protected function sendRequest(StreamInterface $stream, HttpRequest $request) { $chunked = 'chunked' == strtolower(trim($request->getHeader('Transfer-Encoding', ''))); $chunked = $chunked && $request->hasEntity(); $compress = 'gzip' == strtolower(trim($request->getHeader('Content-Encoding', ''))); $this->sendRequestLine($stream, $request); foreach ($request->getHeaders() as $n => $headers) { if ($n == 'content-length') { continue; } if (!$chunked && $n == 'transfer-encoding') { continue; } foreach ($headers as $header) { $stream->write(sprintf("%s: %s\r\n", $header[0], $header[1])); } } $encoded = []; foreach ($request->getCookies() as $k => $v) { $encoded[] = Uri::encode($k) . '=' . Uri::encode($v); } if (!empty($encoded)) { $stream->write(sprintf("Cookie: %s\r\n", implode('; ', $encoded))); } if (!$chunked) { $this->sendEntity($stream, $request, $compress); } else { $this->sendChunkedEntity($stream, $request, $compress); } }
protected function getDestinationPath(Uri $baseUri, HttpRequest $request) { if (!$request->hasHeader('Destination')) { throw new BadRequestException(); } $dest = $request->getHeader('Destination'); if (preg_match("'^(?:https?:)?//'i", $dest)) { try { $uri = new Uri($dest); } catch (\Exception $e) { throw new BadRequestException($e); } if (0 !== strpos((string) $uri, rtrim($baseUri, '/') . '/')) { throw new WebDavException(WebDav::CODE_BAD_GATEWAY); } return Uri::decode(substr($uri->getPath(), strlen(rtrim($baseUri->getPath(), '/') . '/'))); } if (preg_match("'^/.*'", $dest)) { $path = '/' . trim($dest, '/'); $base = rtrim('/' . $baseUri->getPath(), '/') . '/'; if (0 !== strpos($path, $base)) { throw new WebDavException(WebDav::CODE_BAD_GATEWAY); } return Uri::decode(substr($path, strlen($base))); } throw new BadRequestException(); }
public function handle($path, Uri $baseUri, HttpRequest $request, StorageInterface $storage) { if (!$request->isDelete()) { return; } $resource = $storage->findResource($path); if ($resource->isCollection() && $request->hasHeader('Depth')) { $depth = $request->getHeader('Depth', 'infinity'); if ($depth != 'infinity') { throw new BadRequestException(); } } $storage->beginTransaction(); try { $storage->deleteResource($resource); } catch (\Exception $e) { $storage->rollBack(); throw $e; } $storage->commit(); return new HttpResponse(WebDav::CODE_NO_CONTENT); }
/** * {@inheritdoc} */ public function updateCredentials(HttpRequest $request) { $this->setStatus(self::NO_CREDENTIALS); $this->username = NULL; $this->password = NULL; if ('' === ($auth = trim($request->getHeader('Authorization', '')))) { return; } $parts = preg_split("'\\s+'", $auth, 2); if (!is_array($parts) || count($parts) != 2 || strtolower($parts[0]) !== 'basic') { return; } $credentials = explode(':', (string) @base64_decode($parts[1]), 2); if (!is_array($credentials) || count($credentials) != 2) { return; } $username = $credentials[0]; if (false !== ($index = strrpos($username, '\\\\'))) { $username = substr($username, $index + 1); } $this->username = trim($username); $this->password = trim($credentials[1]); $this->setStatus(self::AUTHENTICATION_NEEDED); }
public function updateCredentials(HttpRequest $request) { $this->setStatus(self::NO_CREDENTIALS); $this->type = NULL; $this->username = NULL; $this->domain = NULL; $this->workstation = NULL; $this->clientBlob = NULL; $this->clientHash = NULL; $this->flags = NULL; $this->auth = NULL; if ('' === ($auth = trim($request->getHeader('Authorization', '')))) { return; } $parts = preg_split("'\\s+'", $auth, 2); if (!is_array($parts) || count($parts) != 2 || strtoupper($parts[0]) !== 'NTLM') { return; } $this->setStatus(self::AUTHENTICATION_NEEDED); $auth = @base64_decode($parts[1]); if (self::NTLM_HEADER !