_DAV_Exception('The returned array from getUserInfo must contain at least a uri and digestHash element'); } // If this was false, the password or part of the hash was incorrect. if (!$digest->validateA1($userData['digestHash'])) { $digest->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('Incorrect username'); } $this->currentUser = $userData; return true; }
/** * @static * @throws Exception * @return User */ public static function authenticateDigest() { // the following is a fix for Basic Auth in an FastCGI Environment if (isset($_SERVER['Authorization']) && !empty($_SERVER['Authorization'])) { $parts = explode(" ", $_SERVER['Authorization']); $type = array_shift($parts); $cred = implode(" ", $parts); if ($type == 'Digest') { $_SERVER["PHP_AUTH_DIGEST"] = $cred; } } // only digest auth is supported anymore try { $auth = new Sabre_HTTP_DigestAuth(); $auth->setRealm("pimcore"); $auth->init(); if ($user = User::getByName($auth->getUsername())) { if (!$user->isAdmin()) { throw new Exception("Only admins can access WebDAV"); } if ($auth->validateA1($user->getPassword())) { return $user; } } throw new Exception("Authentication required"); } catch (Exception $e) { $auth->requireLogin(); echo "Authentication required\n"; die; } }
public function process() { // initialize authentication $auth = new Sabre_HTTP_DigestAuth(); $auth->setRealm($this->app->config->site->auth_realm); $auth->init(); // authenticate and get correct user $email = $auth->getUsername(); $class_name = SwatDBClassMap::get('PinholeAdminUser'); $user = new $class_name(); $user->setDatabase($this->app->db); if (!$user->loadFromEmail($email) || !$auth->validateA1($user->digest_ha1)) { $auth->requireLogin(); echo Pinhole::_('Authentication required') . "\n"; exit; } // create directory for account and object tree for dav server $root = new PinholeDavDirectory($this->app, $user); $tree = new Sabre_DAV_ObjectTree($root); // create server $server = new Sabre_DAV_Server($tree); $server->setBaseUri($this->getDavBaseUri()); // don't save temp files in the database $tempFilePlugin = new Sabre_DAV_TemporaryFileFilterPlugin($this->getDataDir('dav/temp')); $server->addPlugin($tempFilePlugin); // set up lock plugin $lockBackend = new Sabre_DAV_Locks_Backend_FS($this->getDataDir('dav/locks')); $lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend); $server->addPlugin($lockPlugin); // also allow regular web browsing $browserPlugin = new Sabre_DAV_Browser_Plugin(false); $server->addPlugin($browserPlugin); // serve it up! $server->exec(); }
private function getServerTokens($qop = Sabre_HTTP_DigestAuth::QOP_AUTH) { $this->auth->requireLogin(); switch ($qop) { case Sabre_HTTP_DigestAuth::QOP_AUTH: $qopstr = 'auth'; break; case Sabre_HTTP_DigestAuth::QOP_AUTHINT: $qopstr = 'auth-int'; break; default: $qopstr = 'auth,auth-int'; break; } $test = preg_match('/Digest realm="' . self::REALM . '",qop="' . $qopstr . '",nonce="([0-9a-f]*)",opaque="([0-9a-f]*)"/', $this->response->headers['WWW-Authenticate'], $matches); $this->assertTrue($test == true, 'The WWW-Authenticate response didn\'t match our pattern. We received: ' . $this->response->headers['WWW-Authenticate']); $nonce = $matches[1]; $opaque = $matches[2]; // Reset our environment $this->setUp(); $this->auth->setQOP($qop); return array($nonce, $opaque); }
/** * This method is called before any HTTP method and forces users to be authenticated * * @param string $method * @throws Sabre_DAV_Exception_NotAuthenticated * @return bool */ public function beforeMethod($method) { $digest = new Sabre_HTTP_DigestAuth(); // Hooking up request and response objects $digest->setHTTPRequest($this->server->httpRequest); $digest->setHTTPResponse($this->server->httpResponse); $digest->setRealm($this->realm); $digest->init(); $username = $digest->getUsername(); // No username was given if (!$username) { $digest->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('No digest authentication headers were found'); } // Now checking the backend for the A1 hash $A1 = $this->authBackend->getDigestHash($username); // If this was false, the user account didn't exist if (!$A1) { $digest->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('The supplied username was not on file'); } // If this was false, the password or part of the hash was incorrect. if (!$digest->validateA1($A1)) { $digest->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('Incorrect username'); } $this->userName = $username; $this->userId = $this->authBackend->getUserId($username); // Eventhooks must return true to continue processing return true; }
log_message('error', "Error fetching identities for user '{$userName}': " . $response['Message']); return null; } // Initialize WebDAV authentication $realm = 'Inventory'; $auth = new Sabre_HTTP_DigestAuth(); $auth->setRealm($realm); $auth->init(); $userID = null; $userName = $auth->getUsername(); // Lookup the WebDAV ("a1hash") identity for the given username $hash = get_a1_hash($userName, $userID); // Check if the lookup was successful and that the credentials match if (!$hash || !$auth->validateA1($hash)) { log_message('info', "WebDAV Authentication failed for user '{$userName}' requesting " . $_SERVER['REQUEST_URI']); $auth->requireLogin(); echo "Authentication required\n"; exit; } // Construct the WebDAV tree and server objects $rootDirectory = new RootDirectory($userID); $tree = new Sabre_DAV_ObjectTree($rootDirectory); $server = new Sabre_DAV_Server($tree); $server->setBaseUri($config['webdav_url_base_path']); // Setup the WebDAV locking plugin $lockBackend = new Sabre_DAV_Locks_Backend_FS('tmp'); $lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend); $server->addPlugin($lockPlugin); log_message('debug', "WebDAV handling " . $_SERVER['REQUEST_METHOD'] . " request for " . $_SERVER['REQUEST_URI']); // Execute the WebDAV request $server->exec();