Projekt

Obecné

Profil

« Předchozí | Další » 

Revize 2382

Přidáno uživatelem Ondřej Fibich před téměř 10 roky(ů)

Upravy:
- PHP-HTTP-Auth-server 0.1.1

Zobrazit rozdíly:

freenetis/branches/1.2/application/vendors/php-http-auth-server/BasicHttpAuth.php
class BasicHttpAuth extends HttpAuth {
/**
* Creates HTTP auth handler in given realm with account given by passsed
* Creates HTTP auth handler in given realm with account given by passsed
* manager.
*
*
* @param IAccountManager $accountManager Account manager
* @param string $realmName Realm name
* @throws \InvalidArgumentException on empty realm name or account manager
*/
public function __construct(IAccountManager $accountManager, $realmName) {
parent::__construct($accountManager, $realmName);
}
* @param string $realmName Realm name
* @throws \InvalidArgumentException on empty realm name or account manager
*/
public function __construct(IAccountManager $accountManager, $realmName) {
parent::__construct($accountManager, $realmName);
}
/**
* Performs HTTP Basic auth using server PHP_AUTH_USER and PHP_AUTH_PW
* variables.
*
* @return HttpAuthResponse response object
*/
public function auth() {
/**
* Performs HTTP Basic auth using server PHP_AUTH_USER and PHP_AUTH_PW
* variables.
*
* @return HttpAuthResponse response object
*/
public function auth() {
$response = new HttpAuthResponse();
// no login informations send?
if (!isset($_SERVER['PHP_AUTH_USER'])) {
......
$valid_password = $this->accountManager->getUserPassword($username);
// user not exists?
if ($valid_password === FALSE) {
return $response->addError('Wrong Credentials - not found account' . $username);
return $response->addError('Wrong Credentials');
}
// check password
if ($password != $valid_password) {
freenetis/branches/1.2/application/vendors/php-http-auth-server/DigestHttpAuth.php
class DigestHttpAuth extends HttpAuth {
/**
* Creates HTTP auth handler in given realm with account given by passsed
* Creates HTTP auth handler in given realm with account given by passsed
* manager.
*
*
* @param IAccountManager $accountManager Account manager
* @param string $realmName Realm name
* @throws \InvalidArgumentException on empty realm name or account manager
*/
public function __construct(IAccountManager $accountManager, $realmName) {
parent::__construct($accountManager, $realmName);
}
* @param string $realmName Realm name
* @throws \InvalidArgumentException on empty realm name or account manager
*/
public function __construct(IAccountManager $accountManager, $realmName) {
parent::__construct($accountManager, $realmName);
}
/**
* Get nonce - protection again replay attacks.
*
* @return string
*/
protected function generateNonce() {
return uniqid();
}
/**
* Get opaque - server identificator.
*
* @return string
*/
protected function getOpaque() {
return md5($this->realm);
}
/**
* Get nonce - protection again replay attacks.
*
* @return string
*/
protected function generateNonce() {
return uniqid();
}
/**
* Get opaque - server identificator.
*
* @return string
*/
protected function getOpaque() {
return md5($this->realm);
}
/**
* Get digest auth HTTP header from php server variables.
*
* @return string|null header or null
*/
private static function getAuthDigestHeader() {
if (isset($_SERVER['PHP_AUTH_DIGEST'])) {
return $_SERVER['PHP_AUTH_DIGEST'];
} else if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
$httpAuth = $_SERVER['HTTP_AUTHORIZATION'];
if (strncasecmp($httpAuth, 'digest', 6) === 0) {
return substr($httpAuth, 7);
}
}
return NULL;
}
/**
* Performs HTTP Digest auth using server PHP_AUTH_DIGEST and REQUEST_METHOD
* variables.
*
* @return HttpAuthResponse response object
*/
public function auth() {
$httpDigest = self::getAuthDigestHeader();
$requestMethod = $_SERVER['REQUEST_METHOD'];
$response = new HttpAuthResponse();
// no digest header sended
if (empty($httpDigest)) {
$wa = sprintf('Digest realm="%s",qop="auth",nonce="%s",opaque="%s"',
$this->realm, $this->generateNonce(), $this->getOpaque());
return $response->setPassed(FALSE)
->addHeader('WWW-Authenticate', $wa);
}
/**
* Get digest auth HTTP header from php server variables.
*
* @return string|null header or null
*/
private static function getAuthDigestHeader() {
if (isset($_SERVER['PHP_AUTH_DIGEST'])) {
return $_SERVER['PHP_AUTH_DIGEST'];
} else if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
$httpAuth = $_SERVER['HTTP_AUTHORIZATION'];
if (strncasecmp($httpAuth, 'digest', 6) === 0) {
return substr($httpAuth, 7);
}
}
return NULL;
}
/**
* Performs HTTP Digest auth using server PHP_AUTH_DIGEST and REQUEST_METHOD
* variables.
*
* @return HttpAuthResponse response object
*/
public function auth() {
$httpDigest = self::getAuthDigestHeader();
$requestMethod = $_SERVER['REQUEST_METHOD'];
$response = new HttpAuthResponse();
// no digest header sended
if (empty($httpDigest)) {
$wa = sprintf('Digest realm="%s",qop="auth",nonce="%s",opaque="%s"',
$this->realm, $this->generateNonce(), $this->getOpaque());
return $response->setPassed(FALSE)
->addHeader('WWW-Authenticate', $wa);
}
// no request method?
if (empty($requestMethod)) {
