/** * {@inheritdoc} */ public function startAuthentication(TokenInterface $token, HttpRequest $request, HttpResponse $response) { if (!$token instanceof HttpDigestToken) { throw new SecurityException(sprintf('Invalid token %s passed to %s', get_class($token), get_class($this))); } $params = ['realm' => $this->auth->getRealm(), 'qop' => $this->auth->getQualityOfProtection(), 'opaque' => $this->auth->getOpaque(), 'nonce' => $this->auth->createNonce($this->securityContext)]; if ($token->isStale()) { $params['stale'] = true; } $authString = 'Digest '; $i = 0; foreach ($params as $name => $value) { if ($i++ > 0) { $authString .= ','; } if (is_bool($value)) { $authString .= sprintf('%s=%s', $name, $value ? 'true' : 'false'); } elseif (is_numeric($value)) { $authString .= sprintf('%s=%s', $name, $value); } else { $authString .= sprintf('%s="%s"', $name, str_replace('"', '\\"', trim($value))); } } $response->setStatus(Http::CODE_UNAUTHORIZED); $response->setReason(Http::getReason(Http::CODE_UNAUTHORIZED)); $response->addHeader('WWW-Authenticate', $authString); }
/** * {@inheritdoc} */ public function startAuthentication(TokenInterface $token, HttpRequest $request, HttpResponse $response) { if (!$token instanceof HttpBasicToken) { throw new SecurityException(sprintf('Invalid token %s passed to %s', get_class($token), get_class($this))); } $response->setStatus(Http::CODE_UNAUTHORIZED); $response->setReason(Http::getReason(Http::CODE_UNAUTHORIZED)); $response->addHeader('WWW-Authenticate', sprintf('Basic realm="%s"', $this->auth->getRealm())); }
public function startAuthentication(TokenInterface $token, HttpRequest $request, HttpResponse $response) { if (!$token instanceof NtlmAuthToken) { throw new SecurityException(sprintf('Invalid token %s passed to %s', get_class($token), get_class($this))); } $response->setStatus(Http::CODE_UNAUTHORIZED); $response->setReason(Http::getReason(Http::CODE_UNAUTHORIZED)); if ($token->isMessage1()) { $message = $token->getChallengeMessage($this->provider->createChallenge($this->context)); $response->addHeader('WWW-Authenticate', sprintf('NTLM %s', base64_encode($message))); } else { $response->addHeader('WWW-Authenticate', 'NTLM'); } }
public function process(DispatchRequest $dispatch) { if (!$dispatch->isMaster()) { return $dispatch->proceed(); } $request = $dispatch->getHttpRequest(); $path = $request->getPathInfo(); $m = NULL; if (!preg_match("'^_res/+(.+)\$'i", $path, $m)) { return $dispatch->proceed(); } $path = $m[1]; if ('app/' === substr($path, 0, 4)) { $resource = 'k2://app/' . substr($path, 4); } else { $parts = explode('/', $path, 2); if (count($parts) !== 2) { return new HttpResponse(Http::CODE_NOT_FOUND); } $resource = 'k2://' . $parts[0] . '/' . $parts[1]; } if (!is_file($resource)) { return new HttpResponse(Http::CODE_NOT_FOUND); } if (!$this->publisher->isPublic($resource)) { return new HttpResponse(Http::CODE_FORBIDDEN); } $response = new HttpResponse(); // Conditional caching: $etag = sprintf('"%x-%x"', filemtime($resource), filesize($resource)); $response->setHeader('Access-Control-Allow-Origin', '*'); $response->setHeader('Cache-Control', 'public, max-age=7200'); $response->setHeader('ETag', $etag); $response->setHeader(new ExpiresHeader(new \DateTimeImmutable('@' . (time() + 7200)))); if ($etag === $request->getHeader('If-None-Match', '')) { $response->setStatus(Http::CODE_NOT_MODIFIED); return $response; } $mediaType = new MediaType(Filesystem::guessMimeTypeFromFilename($resource)); $response->setHeader('X-Content-Type-Options', 'nosniff'); if ($mediaType->isType('text')) { $response->setHeader('Content-Type', $mediaType . '; charset="utf-8"'); } else { $response->setHeader('Content-Type', (string) $mediaType); } $response->setEntity(new FileEntity(new \SplFileInfo($resource))); return $response; }
/** * {@inheritdoc} */ public function startAuthentication(TokenInterface $token, HttpRequest $request, HttpResponse $response) { if (!$token instanceof FormAuthToken) { throw new SecurityException(sprintf('Invalid token %s passed to %s', get_class($token), get_class($this))); } $loginUri = new Uri($this->auth->getLoginUri()); $path = trim($request->getUri()->getPath(false), '/'); $loginPath = trim($loginUri->getPath(false), '/'); $session = $this->securityContext->getSession(); $data = (array) $session->get($this->auth->getKey(), NULL); // Save the current URI when it is not the login URI. if ($path !== $loginPath && !array_key_exists(FormAuthenticationProvider::SESSION_URI, $data)) { $data[FormAuthenticationProvider::SESSION_URI] = (string) $request->getUri(); } $session->set($this->auth->getKey(), $data); $response->setStatus(Http::REDIRECT_TEMPORARY); $response->setReason(Http::getReason(Http::REDIRECT_TEMPORARY)); $response->setHeader('Location', $loginUri); }
/** * Evaluate preconditions found in this request based on the given values and create an appropriate * HTTP response if an HTTP/1.1 304 Not Modified response should be sent. * * You can pass an ETag, a modification time or bot of these to the method, every precondition * that is not NULL will be checked. * * @param EntityTag $etag The ETag of the requested resource. * @param \DateTimeInterface $lastModified Date of the last modification of the requested resource. * @return HttpResponse An HTTP 304 response or NULL if the client cache is invalid. */ public function evaluatePreconditions(EntityTag $etag = NULL, \DateTimeInterface $lastModified = NULL) { $response = new HttpResponse(); if ($etag !== NULL) { if ($this->hasHeader('If-None-Match')) { $valid = $this->firstHeader(function (IfNoneMatchHeader $match) use($etag) { return $match->isWildcard() || $match->getEntityTag() == $etag; }); if ($valid) { $response->setStatus(Http::CODE_NOT_MODIFIED); $response->setReason(Http::getReason(Http::CODE_NOT_MODIFIED)); $response->setHeader(new ETagHeader($etag)); } } } if ($lastModified !== NULL) { $unmodified = false; if ($this->hasHeader('If-Modified-Since')) { $unmodified = $this->firstHeader(function (IfModifiedSinceHeader $since) use($lastModified) { return $since->getDate() >= $lastModified; }); } if ($unmodified) { $response->setStatus(Http::CODE_NOT_MODIFIED); $response->setReason(Http::getReason(Http::CODE_NOT_MODIFIED)); $response->setHeader(new LastModifiedHeader($lastModified)); } } return $response->isRedirect() ? $response : NULL; }