示例#1
0
文件: Auth.php 项目: krekike/sambadav
 public function exec()
 {
     // If ANONYMOUS_ONLY is set to true in the config, don't require credentials;
     // also the 'logout' action makes no sense for an anonymous server:
     if ($this->config->anonymous_only) {
         $this->log->info("anonymous login accepted\n");
         $this->anonymous = true;
         return true;
     }
     $sapi = new HTTP\Sapi();
     $response = new HTTP\Response();
     $request = $sapi->getRequest();
     $auth = new HTTP\Auth\Basic('Web Folders', $request, $response);
     // If no basic auth creds set, but the variables "user" and "pass" were
     // posted to the page (e.g. from a/the login form), substitute those:
     if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW'])) {
         if (isset($_POST) && isset($_POST['user']) && isset($_POST['pass'])) {
             $_SERVER['PHP_AUTH_USER'] = $_POST['user'];
             $_SERVER['PHP_AUTH_PW'] = $_POST['pass'];
             // HACK: dynamically change the request method to GET, because
             // otherwise SambaDAV will throw an exception because there is
             // no POST handler installed. This change causes SabreDAV to
             // process this request just like any other basic auth login:
             $_SERVER['REQUEST_METHOD'] = 'GET';
         }
     }
     list($this->user, $this->pass) = $auth->getCredentials();
     if ($this->user === false || $this->user === '') {
         $this->user = null;
     }
     if ($this->pass === false || $this->pass === '') {
         $this->pass = null;
     }
     if (isset($_GET['logout'])) {
         // If you're tagged with 'logout' but you're not passing a
         // username/pass, redirect to plain index:
         if ($this->user === null || $this->pass === null) {
             header("Location: {$this->baseuri}");
             return false;
         }
         // Otherwise, if you're tagged with 'logout', make sure
         // the authentication is refused, to make the browser
         // flush its cache:
         $this->showLoginForm($auth, $response);
         return false;
     }
     if ($this->checkAuth() === false) {
         sleep(2);
         $this->showLoginForm($auth, $response);
         return false;
     }
     $this->log->info("login accepted for '%s'\n", is_null($this->user) ? '(none)' : $this->user);
     return true;
 }
 /**
  * Authenticates the user based on the current request.
  *
  * If authentication is successful, true must be returned.
  * If authentication fails, an exception must be thrown.
  *
  * @param DAV\Server $server
  * @param string $realm
  * @throws DAV\Exception\NotAuthenticated
  * @return bool
  */
 function authenticate(DAV\Server $server, $realm)
 {
     $auth = new HTTP\Auth\Basic($realm, $server->httpRequest, $server->httpResponse);
     $userpass = $auth->getCredentials($server->httpRequest);
     if (!$userpass) {
         $auth->requireLogin();
         throw new DAV\Exception\NotAuthenticated('No basic authentication headers were found');
     }
     // Authenticates the user
     if (!$this->validateUserPass($userpass[0], $userpass[1])) {
         $auth->requireLogin();
         throw new DAV\Exception\NotAuthenticated('Username or password does not match');
     }
     $this->currentUser = $userpass[0];
     return true;
 }
示例#3
0
 * @copyright Copyright (C) 2009-2015 fruux GmbH (https://fruux.com/).
 * @author Evert Pot (http://evertpot.com/)
 * @license http://sabre.io/license/ Modified BSD License
 */
$userList = ["user1" => "password", "user2" => "password"];
use Sabre\HTTP\Sapi;
use Sabre\HTTP\Response;
use Sabre\HTTP\Auth;
// Find the autoloader
$paths = [__DIR__ . '/../vendor/autoload.php', __DIR__ . '/../../../autoload.php', __DIR__ . '/vendor/autoload.php'];
foreach ($paths as $path) {
    if (file_exists($path)) {
        include $path;
        break;
    }
}
$request = Sapi::getRequest();
$response = new Response();
$basicAuth = new Auth\Basic("Locked down area", $request, $response);
if (!($userPass = $basicAuth->getCredentials())) {
    // No username or password given
    $basicAuth->requireLogin();
} elseif (!isset($userList[$userPass[0]]) || $userList[$userPass[0]] !== $userPass[1]) {
    // Username or password are incorrect
    $basicAuth->requireLogin();
} else {
    // Success !
    $response->setBody('You are logged in!');
}
// Sending the response
Sapi::sendResponse($response);
 /**
  * When this method is called, the backend must check if authentication was
  * successful.
  *
  * The returned value must be one of the following
  *
  * [true, "principals/username"]
  * [false, "reason for failure"]
  *
  * If authentication was successful, it's expected that the authentication
  * backend returns a so-called principal url.
  *
  * Examples of a principal url:
  *
  * principals/admin
  * principals/user1
  * principals/users/joe
  * principals/uid/123457
  *
  * If you don't use WebDAV ACL (RFC3744) we recommend that you simply
  * return a string such as:
  *
  * principals/users/[username]
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return array
  */
 function check(RequestInterface $request, ResponseInterface $response)
 {
     $auth = new HTTP\Auth\Basic($this->realm, $request, $response);
     $userpass = $auth->getCredentials($request);
     if (!$userpass) {
         return [false, "No 'Authorization: Basic' header found. Either the client didn't send one, or the server is mis-configured"];
     }
     if (!$this->validateUserPass($userpass[0], $userpass[1])) {
         return [false, "Username or password was incorrect"];
     }
     return [true, $this->principalPrefix . $userpass[0]];
 }
示例#5
0
 function testGetCredentialsNotBasic()
 {
     $request = new Request('GET', '/', array('Authorization' => 'QBasic ' . base64_encode('user:pass:bla')));
     $basic = new Basic('Dagger', $request, new Response());
     $this->assertNull($basic->getCredentials($request));
 }