Sabre\HTTP\Auth\Digest Class Reference

HTTP Digest Authentication handler. More...

Inheritance diagram for Sabre\HTTP\Auth\Digest:

Collaboration diagram for Sabre\HTTP\Auth\Digest:

Public Member Functions
	__construct ($realm='SabreTooth', RequestInterface $request, ResponseInterface $response)
	Initializes the object. More...
	init ()
	Gathers all information from the headers. More...
	setQOP ($qop)
	Sets the quality of protection value. More...
	validateA1 ($A1)
	Validates the user. More...
	validatePassword ($password)
	Validates authentication through a password. More...
	getUsername ()
	Returns the username for the request. More...
	requireLogin ()
	Returns an HTTP 401 header, forcing login. More...
	getDigest ()
	This method returns the full digest string. More...
Public Member Functions inherited from Sabre\HTTP\Auth\AbstractAuth
	__construct ($realm='SabreTooth', RequestInterface $request, ResponseInterface $response)
	Creates the object. More...
	requireLogin ()
	This method sends the needed HTTP header and statuscode (401) to force the user to login. More...
	getRealm ()
	Returns the HTTP realm. More...

Data Fields
const	QOP_AUTH = 1
	These constants are used in setQOP();. More...
const	QOP_AUTHINT = 2

Protected Member Functions
	validate ()
	Validates the digest challenge. More...
	parseDigest ($digest)
	Parses the different pieces of the digest string into an array. More...

Protected Attributes
	$nonce
	$opaque
	$digestParts
	$A1
	$qop = self::QOP_AUTH
Protected Attributes inherited from Sabre\HTTP\Auth\AbstractAuth
	$realm
	$request
	$response

Detailed Description

HTTP Digest Authentication handler.

Use this class for easy http digest authentication. Instructions:

1. Create the object
2. Call the setRealm() method with the realm you plan to use
3. Call the init method function.
4. Call the getUserName() function. This function may return null if no authentication information was supplied. Based on the username you should check your internal database for either the associated password, or the so-called A1 hash of the digest.
5. Call either validatePassword() or validateA1(). This will return true or false.
6. To make sure an authentication prompt is displayed, call the requireLogin() method.

Copyright

Copyright (C) fruux GmbH (https://fruux.com/)

Author

Evert Pot (http://evertpot.com/) http://sabre.io/license/ Modified BSD License

Definition at line 30 of file Digest.php.

Constructor & Destructor Documentation

__construct()

Sabre\HTTP\Auth\Digest::__construct	(		$realm = 'SabreTooth',
		RequestInterface	$request,
		ResponseInterface	$response
	)

Initializes the object.

Definition at line 47 of file Digest.php.

References Sabre\HTTP\Auth\AbstractAuth\$realm.

                                                                                                        {

        $this->nonce = uniqid();
        $this->opaque = md5($realm);
        parent::__construct($realm, $request, $response);

    }

Member Function Documentation

getDigest()

Sabre\HTTP\Auth\Digest::getDigest

(

)

This method returns the full digest string.

It should be compatibile with mod_php format and other webservers.

If the header could not be found, null will be returned

Returns

mixed

Definition at line 199 of file Digest.php.

Referenced by Sabre\HTTP\Auth\Digest\init().

                         {

        return $this->request->getHeader('Authorization');

    }

Here is the caller graph for this function:

getUsername()

Sabre\HTTP\Auth\Digest::getUsername

(

)

Returns the username for the request.

Returns

string

Definition at line 125 of file Digest.php.

                           {

        return $this->digestParts['username'];

    }

init()

Sabre\HTTP\Auth\Digest::init

(

)

Gathers all information from the headers.

This method needs to be called prior to anything else.

Returns

void

Definition at line 62 of file Digest.php.

References Sabre\HTTP\Auth\Digest\getDigest(), and Sabre\HTTP\Auth\Digest\parseDigest().

                    {

        $digest = $this->getDigest();
        $this->digestParts = $this->parseDigest($digest);

    }

Here is the call graph for this function:

parseDigest()

Sabre\HTTP\Auth\Digest::parseDigest (   $digest )

protected

Parses the different pieces of the digest string into an array.

This method returns false if an incomplete digest was supplied

Parameters

string

$digest

Returns

mixed

Definition at line 214 of file Digest.php.

References $data, and $m.

Referenced by Sabre\HTTP\Auth\Digest\init().

                                            {

        // protect against missing data
        $needed_parts = ['nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1];
        $data = [];

        preg_match_all('@(\w+)=(?:(?:")([^"]+)"|([^\s,$]+))@', $digest, $matches, PREG_SET_ORDER);

        foreach ($matches as $m) {
            $data[$m[1]] = $m[2] ? $m[2] : $m[3];
            unset($needed_parts[$m[1]]);
        }

        return $needed_parts ? false : $data;

    }

Here is the caller graph for this function:

requireLogin()

Sabre\HTTP\Auth\Digest::requireLogin

(

)

Returns an HTTP 401 header, forcing login.

This should be called when username and password are incorrect, or not supplied at all

Returns

void

Definition at line 169 of file Digest.php.

References Sabre\HTTP\Auth\Digest\$qop.

