/** * This method is called when a user could not be authenticated, and * authentication was required for the current request. * * This gives you the opportunity to set authentication headers. The 401 * status code will already be set. * * In this case of Basic Auth, this would for example mean that the * following header needs to be set: * * $response->addHeader('WWW-Authenticate', 'Basic realm=SabreDAV'); * * Keep in mind that in the case of multiple authentication backends, other * WWW-Authenticate headers may already have been set, and you'll want to * append your own WWW-Authenticate header instead of overwriting the * existing one. * * @param RequestInterface $request * @param ResponseInterface $response */ public function challenge(RequestInterface $request, ResponseInterface $response) { $auth = new Auth\BasicAuth($this->realm, $request, $response, $this->user_manager); $userpass = $auth->getCredentials($this->encoder_service); if (!$userpass) { $auth->requireLogin(); } // Authenticates the user if (!$this->validateUserPass($userpass[0], $userpass[1])) { $auth->requireLogin(); } $this->currentUser = $userpass[0]; $request->setCurrentUsername($this->currentUser); }