ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes
Sabre\HTTP\Auth\Digest Class Reference

HTTP Digest Authentication handler. More...

+ Inheritance diagram for Sabre\HTTP\Auth\Digest:
+ Collaboration diagram for Sabre\HTTP\Auth\Digest:

Public Member Functions

 __construct ($realm='SabreTooth', RequestInterface $request, ResponseInterface $response)
 Initializes the object. More...
 
 init ()
 Gathers all information from the headers. More...
 
 setQOP ($qop)
 Sets the quality of protection value. More...
 
 validateA1 ($A1)
 Validates the user. More...
 
 validatePassword ($password)
 Validates authentication through a password. More...
 
 getUsername ()
 Returns the username for the request. More...
 
 requireLogin ()
 Returns an HTTP 401 header, forcing login. More...
 
 getDigest ()
 This method returns the full digest string. More...
 
- Public Member Functions inherited from Sabre\HTTP\Auth\AbstractAuth
 __construct ($realm='SabreTooth', RequestInterface $request, ResponseInterface $response)
 Creates the object. More...
 
 requireLogin ()
 This method sends the needed HTTP header and statuscode (401) to force the user to login. More...
 
 getRealm ()
 Returns the HTTP realm. More...
 

Data Fields

const QOP_AUTH = 1
 These constants are used in setQOP();. More...
 
const QOP_AUTHINT = 2
 

Protected Member Functions

 validate ()
 Validates the digest challenge. More...
 
 parseDigest ($digest)
 Parses the different pieces of the digest string into an array. More...
 

Protected Attributes

 $nonce
 
 $opaque
 
 $digestParts
 
 $A1
 
 $qop = self::QOP_AUTH
 
- Protected Attributes inherited from Sabre\HTTP\Auth\AbstractAuth
 $realm
 
 $request
 
 $response
 

Detailed Description

HTTP Digest Authentication handler.

Use this class for easy http digest authentication. Instructions:

  1. Create the object
  2. Call the setRealm() method with the realm you plan to use
  3. Call the init method function.
  4. Call the getUserName() function. This function may return null if no authentication information was supplied. Based on the username you should check your internal database for either the associated password, or the so-called A1 hash of the digest.
  5. Call either validatePassword() or validateA1(). This will return true or false.
  6. To make sure an authentication prompt is displayed, call the requireLogin() method.
Copyright
Copyright (C) fruux GmbH (https://fruux.com/)
Author
Evert Pot (http://evertpot.com/) @license http://sabre.io/license/ Modified BSD License

Definition at line 30 of file Digest.php.

Constructor & Destructor Documentation

◆ __construct()

Sabre\HTTP\Auth\Digest::__construct (   $realm = 'SabreTooth',
RequestInterface  $request,
ResponseInterface  $response 
)

Initializes the object.

Reimplemented from Sabre\HTTP\Auth\AbstractAuth.

Definition at line 47 of file Digest.php.

47 {
48
49 $this->nonce = uniqid();
50 $this->opaque = md5($realm);
51 parent::__construct($realm, $request, $response);
52
53 }

References Sabre\HTTP\Auth\AbstractAuth\$realm, Sabre\HTTP\Auth\AbstractAuth\$request, and Sabre\HTTP\Auth\AbstractAuth\$response.

Member Function Documentation

◆ getDigest()

Sabre\HTTP\Auth\Digest::getDigest ( )

This method returns the full digest string.

It should be compatibile with mod_php format and other webservers.

If the header could not be found, null will be returned

Returns
mixed

Definition at line 199 of file Digest.php.

199 {
200
201 return $this->request->getHeader('Authorization');
202
203 }

Referenced by Sabre\HTTP\Auth\Digest\init().

+ Here is the caller graph for this function:

◆ getUsername()

Sabre\HTTP\Auth\Digest::getUsername ( )

Returns the username for the request.

Returns
string

Definition at line 125 of file Digest.php.

125 {
126
127 return $this->digestParts['username'];
128
129 }

◆ init()

Sabre\HTTP\Auth\Digest::init ( )

Gathers all information from the headers.

