/** * Ensures that resolve() works as expected when provided nonexistent user * * @return void */ public function testResolveUserNonexistent() { $this->assertFalse( $this->_resolver->resolve('nonexistent', 'Test Realm'), 'Accepted a nonexistent user from an existing realm' ); }
/** * authenticates request * * @access protected */ protected function _authorize() { $config = array('accept_schemes' => 'basic', 'realm' => 'trade-capture'); $adapter = new Zend_Auth_Adapter_Http($config); $options = $this->_getConfigOptions(); $basic_resolver_file = $options['auth']['file']['basic']; $basic_resolver = new Zend_Auth_Adapter_Http_Resolver_File(); $basic_resolver->setFile($basic_resolver_file); $request = $this->getRequest(); $response = $this->getResponse(); $adapter->setBasicResolver($basic_resolver); $adapter->setRequest($request); $adapter->setResponse($response); $result = $adapter->authenticate(); if (!$result->isValid()) { $request->setActionName('unauth'); } }
/** * Implements HTTP Basic auth */ public function preDispatch() { parent::preDispatch(); $action = strtolower($this->getRequest()->getActionName()); if (in_array($action, $this->authActions)) { $auth = \Zend_Auth::getInstance(); $this->auth = $auth; if (!$auth->hasIdentity()) { $config = array('accept_schemes' => 'basic', 'realm' => GEMS_PROJECT_NAME, 'nonce_timeout' => 3600); $adapter = new \Zend_Auth_Adapter_Http($config); $basicResolver = new \Zend_Auth_Adapter_Http_Resolver_File(); //This is a basic resolver, use username:realm:password //@@TODO: move to a better db stored authentication system $basicResolver->setFile(GEMS_ROOT_DIR . '/var/settings/pwd.txt'); $adapter->setBasicResolver($basicResolver); $request = $this->getRequest(); $response = $this->getResponse(); assert($request instanceof \Zend_Controller_Request_Http); assert($response instanceof \Zend_Controller_Response_Http); $adapter->setRequest($request); $adapter->setResponse($response); $result = $auth->authenticate($adapter); if (!$result->isValid()) { $adapter->getResponse()->sendResponse(); print 'Unauthorized'; exit; } } } }