/** * {@inheritdoc} */ public function startAuthentication(TokenInterface $token, HttpRequest $request, HttpResponse $response) { if (!$token instanceof HttpDigestToken) { throw new SecurityException(sprintf('Invalid token %s passed to %s', get_class($token), get_class($this))); } $params = ['realm' => $this->auth->getRealm(), 'qop' => $this->auth->getQualityOfProtection(), 'opaque' => $this->auth->getOpaque(), 'nonce' => $this->auth->createNonce($this->securityContext)]; if ($token->isStale()) { $params['stale'] = true; } $authString = 'Digest '; $i = 0; foreach ($params as $name => $value) { if ($i++ > 0) { $authString .= ','; } if (is_bool($value)) { $authString .= sprintf('%s=%s', $name, $value ? 'true' : 'false'); } elseif (is_numeric($value)) { $authString .= sprintf('%s=%s', $name, $value); } else { $authString .= sprintf('%s="%s"', $name, str_replace('"', '\\"', trim($value))); } } $response->setStatus(Http::CODE_UNAUTHORIZED); $response->setReason(Http::getReason(Http::CODE_UNAUTHORIZED)); $response->addHeader('WWW-Authenticate', $authString); }
/** * {@inheritdoc} */ public function startAuthentication(TokenInterface $token, HttpRequest $request, HttpResponse $response) { if (!$token instanceof HttpBasicToken) { throw new SecurityException(sprintf('Invalid token %s passed to %s', get_class($token), get_class($this))); } $response->setStatus(Http::CODE_UNAUTHORIZED); $response->setReason(Http::getReason(Http::CODE_UNAUTHORIZED)); $response->addHeader('WWW-Authenticate', sprintf('Basic realm="%s"', $this->auth->getRealm())); }
/** * Create a new HTTP response. * * @param integer $status HTTP status code. * @param string $reason * @param string $protocol */ public function __construct($status = Http::CODE_OK, $reason = '', $protocol = 'HTTP/1.1') { parent::__construct($protocol); $this->setStatus($status); $this->setReason($reason); if ($this->reason == '') { $this->reason = Http::getReason($this->status, $this->reason); } $this->setHeader('Date', gmdate(Http::DATE_FORMAT_RFC1123, time())); }
public function startAuthentication(TokenInterface $token, HttpRequest $request, HttpResponse $response) { if (!$token instanceof NtlmAuthToken) { throw new SecurityException(sprintf('Invalid token %s passed to %s', get_class($token), get_class($this))); } $response->setStatus(Http::CODE_UNAUTHORIZED); $response->setReason(Http::getReason(Http::CODE_UNAUTHORIZED)); if ($token->isMessage1()) { $message = $token->getChallengeMessage($this->provider->createChallenge($this->context)); $response->addHeader('WWW-Authenticate', sprintf('NTLM %s', base64_encode($message))); } else { $response->addHeader('WWW-Authenticate', 'NTLM'); } }
/** * {@inheritdoc} */ public function startAuthentication(TokenInterface $token, HttpRequest $request, HttpResponse $response) { if (!$token instanceof FormAuthToken) { throw new SecurityException(sprintf('Invalid token %s passed to %s', get_class($token), get_class($this))); } $loginUri = new Uri($this->auth->getLoginUri()); $path = trim($request->getUri()->getPath(false), '/'); $loginPath = trim($loginUri->getPath(false), '/'); $session = $this->securityContext->getSession(); $data = (array) $session->get($this->auth->getKey(), NULL); // Save the current URI when it is not the login URI. if ($path !== $loginPath && !array_key_exists(FormAuthenticationProvider::SESSION_URI, $data)) { $data[FormAuthenticationProvider::SESSION_URI] = (string) $request->getUri(); } $session->set($this->auth->getKey(), $data); $response->setStatus(Http::REDIRECT_TEMPORARY); $response->setReason(Http::getReason(Http::REDIRECT_TEMPORARY)); $response->setHeader('Location', $loginUri); }
public function __construct($status = NULL, \Exception $cause = NULL) { $status = $status === NULL ? Http::CODE_INTERNAL_SERVER_ERROR : $status; parent::__construct(Http::getReason($status), $status, $cause); }
/** * Get the reason message for an HTTP code. * * @param integer $code * @param mixed $default * @return mixed */ public static function getReason($code, $default = NULL) { $code = (int) $code; if (array_key_exists($code, static::$webDavStatusMessages)) { return static::$webDavStatusMessages[$code]; } return parent::getReason($code, $default); }
/** * Evaluate preconditions found in this request based on the given values and create an appropriate * HTTP response if an HTTP/1.1 304 Not Modified response should be sent. * * You can pass an ETag, a modification time or bot of these to the method, every precondition * that is not NULL will be checked. * * @param EntityTag $etag The ETag of the requested resource. * @param \DateTimeInterface $lastModified Date of the last modification of the requested resource. * @return HttpResponse An HTTP 304 response or NULL if the client cache is invalid. */ public function evaluatePreconditions(EntityTag $etag = NULL, \DateTimeInterface $lastModified = NULL) { $response = new HttpResponse(); if ($etag !== NULL) { if ($this->hasHeader('If-None-Match')) { $valid = $this->firstHeader(function (IfNoneMatchHeader $match) use($etag) { return $match->isWildcard() || $match->getEntityTag() == $etag; }); if ($valid) { $response->setStatus(Http::CODE_NOT_MODIFIED); $response->setReason(Http::getReason(Http::CODE_NOT_MODIFIED)); $response->setHeader(new ETagHeader($etag)); } } } if ($lastModified !== NULL) { $unmodified = false; if ($this->hasHeader('If-Modified-Since')) { $unmodified = $this->firstHeader(function (IfModifiedSinceHeader $since) use($lastModified) { return $since->getDate() >= $lastModified; }); } if ($unmodified) { $response->setStatus(Http::CODE_NOT_MODIFIED); $response->setReason(Http::getReason(Http::CODE_NOT_MODIFIED)); $response->setHeader(new LastModifiedHeader($lastModified)); } } return $response->isRedirect() ? $response : NULL; }