return $response->addError('Request method empty');
}
// analyze the PHP_AUTH_DIGEST variable
// analyze the PHP_AUTH_DIGEST variable
try {
$data = self::httpDigestParse($httpDigest);
} catch (\InvalidArgumentException $ex) {
return $response->addError('Invalid HTTP Auth Digest header: '
return $response->addError('Invalid HTTP Auth Digest header: '
. $ex->getMessage());
}
// get user
$userPassword = $this->accountManager->getUserPassword(
}
// get user
$userPassword = $this->accountManager->getUserPassword(
$data['username']);
// user not exists?
if ($userPassword === FALSE) {
return $response->addError('Wrong Credentials');
}
// generate the valid response
$validResponse = $this->calculateValidResponse(
// user not exists?
if ($userPassword === FALSE) {
return $response->addError('Wrong Credentials');
}
// generate the valid response
$validResponse = $this->calculateValidResponse(
$data, $requestMethod, $userPassword);
// check client response
if ($data['response'] != $validResponse) {
// check client response
if ($data['response'] != $validResponse) {
echo $requestMethod . ' ' . $data['response'] . '!=' . $validResponse . "\n";
return $response->addError('Wrong Credentials');
}
// auth success
return $response->setUsername($data['username']);
}
return $response->addError('Wrong Credentials');
}
// auth success
return $response->setUsername($data['username']);
}
/**
* Calculate valid response that should be received from client.
......
* @return string
*/
private function calculateValidResponse($data, $requestMethod, $password) {
$A1 = md5($data['username'] . ':' . $this->realm . ':' . $password);
$A2 = md5($requestMethod . ':' . $data['uri']);
return md5($A1 . ':' . $data['nonce'] . ':' . $data['nc']
. ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2);
$A1 = md5($data['username'] . ':' . $this->realm . ':' . $password);
$A2 = md5($requestMethod . ':' . $data['uri']);
return md5($A1 . ':' . $data['nonce'] . ':' . $data['nc']
. ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2);
}
/**
* Parses HTTP auth header sended by client.
*
* @param string $headerStrValue
* @return array parsed client data asassociative array with key: nonce,
* nc, cnonce, qop, username, uri, response
* @throws \InvalidArgumentException if not all required fields were provided
*/
private static function httpDigestParse($headerStrValue) {
// protect against missing data
$neededParts = array(
'nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1,
'uri' => 1, 'response' => 1
);
$data = array();
$keys = implode('|', array_keys($neededParts));
/**
* Parses HTTP auth header sended by client.
*
* @param string $headerStrValue
* @return array parsed client data asassociative array with key: nonce,
* nc, cnonce, qop, username, uri, response
* @throws \InvalidArgumentException if not all required fields were provided
*/
private static function httpDigestParse($headerStrValue) {
// protect against missing data
$neededParts = array(
'nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1,
'uri' => 1, 'response' => 1
);
$data = array();
$keys = implode('|', array_keys($neededParts));
$matches = array();
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@',
$headerStrValue, $matches, PREG_SET_ORDER);
$matches = array();
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@',
$headerStrValue, $matches, PREG_SET_ORDER);
foreach ($matches as $m) {
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
unset($neededParts[$m[1]]);
}
foreach ($matches as $m) {
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
unset($neededParts[$m[1]]);
}
if ($neededParts) {
$npStr = implode(', ', array_keys($neededParts));
throw new \InvalidArgumentException('Missing fields: ' . $npStr);
}
return $data;
}
if ($neededParts) {
$npStr = implode(', ', array_keys($neededParts));
throw new \InvalidArgumentException('Missing fields: ' . $npStr);
}
return $data;
}
}
freenetis/branches/1.2/application/vendors/php-http-auth-server/HttpAuth.php
/**
* Library version.
*/
const VERSION = '0.1.0';
const VERSION = '0.1.1';
/**
* Available HttpAuth types that implements HttpAuth.
......
return new $class_name($accountManager, $realmName);
}
/**
* Realm name
*
* @var string
*/
protected $realm;
/**
* Realm name
*
* @var string
*/
protected $realm;
/**
* Account manager for getting informations about users.
......
protected $accountManager;
/**
* Creates HTTP auth handler in given realm with account given by passsed
* Creates HTTP auth handler in given realm with account given by passsed
* manager.
*
*
* @param IAccountManager $accountManager Account manager
* @param string $realmName Realm name
* @throws InvalidArgumentException on empty realm name or account manager
*/
public function __construct(IAccountManager $accountManager, $realmName) {
if (empty($realmName)) {
throw new \InvalidArgumentException('empty realm name not allowed');
}
* @param string $realmName Realm name
* @throws InvalidArgumentException on empty realm name or account manager
*/
public function __construct(IAccountManager $accountManager, $realmName) {
if (empty($realmName)) {
throw new \InvalidArgumentException('empty realm name not allowed');
