/**
* @param \HTRouter\Request $request
* @return int
*/
public function authenticateDigestUser(\HTRouter\Request $request)
{
/**
* @var $plugin \HTRouter\AuthModule
*/
$plugin = $this->_container->getConfig()->get("AuthType");
if (!$plugin || !$plugin instanceof \HTRouter\AuthModule || $plugin->getName() != "Digest") {
return \HTRouter::STATUS_DECLINED;
}
// Set our handler type
$request->setAuthType($this->getName());
// Not yet available
return \HTRouter::STATUS_DECLINED;
}
/**
* @param \HTRouter\Request $request
* @return array|int
*/
public function authenticateBasicUser(\HTRouter\Request $request)
{
/**
* @var $plugin \HTRouter\AuthModule
*/
$plugin = $this->_container->getConfig()->get("AuthType");
if (!$plugin || !$plugin instanceof \HTRouter\AuthModule || $plugin->getName() != "Basic") {
return \HTRouter::STATUS_DECLINED;
}
// Set our handler type
$request->setAuthType($this->getName());
// Check realm
if (!$this->getConfig()->get("AuthName")) {
$this->getLogger()->log(\HTRouter\Logger::ERRORLEVEL_ERROR, "need authname: " . $request->getUri());
return \HTRouter::STATUS_HTTP_INTERNAL_SERVER_ERROR;
}
$ret = $this->_getBasicAuth($request);
if (!is_array($ret)) {
$request->appendOutHeaders("WWW-Authenticate", "Basic realm=\"" . $this->getConfig()->get("AuthName") . "\"");
return $ret;
}
list($user, $pass) = $ret;
// By default, we are not found
$result = \HTRouter\AuthModule::AUTH_NOT_FOUND;
// Iterator through all the registered providers to
$providers = $this->getRouter()->getProviders(\HTRouter::PROVIDER_AUTHN_GROUP);
foreach ($providers as $provider) {
/**
* @var $provider \HTRouter\AuthnModule
*/
$result = $provider->checkPassword($request, $user, $pass);
if ($result != \HTRouter\AuthModule::AUTH_NOT_FOUND) {
// Found (either denied or granted), we don't need to check any more providers
break;
}
}
// Set the authenticated user inside the request
if ($result != \HTRouter\AuthModule::AUTH_GRANTED) {
if ($this->getConfig()->get("AuthzUserAuthoritative") && $result != \HTRouter\AuthModule::AUTH_DENIED) {
// Not authoritative so we decline and goto the next checker
return \HTRouter::STATUS_DECLINED;
}
switch ($result) {
case \HTRouter\AuthModule::AUTH_DENIED:
$retval = \HTRouter::STATUS_HTTP_UNAUTHORIZED;
break;
case \HTRouter\AuthModule::AUTH_NOT_FOUND:
$retval = \HTRouter::STATUS_HTTP_UNAUTHORIZED;
break;
default:
$retval = \HTRouter::STATUS_HTTP_INTERNAL_SERVER_ERROR;
break;
}
// If we need to send a 403, do it
if ($retval == \HTRouter::STATUS_HTTP_UNAUTHORIZED) {
$request->appendOutHeaders("WWW-Authenticate", "Basic realm=\"" . $this->getConfig()->get("AuthName") . "\"");
}
return $result;
}
return \HTRouter::STATUS_OK;
}
