/** * Convert a Zend\Http\Response in a PSR-7 response, using zend-diactoros * * @param ZendRequest $zendRequest * @return ServerRequest */ public static function fromZend(ZendRequest $zendRequest) { $body = new Stream('php://memory', 'wb+'); $body->write($zendRequest->getContent()); $headers = empty($zendRequest->getHeaders()) ? [] : $zendRequest->getHeaders()->toArray(); $query = empty($zendRequest->getQuery()) ? [] : $zendRequest->getQuery()->toArray(); $post = empty($zendRequest->getPost()) ? [] : $zendRequest->getPost()->toArray(); $files = empty($zendRequest->getFiles()) ? [] : $zendRequest->getFiles()->toArray(); $request = new ServerRequest([], self::convertFilesToUploaded($files), $zendRequest->getUriString(), $zendRequest->getMethod(), $body, $headers); $request = $request->withQueryParams($query); return $request->withParsedBody($post); }
/** * Prepares the REST Request object with values appropriate for a sub-resource request. * * @param \BedRest\Rest\Request\Request $restRequest * @param \Zend\Http\Request $httpRequest * @param \Zend\Mvc\Router\RouteMatch $routeMatch */ protected function prepareSubResource(RestRequest $restRequest, HttpRequest $httpRequest, RouteMatch $routeMatch) { $id = $routeMatch->getParam('id', null); $restRequest->setParameter('identifier', $id); $resourceName = $routeMatch->getParam('__CONTROLLER__'); $subResourceName = $routeMatch->getParam('subresource', null); $restRequest->setResource($resourceName . '/' . $subResourceName); $subId = $routeMatch->getParam('subresource_id', null); if (!empty($subId)) { $restRequest->setParameter('subresource_identifier', $subId); } $method = strtoupper($httpRequest->getMethod()); if (!empty($method)) { if (empty($subId) && $method !== RestRequestType::METHOD_POST) { $method .= '_COLLECTION'; } $restRequest->setMethod(constant('BedRest\\Rest\\Request\\Type::METHOD_' . $method)); } }
public function testRequestCanAlwaysForcesUppecaseMethodName() { $request = new Request(); $request->setMethod('get'); $this->assertEquals('GET', $request->getMethod()); }
/** * Digest Authentication * * @param string $header Client's Authorization header * @throws Zend\Authentication\Adapter\Exception\UnexpectedValueException * @return Zend\Authentication\Result Valid auth result only on successful auth */ protected function _digestAuth($header) { if (empty($header)) { throw new Exception\RuntimeException('The value of the client Authorization header is required'); } if (empty($this->_digestResolver)) { throw new Exception\RuntimeException('A digestResolver object must be set before doing Digest authentication'); } $data = $this->_parseDigestAuth($header); if ($data === false) { $this->_response->setStatusCode(400); return new Authentication\Result( Authentication\Result::FAILURE_UNCATEGORIZED, array(), array('Invalid Authorization header format') ); } // See ZF-1052. This code was a bit too unforgiving of invalid // usernames. Now, if the username is bad, we re-challenge the client. if ('::invalid::' == $data['username']) { return $this->_challengeClient(); } // Verify that the client sent back the same nonce if ($this->_calcNonce() != $data['nonce']) { return $this->_challengeClient(); } // The opaque value is also required to match, but of course IE doesn't // play ball. if (!$this->_ieNoOpaque && $this->_calcOpaque() != $data['opaque']) { return $this->_challengeClient(); } // Look up the user's password hash. If not found, deny access. // This makes no assumptions about how the password hash was // constructed beyond that it must have been built in such a way as // to be recreatable with the current settings of this object. $ha1 = $this->_digestResolver->resolve($data['username'], $data['realm']); if ($ha1 === false) { return $this->_challengeClient(); } // If MD5-sess is used, a1 value is made of the user's password // hash with the server and client nonce appended, separated by // colons. if ($this->_algo == 'MD5-sess') { $ha1 = hash('md5', $ha1 . ':' . $data['nonce'] . ':' . $data['cnonce']); } // Calculate h(a2). The value of this hash depends on the qop // option selected by the client and the supported