== substr($auth, 0, 8)) { return; } $this->auth = $auth; // Unpack the message type sent by the client, must be one of 1 or 3. $type = (int) $this->readUnsignedLong($this->auth, 8); if (1 == $type) { $this->type = 1; $this->flags = (int) $this->readUnsignedLong($this->auth, 12); } elseif (3 == $type) { $this->type = 3; $this->domain = $this->readSecurityBuffer($this->auth, 28); $this->username = $this->readSecurityBuffer($this->auth, 36); $this->workstation = $this->readSecurityBuffer($this->auth, 44); if (false !== strpos($this->username, '@')) { $tmp = explode('@', $this->username, 2); $this->username = trim($tmp[0]); $this->domain = trim($tmp[1]); } $ntlm = $this->readSecurityBuffer($this->auth, 20, false); $this->clientHash = (string) substr($ntlm, 0, 16); $this->clientBlob = (string) substr($ntlm, 16); } }
protected function handleUnlock(ResourceInterface $resource, Uri $baseUri, HttpRequest $request, LockStorageInterface $storage) { if (!$resource instanceof LockableResourceInterface) { throw new MethodNotAllowedException(); } if (!$resource->isLockSupported()) { throw new MethodNotAllowedException(); } if (!$resource->isLocked()) { throw new LockTokenMatchesRequestUriException(WebDav::CODE_CONFLICT); } if (!$request->hasHeader('Lock-Token')) { throw new BadRequestException(); } try { $tmp = $request->getHeader('Lock-Token', ''); $m = NULL; if (!preg_match("'^<?urn:webdav:lock:([0-9a-f\\-]{36})>?\$'i", $tmp, $m)) { throw new BadRequestException(); } $token = new UUID($m[1]); } catch (\InvalidArgumentException $e) { throw new BadRequestException($e); } $lockInfo = $resource->getLockInfo(); if ($token != $lockInfo->getToken() || $lockInfo->getExpires() < new \DateTime()) { throw new LockTokenMatchesRequestUriException(WebDav::CODE_CONFLICT); } $storage->beginTransaction(); try { $storage->removeLock($lockInfo); } catch (\Exception $e) { $storage->rollBack(); throw $e; } $storage->commit(); return new HttpResponse(Http::CODE_NO_CONTENT); }
/** * {@inheritdoc} */ public function updateCredentials(HttpRequest $request) { $this->setStatus(self::NO_CREDENTIALS); $this->stale = false; $this->username = NULL; $this->realm = NULL; $this->nonce = NULL; $this->uri = NULL; $this->qop = NULL; $this->nc = NULL; $this->cnonce = NULL; $this->opaque = NULL; $this->response = NULL; $this->ha2 = NULL; if ('' === ($auth = trim($request->getHeader('Authorization', '')))) { return; } $parts = preg_split("'\\s+'", $auth, 2); if (!is_array($parts) || count($parts) != 2 || strtolower($parts[0]) !== 'digest') { return; } $digest = $this->parseDigest($parts[1], $request); $this->username = array_key_exists('username', $digest) ? (string) $digest['username'] : NULL; $this->realm = array_key_exists('realm', $digest) ? (string) $digest['realm'] : NULL; $this->nonce = array_key_exists('nonce', $digest) ? (string) $digest['nonce'] : NULL; $this->uri = $request->getRawUri(); $this->qop = array_key_exists('qop', $digest) ? (string) $digest['qop'] : NULL; $this->nc = array_key_exists('nc', $digest) ? (string) $digest['nc'] : NULL; $this->cnonce = array_key_exists('cnonce', $digest) ? (string) $digest['cnonce'] : NULL; $this->opaque = array_key_exists('opaque', $digest) ? (string) $digest['opaque'] : NULL; $this->response = array_key_exists('response', $digest) ? (string) $digest['response'] : NULL; if ($this->auth->getQualityOfProtection() == HttpDigestAuthenticationProvider::QOP_AUTH_INT) { $this->ha2 = md5(sprintf('%s:%s:%s', $request->getMethod(false), $this->uri, $this->computeContentMd5($request))); } else { $this->ha2 = md5(sprintf('%s:%s', $request->getMethod(false), $this->uri)); } $this->setStatus(self::AUTHENTICATION_NEEDED); }