/** * Authenticates the user based on the current request. * * If authentication is successful, true must be returned. * If authentication fails, an exception must be thrown. * * @param DAV\Server $server * @param string $realm * @throws DAV\Exception\NotAuthenticated * @return bool */ function authenticate(DAV\Server $server, $realm) { $digest = new HTTP\Auth\Digest($realm, $server->httpRequest, $server->httpResponse); $digest->init(); $username = $digest->getUsername(); // No username was given if (!$username) { $digest->requireLogin(); throw new DAV\Exception\NotAuthenticated('No digest authentication headers were found'); } $hash = $this->getDigestHash($realm, $username); // If this was false, the user account didn't exist if ($hash === false || is_null($hash)) { $digest->requireLogin(); throw new DAV\Exception\NotAuthenticated('The supplied username was not on file'); } if (!is_string($hash)) { throw new DAV\Exception('The returned value from getDigestHash must be a string or null'); } // If this was false, the password or part of the hash was incorrect. if (!$digest->validateA1($hash)) { $digest->requireLogin(); throw new DAV\Exception\NotAuthenticated('Incorrect username'); } $this->currentUser = $username; return true; }
/** * When this method is called, the backend must check if authentication was * successful. * * The returned value must be one of the following * * [true, "principals/username"] * [false, "reason for failure"] * * If authentication was successful, it's expected that the authentication * backend returns a so-called principal url. * * Examples of a principal url: * * principals/admin * principals/user1 * principals/users/joe * principals/uid/123457 * * If you don't use WebDAV ACL (RFC3744) we recommend that you simply * return a string such as: * * principals/users/[username] * * @param RequestInterface $request * @param ResponseInterface $response * @return array */ function check(RequestInterface $request, ResponseInterface $response) { $digest = new HTTP\Auth\Digest($this->realm, $request, $response); $digest->init(); $username = $digest->getUsername(); // No username was given if (!$username) { return [false, "No 'Authorization: Digest' header found. Either the client didn't send one, or the server is misconfigured"]; } $hash = $this->getDigestHash($this->realm, $username); // If this was false, the user account didn't exist if ($hash === false || is_null($hash)) { return [false, "Username or password was incorrect"]; } if (!is_string($hash)) { throw new DAV\Exception('The returned value from getDigestHash must be a string or null'); } // If this was false, the password or part of the hash was incorrect. if (!$digest->validateA1($hash)) { return [false, "Username or password was incorrect"]; } return [true, $this->principalPrefix . $username]; }
* @author Markus Staab * @license http://sabre.io/license/ Modified BSD License */ $userList = ["user1" => "password", "user2" => "password"]; use Sabre\HTTP\Sapi; use Sabre\HTTP\Response; use Sabre\HTTP\Auth; // Find the autoloader $paths = [__DIR__ . '/../vendor/autoload.php', __DIR__ . '/../../../autoload.php', __DIR__ . '/vendor/autoload.php']; foreach ($paths as $path) { if (file_exists($path)) { include $path; break; } } $request = Sapi::getRequest(); $response = new Response(); $digestAuth = new Auth\Digest("Locked down area", $request, $response); $digestAuth->init(); if (!($userName = $digestAuth->getUsername())) { // No username given $digestAuth->requireLogin(); } elseif (!isset($userList[$userName]) || !$digestAuth->validatePassword($userList[$userName])) { // Username or password are incorrect $digestAuth->requireLogin(); } else { // Success ! $response->setBody('You are logged in!'); } // Sending the response Sapi::sendResponse($response);