/** * Authenticates the user based on the current request. * * If authentication is successful, true must be returned. * If authentication fails, an exception must be thrown. * * @param DAV\Server $server * @param string $realm * @throws DAV\Exception\NotAuthenticated * @return bool */ function authenticate(DAV\Server $server, $realm) { $auth = new HTTP\Auth\Basic($realm, $server->httpRequest, $server->httpResponse); $userpass = $auth->getCredentials($server->httpRequest); if (!$userpass) { $auth->requireLogin(); throw new DAV\Exception\NotAuthenticated('No basic authentication headers were found'); } // Authenticates the user if (!$this->validateUserPass($userpass[0], $userpass[1])) { $auth->requireLogin(); throw new DAV\Exception\NotAuthenticated('Username or password does not match'); } $this->currentUser = $userpass[0]; return true; }
function testRequireLogin() { $response = new Response(); $basic = new Basic('Dagger', new Request(), $response); $basic->requireLogin(); $this->assertEquals('Basic realm="Dagger"', $response->getHeader('WWW-Authenticate')); $this->assertEquals(401, $response->getStatus()); }
* @copyright Copyright (C) 2009-2015 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://sabre.io/license/ Modified BSD License */ $userList = ["user1" => "password", "user2" => "password"]; use Sabre\HTTP\Sapi; use Sabre\HTTP\Response; use Sabre\HTTP\Auth; // Find the autoloader $paths = [__DIR__ . '/../vendor/autoload.php', __DIR__ . '/../../../autoload.php', __DIR__ . '/vendor/autoload.php']; foreach ($paths as $path) { if (file_exists($path)) { include $path; break; } } $request = Sapi::getRequest(); $response = new Response(); $basicAuth = new Auth\Basic("Locked down area", $request, $response); if (!($userPass = $basicAuth->getCredentials())) { // No username or password given $basicAuth->requireLogin(); } elseif (!isset($userList[$userPass[0]]) || $userList[$userPass[0]] !== $userPass[1]) { // Username or password are incorrect $basicAuth->requireLogin(); } else { // Success ! $response->setBody('You are logged in!'); } // Sending the response Sapi::sendResponse($response);
/** * This method is called when a user could not be authenticated, and * authentication was required for the current request. * * This gives you the opportunity to set authentication headers. The 401 * status code will already be set. * * In this case of Basic Auth, this would for example mean that the * following header needs to be set: * * $response->addHeader('WWW-Authenticate', 'Basic realm=SabreDAV'); * * Keep in mind that in the case of multiple authentication backends, other * WWW-Authenticate headers may already have been set, and you'll want to * append your own WWW-Authenticate header instead of overwriting the * existing one. * * @param RequestInterface $request * @param ResponseInterface $response * @return void */ function challenge(RequestInterface $request, ResponseInterface $response) { $auth = new HTTP\Auth\Basic($this->realm, $request, $response); $auth->requireLogin(); }