public static function parseUserPass(HTTP\Request $httpRequest) { // Apache and mod_php if ($user = $httpRequest->getRawServerValue('PHP_AUTH_USER')) { $pass = ""; if ($passw = $httpRequest->getRawServerValue('PHP_AUTH_PW')) { $pass = $passw; } return array($user, $pass); } // Most other webservers $auth = $httpRequest->getHeader('Authorization'); // Apache could prefix environment variables with REDIRECT_ when urls // are passed through mod_rewrite if (!$auth) { $auth = $httpRequest->getRawServerValue('REDIRECT_HTTP_AUTHORIZATION'); } if (!$auth) { return false; } if (strpos(strtolower($auth), 'basic') !== 0) { return false; } return explode(':', base64_decode(substr($auth, 6)), 2); }
/** * */ public static function checkJmapAuth(Request $request, AuthenticatedIdentity &$identity = null) { // check authentication status $token = $request->getHeader('Authorization'); if (empty($token)) { return 401; } // cut off authorization scheme $token = preg_replace('/^X-JMAP\\s+/', '', $token); // load session data for the given auth token $session = App::getInstance()->get('Session'); $session->start($token); if (empty($session->get('Auth\\authenticated'))) { return 401; } // load identity from session $identity = $session->get('Auth\\identity'); return 200; }