                            {

        $qop = '';
        switch ($this->qop) {
            case self::QOP_AUTH    :
                $qop = 'auth';
                break;
            case self::QOP_AUTHINT :
                $qop = 'auth-int';
                break;
            case self::QOP_AUTH | self::QOP_AUTHINT :
                $qop = 'auth,auth-int';
                break;
        }

        $this->response->addHeader('WWW-Authenticate', 'Digest realm="' . $this->realm . '",qop="' . $qop . '",nonce="' . $this->nonce . '",opaque="' . $this->opaque . '"');
        $this->response->setStatus(401);

    }

setQOP()

Sabre\HTTP\Auth\Digest::setQOP

(

$qop

)

Sets the quality of protection value.

Possible values are: Sabre::QOP_AUTH Sabre::QOP_AUTHINT

Multiple values can be specified using logical OR.

QOP_AUTHINT ensures integrity of the request body, but this is not supported by most HTTP clients. QOP_AUTHINT also requires the entire request body to be md5'ed, which can put strains on CPU and memory.

Parameters

int

$qop

Returns

void

Definition at line 85 of file Digest.php.

References Sabre\HTTP\Auth\Digest\$qop.

                          {

        $this->qop = $qop;

    }

validate()

Sabre\HTTP\Auth\Digest::validate ( )

protected

Validates the digest challenge.

Returns

bool

Definition at line 136 of file Digest.php.

Referenced by Sabre\HTTP\Auth\Digest\validateA1(), and Sabre\HTTP\Auth\Digest\validatePassword().

                                  {

        $A2 = $this->request->getMethod() . ':' . $this->digestParts['uri'];

        if ($this->digestParts['qop'] == 'auth-int') {
            // Making sure we support this qop value
            if (!($this->qop & self::QOP_AUTHINT)) return false;
            // We need to add an md5 of the entire request body to the A2 part of the hash
            $body = $this->request->getBody($asString = true);
            $this->request->setBody($body);
            $A2 .= ':' . md5($body);
        } else {

            // We need to make sure we support this qop value
            if (!($this->qop & self::QOP_AUTH)) return false;
        }

        $A2 = md5($A2);

        $validResponse = md5("{$this->A1}:{$this->digestParts['nonce']}:{$this->digestParts['nc']}:{$this->digestParts['cnonce']}:{$this->digestParts['qop']}:{$A2}");

        return $this->digestParts['response'] == $validResponse;


    }

Here is the caller graph for this function:

validateA1()

Sabre\HTTP\Auth\Digest::validateA1

(

$A1

)

Validates the user.

The A1 parameter should be md5($username . ':' . $realm . ':' . $password);

Parameters

string

$A1

Returns

bool

Definition at line 99 of file Digest.php.

References Sabre\HTTP\Auth\Digest\$A1, and Sabre\HTTP\Auth\Digest\validate().

                             {

        $this->A1 = $A1;
        return $this->validate();

    }

Here is the call graph for this function:

validatePassword()

Sabre\HTTP\Auth\Digest::validatePassword

(

$password

)

Validates authentication through a password.

The actual password must be provided here. It is strongly recommended not store the password in plain-text and use validateA1 instead.

Parameters

string

$password

Returns

bool

Definition at line 113 of file Digest.php.

References $password, and Sabre\HTTP\Auth\Digest\validate().

                                         {

        $this->A1 = md5($this->digestParts['username'] . ':' . $this->realm . ':' . $password);
        return $this->validate();

    }

Here is the call graph for this function:

Field Documentation

$A1

Sabre\HTTP\Auth\Digest::$A1

protected

Definition at line 41 of file Digest.php.

Referenced by Sabre\HTTP\Auth\Digest\validateA1().

$digestParts

Sabre\HTTP\Auth\Digest::$digestParts

protected

Definition at line 40 of file Digest.php.

$nonce

Sabre\HTTP\Auth\Digest::$nonce

protected

Definition at line 38 of file Digest.php.

$opaque

Sabre\HTTP\Auth\Digest::$opaque

protected

Definition at line 39 of file Digest.php.

$qop

Sabre\HTTP\Auth\Digest::$qop = self::QOP_AUTH

protected

Definition at line 42 of file Digest.php.

Referenced by Sabre\HTTP\Auth\Digest\requireLogin(), and Sabre\HTTP\Auth\Digest\setQOP().

QOP_AUTH

const Sabre\HTTP\Auth\Digest::QOP_AUTH = 1

These constants are used in setQOP();.

Definition at line 35 of file Digest.php.

Referenced by Sabre\HTTP\Auth\DigestTest\getServerTokens(), and Sabre\HTTP\Auth\DigestTest\testDigestAuthBoth().

QOP_AUTHINT

const Sabre\HTTP\Auth\Digest::QOP_AUTHINT = 2

Definition at line 36 of file Digest.php.

Referenced by Sabre\HTTP\Auth\DigestTest\getServerTokens(), Sabre\HTTP\Auth\DigestTest\testDigestAuthBoth(), and Sabre\HTTP\Auth\DigestTest\testDigestAuthInt().

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/sabre/http/lib/Auth/Digest.php