/** * Authenticates the user based on the current request. * * If authentication is successful, true must be returned. * If authentication fails, an exception must be thrown. * * @param DAV\Server $server * @param string $realm * @throws DAV\Exception\NotAuthenticated * @return bool */ function authenticate(DAV\Server $server, $realm) { $digest = new HTTP\Auth\Digest($realm, $server->httpRequest, $server->httpResponse); $digest->init(); $username = $digest->getUsername(); // No username was given if (!$username) { $digest->requireLogin(); throw new DAV\Exception\NotAuthenticated('No digest authentication headers were found'); } $hash = $this->getDigestHash($realm, $username); // If this was false, the user account didn't exist if ($hash === false || is_null($hash)) { $digest->requireLogin(); throw new DAV\Exception\NotAuthenticated('The supplied username was not on file'); } if (!is_string($hash)) { throw new DAV\Exception('The returned value from getDigestHash must be a string or null'); } // If this was false, the password or part of the hash was incorrect. if (!$digest->validateA1($hash)) { $digest->requireLogin(); throw new DAV\Exception\NotAuthenticated('Incorrect username'); } $this->currentUser = $username; return true; }
/** * This method is called when a user could not be authenticated, and * authentication was required for the current request. * * This gives you the opportunity to set authentication headers. The 401 * status code will already be set. * * In this case of Basic Auth, this would for example mean that the * following header needs to be set: * * $response->addHeader('WWW-Authenticate', 'Basic realm=SabreDAV'); * * Keep in mind that in the case of multiple authentication backends, other * WWW-Authenticate headers may already have been set, and you'll want to * append your own WWW-Authenticate header instead of overwriting the * existing one. * * @param RequestInterface $request * @param ResponseInterface $response * @return void */ function challenge(RequestInterface $request, ResponseInterface $response) { $auth = new HTTP\Auth\Digest($this->realm, $request, $response); $auth->init(); $oldStatus = $response->getStatus() ?: 200; $auth->requireLogin(); // Preventing the digest utility from modifying the http status code, // this should be handled by the main plugin. $response->setStatus($oldStatus); }
/** * This method is called when a user could not be authenticated, and * authentication was required for the current request. * * This gives you the opportunity to set authentication headers. The 401 * status code will already be set. * * In this case of Basic Auth, this would for example mean that the * following header needs to be set: * * $response->addHeader('WWW-Authenticate', 'Basic realm=SabreDAV'); * * Keep in mind that in the case of multiple authentication backends, other * WWW-Authenticate headers may already have been set, and you'll want to * append your own WWW-Authenticate header instead of overwriting the * existing one. * * @param RequestInterface $request * @param ResponseInterface $response * @return void */ function challenge(RequestInterface $request, ResponseInterface $response) { $auth = new HTTP\Auth\Digest($this->realm, $request, $response); $auth->init(); $auth->requireLogin(); }
* @author Markus Staab * @license http://sabre.io/license/ Modified BSD License */ $userList = ["user1" => "password", "user2" => "password"]; use Sabre\HTTP\Sapi; use Sabre\HTTP\Response; use Sabre\HTTP\Auth; // Find the autoloader $paths = [__DIR__ . '/../vendor/autoload.php', __DIR__ . '/../../../autoload.php', __DIR__ . '/vendor/autoload.php']; foreach ($paths as $path) { if (file_exists($path)) { include $path; break; } } $request = Sapi::getRequest(); $response = new Response(); $digestAuth = new Auth\Digest("Locked down area", $request, $response); $digestAuth->init(); if (!($userName = $digestAuth->getUsername())) { // No username given $digestAuth->requireLogin(); } elseif (!isset($userList[$userName]) || !$digestAuth->validatePassword($userList[$userName])) { // Username or password are incorrect $digestAuth->requireLogin(); } else { // Success ! $response->setBody('You are logged in!'); } // Sending the response Sapi::sendResponse($response);