/** * @param \HTRouter\Request $request * @return int */ public function authenticateDigestUser(\HTRouter\Request $request) { /** * @var $plugin \HTRouter\AuthModule */ $plugin = $this->_container->getConfig()->get("AuthType"); if (!$plugin || !$plugin instanceof \HTRouter\AuthModule || $plugin->getName() != "Digest") { return \HTRouter::STATUS_DECLINED; } // Set our handler type $request->setAuthType($this->getName()); // Not yet available return \HTRouter::STATUS_DECLINED; }
/** * @param \HTRouter\Request $request * @return array|int */ public function authenticateBasicUser(\HTRouter\Request $request) { /** * @var $plugin \HTRouter\AuthModule */ $plugin = $this->_container->getConfig()->get("AuthType"); if (!$plugin || !$plugin instanceof \HTRouter\AuthModule || $plugin->getName() != "Basic") { return \HTRouter::STATUS_DECLINED; } // Set our handler type $request->setAuthType($this->getName()); // Check realm if (!$this->getConfig()->get("AuthName")) { $this->getLogger()->log(\HTRouter\Logger::ERRORLEVEL_ERROR, "need authname: " . $request->getUri()); return \HTRouter::STATUS_HTTP_INTERNAL_SERVER_ERROR; } $ret = $this->_getBasicAuth($request); if (!is_array($ret)) { $request->appendOutHeaders("WWW-Authenticate", "Basic realm=\"" . $this->getConfig()->get("AuthName") . "\""); return $ret; } list($user, $pass) = $ret; // By default, we are not found $result = \HTRouter\AuthModule::AUTH_NOT_FOUND; // Iterator through all the registered providers to $providers = $this->getRouter()->getProviders(\HTRouter::PROVIDER_AUTHN_GROUP); foreach ($providers as $provider) { /** * @var $provider \HTRouter\AuthnModule */ $result = $provider->checkPassword($request, $user, $pass); if ($result != \HTRouter\AuthModule::AUTH_NOT_FOUND) { // Found (either denied or granted), we don't need to check any more providers break; } } // Set the authenticated user inside the request if ($result != \HTRouter\AuthModule::AUTH_GRANTED) { if ($this->getConfig()->get("AuthzUserAuthoritative") && $result != \HTRouter\AuthModule::AUTH_DENIED) { // Not authoritative so we decline and goto the next checker return \HTRouter::STATUS_DECLINED; } switch ($result) { case \HTRouter\AuthModule::AUTH_DENIED: $retval = \HTRouter::STATUS_HTTP_UNAUTHORIZED; break; case \HTRouter\AuthModule::AUTH_NOT_FOUND: $retval = \HTRouter::STATUS_HTTP_UNAUTHORIZED; break; default: $retval = \HTRouter::STATUS_HTTP_INTERNAL_SERVER_ERROR; break; } // If we need to send a 403, do it if ($retval == \HTRouter::STATUS_HTTP_UNAUTHORIZED) { $request->appendOutHeaders("WWW-Authenticate", "Basic realm=\"" . $this->getConfig()->get("AuthName") . "\""); } return $result; } return \HTRouter::STATUS_OK; }