This method needs to be called prior to anything else.

Returns
void

Definition at line 62 of file Digest.php.

62 {
63
64 $digest = $this->getDigest();
65 $this->digestParts = $this->parseDigest($digest);
66
67 }
Sabre\HTTP\Auth\Digest\parseDigest
parseDigest($digest)
Parses the different pieces of the digest string into an array.
Definition: Digest.php:214
Sabre\HTTP\Auth\Digest\getDigest
getDigest()
This method returns the full digest string.
Definition: Digest.php:199

References Sabre\HTTP\Auth\Digest\getDigest(), and Sabre\HTTP\Auth\Digest\parseDigest().

+ Here is the call graph for this function:

◆ parseDigest()

Sabre\HTTP\Auth\Digest::parseDigest (   $digest)
protected

Parses the different pieces of the digest string into an array.

This method returns false if an incomplete digest was supplied

Parameters
string$digest
Returns
mixed

Definition at line 214 of file Digest.php.

214 {
215
216 // protect against missing data
217 $needed_parts = ['nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1];
218 $data = [];
219
220 preg_match_all('@(\w+)=(?:(?:")([^"]+)"|([^\s,$]+))@', $digest, $matches, PREG_SET_ORDER);
221
222 foreach ($matches as $m) {
223 $data[$m[1]] = $m[2] ? $m[2] : $m[3];
224 unset($needed_parts[$m[1]]);
225 }
226
227 return $needed_parts ? false : $data;
228
229 }
$m
$m
Definition: show_metadata.php:25
$data
$data
Definition: bench.php:6

References $data, and $m.

Referenced by Sabre\HTTP\Auth\Digest\init().

+ Here is the caller graph for this function:

◆ requireLogin()

Sabre\HTTP\Auth\Digest::requireLogin ( )

Returns an HTTP 401 header, forcing login.

This should be called when username and password are incorrect, or not supplied at all

Returns
void

Reimplemented from Sabre\HTTP\Auth\AbstractAuth.

Definition at line 169 of file Digest.php.

169 {
170
171 $qop = '';
172 switch ($this->qop) {
173 case self::QOP_AUTH :
174 $qop = 'auth';
175 break;
176 case self::QOP_AUTHINT :
177 $qop = 'auth-int';
178 break;
179 case self::QOP_AUTH | self::QOP_AUTHINT :
180 $qop = 'auth,auth-int';
181 break;
182 }
183
184 $this->response->addHeader('WWW-Authenticate', 'Digest realm="' . $this->realm . '",qop="' . $qop . '",nonce="' . $this->nonce . '",opaque="' . $this->opaque . '"');
185 $this->response->setStatus(401);
186
187 }
Sabre\HTTP\Auth\Digest\QOP_AUTH
const QOP_AUTH
These constants are used in setQOP();.
Definition: Digest.php:35

References Sabre\HTTP\Auth\Digest\$qop, Sabre\HTTP\Auth\Digest\QOP_AUTH, and Sabre\HTTP\Auth\Digest\QOP_AUTHINT.

◆ setQOP()

Sabre\HTTP\Auth\Digest::setQOP (   $qop)

Sets the quality of protection value.

Possible values are: Sabre\HTTP\DigestAuth::QOP_AUTH Sabre\HTTP\DigestAuth::QOP_AUTHINT

Multiple values can be specified using logical OR.

QOP_AUTHINT ensures integrity of the request body, but this is not supported by most HTTP clients. QOP_AUTHINT also requires the entire request body to be md5'ed, which can put strains on CPU and memory.

Parameters
int$qop
Returns
void

Definition at line 85 of file Digest.php.

85 {
86
87 $this->qop = $qop;
88
89 }

References Sabre\HTTP\Auth\Digest\$qop.

◆ validate()

Sabre\HTTP\Auth\Digest::validate ( )
protected

Validates the digest challenge.

Returns
bool

Definition at line 136 of file Digest.php.