}
if (empty($accountManager)) {
throw new \InvalidArgumentException('empty account manager not allowed');
}
$this->realm = $realmName;
$this->realm = $realmName;
$this->accountManager = $accountManager;
}
}
/**
* Performs HTTP auth using server prefetched data and server values.
*
* @return HttpAuthResponse response object with response for auth
*/
* Performs HTTP auth using server prefetched data and server values.
*
* @return HttpAuthResponse response object with response for auth
*/
public abstract function auth();
}
freenetis/branches/1.2/application/vendors/php-http-auth-server/HttpAuthResponse.php
*/
class HttpAuthResponse {
/**
* User pass HTTP auth? If he does than no errors or headers are returned
/**
* User pass HTTP auth? If he does than no errors or headers are returned
* from their getters.
*
* @var boolean
*/
private $passed = TRUE;
/**
* Username of auth user.
*
* @var string
*/
private $username = NULL;
/**
* List of response headers as asociative array.
*
* @var array
*/
private $headers = array();
/**
* List of response error messages.
*
* @var array
*/
private $errors = array();
/**
* Get user pass HTTP auth flag.
*
* @return boolean
*/
public function isPassed() {
return $this->passed;
}
/**
* Set user pass HTTP auth flag.
*
* @param boolean $passed
* @return HttpAuthResponse chainable reference
*
* @var boolean
*/
private $passed = TRUE;
/**
* Username of auth user.
*
* @var string
*/
private $username = NULL;
/**
* List of response headers as asociative array.
*
* @var array
*/
private $headers = array();
/**
* List of response error messages.
*
* @var array
*/
private $errors = array();
/**
* Get user pass HTTP auth flag.
*
* @return boolean
*/
public function isPassed() {
return $this->passed;
}
/**
* Set user pass HTTP auth flag.
*
* @param boolean $passed
* @return HttpAuthResponse chainable reference
* @throws \InvalidArgumentException if cannot be changed
*/
public function setPassed($passed) {
*/
public function setPassed($passed) {
if (!$this->passed && !empty($this->errors) && $passed) {
throw new \InvalidArgumentException('errors occured');
}
$this->passed = $passed;
return $this;
}
/**
* Gets username of auth user.
*
* @return string
*/
public function getUsername() {
return $this->username;
}
$this->passed = $passed;
return $this;
}
/**
* Gets username of auth user.
*
* @return string
*/
public function getUsername() {
return $this->username;
}
/**
* Sets username of auth user.
*
* @param string $username
* @return HttpAuthResponse chainable reference
*/
public function setUsername($username) {
$this->username = $username;
return $this;
}
/**
* Adds error message and set user pass HTTP digest auth flag to FALSE.
*
* @param string $message error message
* @return HttpAuthResponse chainable reference
*/
public function addError($message) {
$this->errors[] = $message;
$this->passed = FALSE;
return $this;
}
/**
* Add or replace response error header.
*
* @param string $key header key
* @param string $value header value
* @return HttpAuthResponse chainable reference
*/
public function addHeader($key, $value) {
$this->headers[$key] = $value;
return $this;
}
/**
* Gets all error messages if user pass HTTP auth flag is set to FALSE.
*
* @return array|null
*/
public function getErrors() {
if ($this->passed) {
return NULL;
}
return $this->errors;
}
/**
* Gets all HTTP headers.
*
* @return array|null
*/
public function getHeaders() {
return $this->headers;
}
/**
* Sets username of auth user.
*
* @param string $username
* @return HttpAuthResponse chainable reference
*/
public function setUsername($username) {
$this->username = $username;
return $this;
}
/**
* Adds error message and set user pass HTTP digest auth flag to FALSE.
*
* @param string $message error message
* @return HttpAuthResponse chainable reference
*/
public function addError($message) {
$this->errors[] = $message;
$this->passed = FALSE;
return $this;
}
/**
* Add or replace response error header.
*
* @param string $key header key
* @param string $value header value
* @return HttpAuthResponse chainable reference
*/
public function addHeader($key, $value) {
$this->headers[$key] = $value;
return $this;
}
/**
* Gets all error messages if user pass HTTP auth flag is set to FALSE.
*
* @return array|null
*/
public function getErrors() {
if ($this->passed) {
return NULL;
}
return $this->errors;
}
/**
* Gets all HTTP headers.
*
* @return array|null
*/
public function getHeaders() {
return $this->headers;
}
}
freenetis/branches/1.2/application/vendors/php-http-auth-server/IAccountManager.php
* @author Ondřej Fibich
*/
interface IAccountManager {
/**
* Gets password of user with given username.
*
* @return string|boolean user password or its hash or FALSE if no user
* with given username exists or some error occured
*/
public function getUserPassword($username);
/**
* Gets password of user with given username.
*
* @return string|boolean user password or its hash or FALSE if no user
* with given username exists or some error occured
*/
public function getUserPassword($username);
}

Také k dispozici: Unified diff