hash functions switch ($data['qop']) { case 'auth': $a2 = $this->_request->getMethod() . ':' . $data['uri']; break; case 'auth-int': // Should be REQUEST_METHOD . ':' . uri . ':' . hash(entity-body), // but this isn't supported yet, so fall through to default case default: throw new Exception\RuntimeException('Client requested an unsupported qop option'); } // Using hash() should make parameterizing the hash algorithm // easier $ha2 = hash('md5', $a2); // Calculate the server's version of the request-digest. This must // match $data['response']. See RFC 2617, section 3.2.2.1 $message = $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $ha2; $digest = hash('md5', $ha1 . ':' . $message); // If our digest matches the client's let them in, otherwise return // a 401 code and exit to prevent access to the protected resource. if ($digest == $data['response']) { $identity = array('username'=>$data['username'], 'realm'=>$data['realm']); return new Authentication\Result(Authentication\Result::SUCCESS, $identity); } else { return $this->_challengeClient(); } }
/** * Map the authentication adapter to a module * Since Apigility 1.1 * * @param Request $request * @return ViewModel|ApiProblemResponse */ protected function mappingAuthentication(Request $request) { $module = $this->params('name', false); $version = $this->params()->fromQuery('version', false); switch ($request->getMethod()) { case $request::METHOD_GET: return $this->createAuthenticationMapResult($this->model->getAuthenticationMap($module, $version)); case $request::METHOD_PUT: return $this->updateAuthenticationMap($this->bodyParams(), $module, $version); case $request::METHOD_DELETE: return $this->removeAuthenticationMap($module, $version); default: $response = new ApiProblemResponse(new ApiProblem(405, 'Only the methods GET, PUT, DELETE are allowed for this URI')); $response->getHeaders()->addHeaderLine('Allow', 'GET, PUT, DELETE'); return $response; } }
public function testRequestCanSetAndRetrieveValidMethod() { $request = new Request(); $request->setMethod('POST'); $this->assertEquals('POST', $request->getMethod()); }
/** * Returns true, if the request is a POST request. * * @return boolean */ public function isPostRequest() { return \Zend\Http\Request::METHOD_POST == $this->httpRequest->getMethod(); }
/** * @param Request $request * @param User $apiClient * @param string $timestamp * @return string */ private function createHmac(Request $request, User $apiClient, $timestamp) { $method = $request->getMethod(); $uri = $request->getUri()->getPath(); $query = $request->getQuery(); $query->offsetUnset('q'); $query->toString(); // Remove internal routing parameter if (isset($query['q'])) { unset($query['q']); } //$key = $apiClient->getUsername(); $key = 'testuser'; // Debug $input = trim(join(' ', [$timestamp, $method, $uri, $query->toString()])); return hash_hmac('sha256', $input, $key, false); }
private function buildRequest(HttpRequest $httpRequest) { $headers = $httpRequest->getHeaders(); // Marshal content type, so we can seed it into the $_SERVER array $contentType = $headers->has('Content-Type') ? $headers->get('Content-Type')->getFieldValue() : ''; // Get $_SERVER superglobal $server = []; if ($httpRequest instanceof PhpEnvironmentRequest) { $server = $httpRequest->getServer()->toArray(); } elseif (!empty($_SERVER)) { $server = $_SERVER; } $server['REQUEST_METHOD'] = $httpRequest->getMethod(); // Seed headers with HTTP auth information $headers = $headers->toArray(); if (isset($server['PHP_AUTH_USER'])) { $headers['PHP_AUTH_USER'] = $server['PHP_AUTH_USER']; } if (isset($server['PHP_AUTH_PW'])) { $headers['PHP_AUTH_PW'] = $server['PHP_AUTH_PW']; } $bodyParams = $this->getBodyParams($httpRequest); return new OAuthRequest($httpRequest->getQuery()->toArray(), $bodyParams, [], [], [], $server, $httpRequest->getContent(), $headers); }
/** * @param HttpRequest $request * @return boolean */ public function isHttpRequestMethodEnabled(HttpRequest $request) { $methods = $this->getMethods(); $isMethodEnabled = count($methods) === 0 || in_array(strtoupper($request->getMethod()), $methods); return $isMethodEnabled; }