public function testUsfAuthHmacGoodTokenTest() { Utils::setMethod('GET'); Utils::setRequestHeader('key1', 'value1'); Utils::setRequestHeader('key2', 'value2'); Utils::setRequestHeader('Content-Type', 'text/plain'); Utils::setRequestHeader('Date', date('r')); Utils::setBody('This is the body.'); Utils::setResourceUri('/test.php'); $signer = new RequestSigner(); $signer->setProvider('USF'); $signature = $signer->getAuthorization(new SimpleRequest(), 'testId', 'testSecret'); Utils::setRequestHeader('Authorization', $signature); $keyArray = ["testId" => "testSecret"]; $usfAuthHmac = new UsfAuthHmac($keyArray, "+30 minutes"); $usfAuthHmac->setRequestWrapper(new SimpleRequest()); $result = $usfAuthHmac->authenticate(); $this->assertTrue($result); }
/** * Authenticate request * * @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request * @return void * @throws Exception */ private function authenticate($request) { switch (strtolower($this->authN_type)) { case 'cas': // Use CAS authentication. $casAuth = new UsfAuthCAS($this->config['cas']); $casAuth->auth(); //Authorization check $this->isAuthorized = $casAuth->isAuthorized($this->authZ_roles); //Add the username and entitlements to the request $request = $request->withHeader('AUTH_PRINCIPAL', $casAuth->getPrincipal()); $request = $request->withHeader('AUTH_ENTITLEMENTS', $casAuth->getEntitlements()); //Add all Attributes foreach ($casAuth->getAttributes() as $key => $value) { $request = $request->withHeader('AUTH_ATTR_' . strtoupper($key), $value); } break; case 'token': // Use the USF Token Auth library. $tokenAuth = new UsfAuthToken($this->config['token']['app_id'], $this->config['token']['token_url']); $tokenAuth->setRequestMethod($request->getMethod()); $tokenAuth->setReferrer($request->getHeader('HTTP_REFERER')); //Validate request token $tokenAuth->validateRequest($request->getHeader('HTTP_X_AUTH_TOKEN')); //Authorization check $this->isAuthorized = $tokenAuth->isAuthorized($this->authZ_roles); //Add the username and entitlements to the request $request = $request->withHeader('AUTH_PRINCIPAL', $tokenAuth->getPrincipal()); $request = $request->withHeader('AUTH_ENTITLEMENTS', $tokenAuth->getEntitlements()); //Add all Attributes foreach ($tokenAuth->getAttributes() as $key => $value) { $request = $request->withHeader('AUTH_ATTR_' . strtoupper($key), $value); } break; case 'hmac': // HMAC authentication: https://github.com/acquia/http-hmac-spec $hmacAuth = new UsfAuthHmac($this->config['hmac']['keyRegistry']); if (!empty($this->config['hmac']['timeout'])) { $hmacAuth->setTimeout($this->config['hmac']['timeout']); } $hmacAuth->setRequestWrapper(new Psr7Request($request)); try { $hmacAuth->authenticate(); $this->isAuthorized = true; } catch (\Exception $exception) { $this->isAuthorized = false; } //Add the username to the request $request = $request->withHeader('AUTH_PRINCIPAL', $hmacAuth->getPrincipal()); break; case 'permitall': // No authentication - let everyone in. $this->isAuthorized = true; break; case 'denyall': // No authentication - keep everyone out. $this->isAuthorized = false; break; default: throw new \Exception("Unknown Authentication type: " . $this->authN_type, 500); break; } return $request; }
<?php namespace USF\auth; use Acquia\Hmac\RequestAuthenticator; use Acquia\Hmac\RequestSigner; require_once 'vendor/autoload.php'; $keyArray = ['apiKeyId' => 'secretKey']; $auth = new UsfAuthHmac($keyArray); $auth->setTimeout('+1 minutes'); if ($auth->authenticate()) { echo $auth->getPrincipal() . " blah"; } else { echo "auth failure"; }