function testRequireLogin()
{
$response = new Response();
$basic = new Basic('Dagger', new Request(), $response);
$basic->requireLogin();
$this->assertEquals('Basic realm="Dagger"', $response->getHeader('WWW-Authenticate'));
$this->assertEquals(401, $response->getStatus());
}
public function exec()
{
// If ANONYMOUS_ONLY is set to true in the config, don't require credentials;
// also the 'logout' action makes no sense for an anonymous server:
if ($this->config->anonymous_only) {
$this->log->info("anonymous login accepted\n");
$this->anonymous = true;
return true;
}
$sapi = new HTTP\Sapi();
$response = new HTTP\Response();
$request = $sapi->getRequest();
$auth = new HTTP\Auth\Basic('Web Folders', $request, $response);
// If no basic auth creds set, but the variables "user" and "pass" were
// posted to the page (e.g. from a/the login form), substitute those:
if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW'])) {
if (isset($_POST) && isset($_POST['user']) && isset($_POST['pass'])) {
$_SERVER['PHP_AUTH_USER'] = $_POST['user'];
$_SERVER['PHP_AUTH_PW'] = $_POST['pass'];
// HACK: dynamically change the request method to GET, because
// otherwise SambaDAV will throw an exception because there is
// no POST handler installed. This change causes SabreDAV to
// process this request just like any other basic auth login:
$_SERVER['REQUEST_METHOD'] = 'GET';
}
}
list($this->user, $this->pass) = $auth->getCredentials();
if ($this->user === false || $this->user === '') {
$this->user = null;
}
if ($this->pass === false || $this->pass === '') {
$this->pass = null;
}
if (isset($_GET['logout'])) {
// If you're tagged with 'logout' but you're not passing a
// username/pass, redirect to plain index:
if ($this->user === null || $this->pass === null) {
header("Location: {$this->baseuri}");
return false;
}
// Otherwise, if you're tagged with 'logout', make sure
// the authentication is refused, to make the browser
// flush its cache:
$this->showLoginForm($auth, $response);
return false;
}
if ($this->checkAuth() === false) {
sleep(2);
$this->showLoginForm($auth, $response);
return false;
}
$this->log->info("login accepted for '%s'\n", is_null($this->user) ? '(none)' : $this->user);
return true;
}
/**
* Authenticates the user based on the current request.
*
* If authentication is successful, true must be returned.
* If authentication fails, an exception must be thrown.
*
* @param DAV\Server $server
* @param string $realm
* @throws DAV\Exception\NotAuthenticated
* @return bool
*/
function authenticate(DAV\Server $server, $realm)
{
$auth = new HTTP\Auth\Basic($realm, $server->httpRequest, $server->httpResponse);
$userpass = $auth->getCredentials($server->httpRequest);
if (!$userpass) {
$auth->requireLogin();
throw new DAV\Exception\NotAuthenticated('No basic authentication headers were found');
}
// Authenticates the user
if (!$this->validateUserPass($userpass[0], $userpass[1])) {
$auth->requireLogin();
throw new DAV\Exception\NotAuthenticated('Username or password does not match');
}
$this->currentUser = $userpass[0];
return true;
}
* @copyright Copyright (C) 2009-2015 fruux GmbH (https://fruux.com/).
* @author Evert Pot (http://evertpot.com/)
* @license http://sabre.io/license/ Modified BSD License
*/
$userList = ["user1" => "password", "user2" => "password"];
use Sabre\HTTP\Sapi;
use Sabre\HTTP\Response;
use Sabre\HTTP\Auth;
// Find the autoloader
$paths = [__DIR__ . '/../vendor/autoload.php', __DIR__ . '/../../../autoload.php', __DIR__ . '/vendor/autoload.php'];
foreach ($paths as $path) {
if (file_exists($path)) {
include $path;
break;
}
}
$request = Sapi::getRequest();
$response = new Response();
$basicAuth = new Auth\Basic("Locked down area", $request, $response);
if (!($userPass = $basicAuth->getCredentials())) {
// No username or password given
$basicAuth->requireLogin();
} elseif (!isset($userList[$userPass[0]]) || $userList[$userPass[0]] !== $userPass[1]) {
// Username or password are incorrect
$basicAuth->requireLogin();
} else {
// Success !
$response->setBody('You are logged in!');
}
// Sending the response
Sapi::sendResponse($response);
/**
* This method is called when a user could not be authenticated, and
* authentication was required for the current request.
*
* This gives you the opportunity to set authentication headers. The 401
* status code will already be set.
*
* In this case of Basic Auth, this would for example mean that the
* following header needs to be set:
*
* $response->addHeader('WWW-Authenticate', 'Basic realm=SabreDAV');
*
* Keep in mind that in the case of multiple authentication backends, other
* WWW-Authenticate headers may already have been set, and you'll want to
* append your own WWW-Authenticate header instead of overwriting the
* existing one.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return void
*/
function challenge(RequestInterface $request, ResponseInterface $response)
{
$auth = new HTTP\Auth\Basic($this->realm, $request, $response);
$auth->requireLogin();
}
/**
* Constructor.
*
* @param string $realm
* @param \Sabre\HTTP\RequestInterface $request
* @param \Sabre\HTTP\ResponseInterface $response
* @param UserManagerInterface $user_manager
*/
public function __construct($realm, RequestInterface $request, ResponseInterface $response, UserManagerInterface $user_manager)
{
$this->user_manager = $user_manager;
parent::__construct($realm, $request, $response);
}
