/** * This method is called before any HTTP method and forces users to be authenticated * * @param string $method * @throws Sabre_DAV_Exception_NotAuthenticated * @return bool */ public function beforeMethod($method) { $digest = new Sabre_HTTP_DigestAuth(); // Hooking up request and response objects $digest->setHTTPRequest($this->server->httpRequest); $digest->setHTTPResponse($this->server->httpResponse); $digest->setRealm($this->realm); $digest->init(); $username = $digest->getUsername(); // No username was given if (!$username) { $digest->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('No digest authentication headers were found'); } // Now checking the backend for the A1 hash $A1 = $this->authBackend->getDigestHash($username); // If this was false, the user account didn't exist if (!$A1) { $digest->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('The supplied username was not on file'); } // If this was false, the password or part of the hash was incorrect. if (!$digest->validateA1($A1)) { $digest->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('Incorrect username'); } $this->userName = $username; $this->userId = $this->authBackend->getUserId($username); // Eventhooks must return true to continue processing return true; }
/** * Authenticates the user based on the current request. * * If authentication is successful, true must be returned. * If authentication fails, an exception must be thrown. * * @param Sabre_DAV_Server $server * @param string $realm * @throws Sabre_DAV_Exception_NotAuthenticated * @return bool */ public function authenticate(Sabre_DAV_Server $server, $realm) { $digest = new Sabre_HTTP_DigestAuth(); // Hooking up request and response objects $digest->setHTTPRequest($server->httpRequest); $digest->setHTTPResponse($server->httpResponse); $digest->setRealm($realm); $digest->init(); $username = $digest->getUsername(); // No username was given if (!$username) { $digest->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('No digest authentication headers were found'); } $hash = $this->getDigestHash($realm, $username); // If this was false, the user account didn't exist if ($hash === false || is_null($hash)) { $digest->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('The supplied username was not on file'); } if (!is_string($hash)) { throw new Sabre_DAV_Exception('The returned value from getDigestHash must be a string or null'); } // If this was false, the password or part of the hash was incorrect. if (!$digest->validateA1($hash)) { $digest->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('Incorrect username'); } $this->currentUser = $username; return true; }
/** * Authenticates the user based on the current request. * * If authentication is succesful, true must be returned. * If authentication fails, an exception must be thrown. * * @throws Sabre_DAV_Exception_NotAuthenticated * @return bool */ public function authenticate(Sabre_DAV_Server $server, $realm) { $digest = new Sabre_HTTP_DigestAuth(); // Hooking up request and response objects $digest->setHTTPRequest($server->httpRequest); $digest->setHTTPResponse($server->httpResponse); $digest->setRealm($realm); $digest->init(); $username = $digest->getUsername(); // No username was given if (!$username) { $digest->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('No digest authentication headers were found'); } $userData = $this->getUserInfo($realm, $username); // If this was false, the user account didn't exist if ($userData === false) { $digest->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('The supplied username was not on file'); } if (!is_array($userData)) { throw new Sabre_DAV_Exception('The returntype for getUserInfo must be either false or an array'); } if (!isset($userData['uri']) || !isset($userData['digestHash'])) { throw new Sabre_DAV_Exception('The returned array from getUserInfo must contain at least a uri and digestHash element'); } // If this was false, the password or part of the hash was incorrect. if (!$digest->validateA1($userData['digestHash'])) { $digest->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('Incorrect username'); } $this->currentUser = $userData; return true; }
public function testDigestAuthInt() { $this->auth->setQOP(Sabre_HTTP_DigestAuth::QOP_AUTHINT | Sabre_HTTP_DigestAuth::QOP_AUTH); list($nonce, $opaque) = $this->getServerTokens(Sabre_HTTP_DigestAuth::QOP_AUTHINT | Sabre_HTTP_DigestAuth::QOP_AUTH); $username = '******'; $password = 12345; $nc = '00003'; $cnonce = uniqid(); $digestHash = md5(md5($username . ':' . self::REALM . ':' . $password) . ':' . $nonce . ':' . $nc . ':' . $cnonce . ':' . 'auth-int:' . md5('POST' . ':' . '/' . ':' . md5('body'))); $request = new Sabre_HTTP_Request(array('REQUEST_METHOD' => 'POST', 'PHP_AUTH_DIGEST' => 'username="******", realm="' . self::REALM . '", nonce="' . $nonce . '", uri="/", response="' . $digestHash . '", opaque="' . $opaque . '", qop=auth-int,nc=' . $nc . ',cnonce="' . $cnonce . '"')); $request->setBody('body'); $this->auth->setHTTPRequest($request); $this->auth->init(); $this->assertTrue($this->auth->validateA1(md5($username . ':' . self::REALM . ':' . $password)), 'Authentication is deemed invalid through validateA1'); }
} } // The rootNode needs to be passed to the server object. $server = new Sabre_DAV_Server(); $server->setBaseUri($baseUri); // Support for LOCK and UNLOCK $lockBackend = new Sabre_DAV_Locks_Backend_File($tmpDir . '/locksdb'); $lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend); $server->addPlugin($lockPlugin); // Automatically guess (some) contenttypes, based on extesion $server->addPlugin(new Sabre_DAV_Browser_GuessContentType()); $server->addPlugin(new Sabre_DAV_Browser_Plugin()); // Authentication backend //$authBackend = new Sabre_DAV_Auth_Backend_File('.htdigest'); $authBackend = new Sabre_DAV_Auth_Backend_PDO($pdo); $auth = new Sabre_DAV_Auth_Plugin($authBackend, 'SabreDAV'); $server->addPlugin($auth); $digest = new Sabre_HTTP_DigestAuth(); // Hooking up request and response objects $digest->setHTTPRequest($server->httpRequest); $digest->setHTTPResponse($server->httpResponse); $digest->setRealm('SabreDAV'); $digest->init(); $user = $digest->getUsername(); $rootNode = new MyCollection($publicDir, $pdo, $user); $server->tree = new Sabre_DAV_ObjectTree($rootNode); // Temporary file filter $tempFF = new Sabre_DAV_TemporaryFileFilterPlugin($tmpDir); $server->addPlugin($tempFF); // And off we go! $server->exec();