/** * Perform pre-flight authentication operations. * * If invoked, issues a client challenge. * * @param Request $request * @param Response $response */ public function preAuth(Request $request, Response $response) { $this->httpAuth->setRequest($request); $this->httpAuth->setResponse($response); $this->httpAuth->challengeClient(); }
/** * Listen to the authentication event * * @param MvcAuthEvent $mvcAuthEvent * @return mixed */ public function __invoke(MvcAuthEvent $mvcAuthEvent) { $mvcEvent = $mvcAuthEvent->getMvcEvent(); $request = $mvcEvent->getRequest(); $response = $mvcEvent->getResponse(); if (!$request instanceof HttpRequest || $request->isOptions()) { return; } $type = false; if ($this->httpAdapter instanceof HttpAuth) { $this->httpAdapter->setRequest($request); $this->httpAdapter->setResponse($response); } $authHeader = $request->getHeader('Authorization'); if ($authHeader) { $headerContent = trim($authHeader->getFieldValue()); // we only support headers in the format: Authorization: xxx yyyyy if (strpos($headerContent, ' ') === false) { $identity = new Identity\GuestIdentity(); $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity); return $identity; } list($type, $credential) = preg_split('# #', $headerContent, 2); } if (!$type && !in_array($request->getMethod(), $this->requestsWithoutBodies) && $request->getHeaders()->has('Content-Type') && $request->getHeaders()->get('Content-Type')->match('application/x-www-form-urlencoded') && $request->getPost('access_token')) { $type = 'oauth2'; } if (!$type && null !== $request->getQuery('access_token')) { $type = 'oauth2'; } if (!$type) { if ($this->httpAdapter instanceof HttpAuth) { $this->httpAdapter->challengeClient(); } $identity = new Identity\GuestIdentity(); $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity); return $identity; } switch (strtolower($type)) { case 'basic': case 'digest': if (!$this->httpAdapter instanceof HttpAuth) { $identity = new Identity\GuestIdentity(); $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity); return $identity; } $auth = $mvcAuthEvent->getAuthenticationService(); $result = $auth->authenticate($this->httpAdapter); $mvcAuthEvent->setAuthenticationResult($result); if ($result->isValid()) { $resultIdentity = $result->getIdentity(); // Pass full discovered identity to AuthenticatedIdentity object $identity = new Identity\AuthenticatedIdentity($resultIdentity); // But determine name separately $name = $resultIdentity; if (is_array($resultIdentity)) { $name = isset($resultIdentity['username']) ? $resultIdentity['username'] : (string) $resultIdentity; } $identity->setName($name); // Set in MvcEvent $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity); return $identity; } $identity = new Identity\GuestIdentity(); $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity); return $identity; case 'oauth2': case 'bearer': if (!$this->oauth2Server instanceof OAuth2Server) { $identity = new Identity\GuestIdentity(); $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity); return $identity; } $content = $request->getContent(); $oauth2request = new OAuth2Request($_GET, $_POST, array(), $_COOKIE, $_FILES, $_SERVER, $content); if ($this->oauth2Server->verifyResourceRequest($oauth2request)) { $token = $this->oauth2Server->getAccessTokenData($oauth2request); $identity = new Identity\AuthenticatedIdentity($token); $identity->setName($token['user_id']); $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity); return $identity; } $identity = new Identity\GuestIdentity(); $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity); return $identity; case 'token': throw new \Exception('zf-mvc-auth has not yet implemented a "token" authentication adapter'); } }