/**
* This method is called before any HTTP method and forces users to be authenticated
*
* @param string $method
* @throws Sabre_DAV_Exception_NotAuthenticated
* @return bool
*/
public function beforeMethod($method)
{
$digest = new Sabre_HTTP_DigestAuth();
// Hooking up request and response objects
$digest->setHTTPRequest($this->server->httpRequest);
$digest->setHTTPResponse($this->server->httpResponse);
$digest->setRealm($this->realm);
$digest->init();
$username = $digest->getUsername();
// No username was given
if (!$username) {
$digest->requireLogin();
throw new Sabre_DAV_Exception_NotAuthenticated('No digest authentication headers were found');
}
// Now checking the backend for the A1 hash
$A1 = $this->authBackend->getDigestHash($username);
// If this was false, the user account didn't exist
if (!$A1) {
$digest->requireLogin();
throw new Sabre_DAV_Exception_NotAuthenticated('The supplied username was not on file');
}
// If this was false, the password or part of the hash was incorrect.
if (!$digest->validateA1($A1)) {
$digest->requireLogin();
throw new Sabre_DAV_Exception_NotAuthenticated('Incorrect username');
}
$this->userName = $username;
$this->userId = $this->authBackend->getUserId($username);
// Eventhooks must return true to continue processing
return true;
}
/**
* Authenticates the user based on the current request.
*
* If authentication is successful, true must be returned.
* If authentication fails, an exception must be thrown.
*
* @param Sabre_DAV_Server $server
* @param string $realm
* @throws Sabre_DAV_Exception_NotAuthenticated
* @return bool
*/
public function authenticate(Sabre_DAV_Server $server, $realm)
{
$digest = new Sabre_HTTP_DigestAuth();
// Hooking up request and response objects
$digest->setHTTPRequest($server->httpRequest);
$digest->setHTTPResponse($server->httpResponse);
$digest->setRealm($realm);
$digest->init();
$username = $digest->getUsername();
// No username was given
if (!$username) {
$digest->requireLogin();
throw new Sabre_DAV_Exception_NotAuthenticated('No digest authentication headers were found');
}
$hash = $this->getDigestHash($realm, $username);
// If this was false, the user account didn't exist
if ($hash === false || is_null($hash)) {
$digest->requireLogin();
throw new Sabre_DAV_Exception_NotAuthenticated('The supplied username was not on file');
}
if (!is_string($hash)) {
throw new Sabre_DAV_Exception('The returned value from getDigestHash must be a string or null');
}
// If this was false, the password or part of the hash was incorrect.
if (!$digest->validateA1($hash)) {
$digest->requireLogin();
throw new Sabre_DAV_Exception_NotAuthenticated('Incorrect username');
}
$this->currentUser = $username;
return true;
}
/**
* Authenticates the user based on the current request.
*
* If authentication is succesful, true must be returned.
* If authentication fails, an exception must be thrown.
*
* @throws Sabre_DAV_Exception_NotAuthenticated
* @return bool
*/
public function authenticate(Sabre_DAV_Server $server, $realm)
{
$digest = new Sabre_HTTP_DigestAuth();
// Hooking up request and response objects
$digest->setHTTPRequest($server->httpRequest);
$digest->setHTTPResponse($server->httpResponse);
$digest->setRealm($realm);
$digest->init();
$username = $digest->getUsername();
// No username was given
if (!$username) {
$digest->requireLogin();
throw new Sabre_DAV_Exception_NotAuthenticated('No digest authentication headers were found');
}
$userData = $this->getUserInfo($realm, $username);
// If this was false, the user account didn't exist
if ($userData === false) {
$digest->requireLogin();
throw new Sabre_DAV_Exception_NotAuthenticated('The supplied username was not on file');
}
if (!is_array($userData)) {
throw new Sabre_DAV_Exception('The returntype for getUserInfo must be either false or an array');
}
if (!isset($userData['uri']) || !isset($userData['digestHash'])) {
throw new Sabre_DAV_Exception('The returned array from getUserInfo must contain at least a uri and digestHash element');
}
// If this was false, the password or part of the hash was incorrect.
if (!$digest->validateA1($userData['digestHash'])) {
$digest->requireLogin();
throw new Sabre_DAV_Exception_NotAuthenticated('Incorrect username');
}
$this->currentUser = $userData;
return true;
}
public function testDigestAuthInt()
{
$this->auth->setQOP(Sabre_HTTP_DigestAuth::QOP_AUTHINT | Sabre_HTTP_DigestAuth::QOP_AUTH);
list($nonce, $opaque) = $this->getServerTokens(Sabre_HTTP_DigestAuth::QOP_AUTHINT | Sabre_HTTP_DigestAuth::QOP_AUTH);
$username = '******';
$password = 12345;
$nc = '00003';
$cnonce = uniqid();
$digestHash = md5(md5($username . ':' . self::REALM . ':' . $password) . ':' . $nonce . ':' . $nc . ':' . $cnonce . ':' . 'auth-int:' . md5('POST' . ':' . '/' . ':' . md5('body')));
$request = new Sabre_HTTP_Request(array('REQUEST_METHOD' => 'POST', 'PHP_AUTH_DIGEST' => 'username="******", realm="' . self::REALM . '", nonce="' . $nonce . '", uri="/", response="' . $digestHash . '", opaque="' . $opaque . '", qop=auth-int,nc=' . $nc . ',cnonce="' . $cnonce . '"'));
$request->setBody('body');
$this->auth->setHTTPRequest($request);
$this->auth->init();
$this->assertTrue($this->auth->validateA1(md5($username . ':' . self::REALM . ':' . $password)), 'Authentication is deemed invalid through validateA1');
}
}
}
// The rootNode needs to be passed to the server object.
$server = new Sabre_DAV_Server();
$server->setBaseUri($baseUri);
// Support for LOCK and UNLOCK
$lockBackend = new Sabre_DAV_Locks_Backend_File($tmpDir . '/locksdb');
$lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend);
$server->addPlugin($lockPlugin);
// Automatically guess (some) contenttypes, based on extesion
$server->addPlugin(new Sabre_DAV_Browser_GuessContentType());
$server->addPlugin(new Sabre_DAV_Browser_Plugin());
// Authentication backend
//$authBackend = new Sabre_DAV_Auth_Backend_File('.htdigest');
$authBackend = new Sabre_DAV_Auth_Backend_PDO($pdo);
$auth = new Sabre_DAV_Auth_Plugin($authBackend, 'SabreDAV');
$server->addPlugin($auth);
$digest = new Sabre_HTTP_DigestAuth();
// Hooking up request and response objects
$digest->setHTTPRequest($server->httpRequest);
$digest->setHTTPResponse($server->httpResponse);
$digest->setRealm('SabreDAV');
$digest->init();
$user = $digest->getUsername();
$rootNode = new MyCollection($publicDir, $pdo, $user);
$server->tree = new Sabre_DAV_ObjectTree($rootNode);
// Temporary file filter
$tempFF = new Sabre_DAV_TemporaryFileFilterPlugin($tmpDir);
$server->addPlugin($tempFF);
// And off we go!
$server->exec();