136 {
137
138 $A2 = $this->request->getMethod() . ':' . $this->digestParts['uri'];
139
140 if ($this->digestParts['qop'] == 'auth-int') {
141 // Making sure we support this qop value
142 if (!($this->qop & self::QOP_AUTHINT)) return false;
143 // We need to add an md5 of the entire request body to the A2 part of the hash
144 $body = $this->request->getBody($asString = true);
145 $this->request->setBody($body);
146 $A2 .= ':' . md5($body);
147 } else {
148
149 // We need to make sure we support this qop value
150 if (!($this->qop & self::QOP_AUTH)) return false;
151 }
152
153 $A2 = md5($A2);
154
155 $validResponse = md5("{$this->A1}:{$this->digestParts['nonce']}:{$this->digestParts['nc']}:{$this->digestParts['cnonce']}:{$this->digestParts['qop']}:{$A2}");
156
157 return $this->digestParts['response'] == $validResponse;
158
159
160 }

Referenced by Sabre\HTTP\Auth\Digest\validateA1(), and Sabre\HTTP\Auth\Digest\validatePassword().

+ Here is the caller graph for this function:

◆ validateA1()

Sabre\HTTP\Auth\Digest::validateA1 (   $A1)

Validates the user.

The A1 parameter should be md5($username . ':' . $realm . ':' . $password);

Parameters
string$A1
Returns
bool

Definition at line 99 of file Digest.php.

99 {
100
101 $this->A1 = $A1;
102 return $this->validate();
103
104 }
Sabre\HTTP\Auth\Digest\validate
validate()
Validates the digest challenge.
Definition: Digest.php:136

References Sabre\HTTP\Auth\Digest\$A1, and Sabre\HTTP\Auth\Digest\validate().

+ Here is the call graph for this function:

◆ validatePassword()

Sabre\HTTP\Auth\Digest::validatePassword (   $password)

Validates authentication through a password.

The actual password must be provided here. It is strongly recommended not store the password in plain-text and use validateA1 instead.

Parameters
string$password
Returns
bool

Definition at line 113 of file Digest.php.

113 {
114
115 $this->A1 = md5($this->digestParts['username'] . ':' . $this->realm . ':' . $password);
116 return $this->validate();
117
118 }
$password
$password
Definition: cron.php:14

References $password, and Sabre\HTTP\Auth\Digest\validate().

+ Here is the call graph for this function:

Field Documentation

◆ $A1

Sabre\HTTP\Auth\Digest::$A1
protected

Definition at line 41 of file Digest.php.

Referenced by Sabre\HTTP\Auth\Digest\validateA1().

◆ $digestParts

Sabre\HTTP\Auth\Digest::$digestParts
protected

Definition at line 40 of file Digest.php.

◆ $nonce

Sabre\HTTP\Auth\Digest::$nonce
protected

Definition at line 38 of file Digest.php.

◆ $opaque

Sabre\HTTP\Auth\Digest::$opaque
protected

Definition at line 39 of file Digest.php.

◆ $qop

Sabre\HTTP\Auth\Digest::$qop = self::QOP_AUTH
protected

Definition at line 42 of file Digest.php.

Referenced by Sabre\HTTP\Auth\Digest\requireLogin(), and Sabre\HTTP\Auth\Digest\setQOP().

◆ QOP_AUTH

const Sabre\HTTP\Auth\Digest::QOP_AUTH = 1

These constants are used in setQOP();.

Definition at line 35 of file Digest.php.

Referenced by Sabre\HTTP\Auth\DigestTest\getServerTokens(), Sabre\HTTP\Auth\Digest\requireLogin(), and Sabre\HTTP\Auth\DigestTest\testDigestAuthBoth().

◆ QOP_AUTHINT

const Sabre\HTTP\Auth\Digest::QOP_AUTHINT = 2

Definition at line 36 of file Digest.php.

Referenced by Sabre\HTTP\Auth\DigestTest\getServerTokens(), Sabre\HTTP\Auth\Digest\requireLogin(), Sabre\HTTP\Auth\DigestTest\testDigestAuthBoth(), and Sabre\HTTP\Auth\DigestTest\testDigestAuthInt().

The documentation for this class was generated from the following file: