df/d42/Digest_8php_source.html

<?php


namespace Sabre\HTTP\Auth;


use Sabre\HTTP\RequestInterface;

use Sabre\HTTP\ResponseInterface;


class Digest extends AbstractAuth {


    const QOP_AUTH = 1;

    const QOP_AUTHINT = 2;


    protected $nonce;

    protected $opaque;

    protected $digestParts;

    protected $A1;

    protected $qop = self::QOP_AUTH;


    function __construct($realm = 'SabreTooth', RequestInterface $request, ResponseInterface $response) {


        $this->nonce = uniqid();

        $this->opaque = md5($realm);

        parent::__construct($realm, $request, $response);


    }


    function init() {


        $digest = $this->getDigest();

        $this->digestParts = $this->parseDigest($digest);


    }


    function setQOP($qop) {


        $this->qop = $qop;


    }


    function validateA1($A1) {


        $this->A1 = $A1;

        return $this->validate();


    }


    function validatePassword($password) {


        $this->A1 = md5($this->digestParts['username'] . ':' . $this->realm . ':' . $password);

        return $this->validate();


    }


    function getUsername() {


        return $this->digestParts['username'];


    }


    protected function validate() {


        $A2 = $this->request->getMethod() . ':' . $this->digestParts['uri'];


        if ($this->digestParts['qop'] == 'auth-int') {

            // Making sure we support this qop value

            if (!($this->qop & self::QOP_AUTHINT)) return false;

            // We need to add an md5 of the entire request body to the A2 part of the hash

            $body = $this->request->getBody($asString = true);

            $this->request->setBody($body);

            $A2 .= ':' . md5($body);

        } else {


            // We need to make sure we support this qop value

            if (!($this->qop & self::QOP_AUTH)) return false;

        }


        $A2 = md5($A2);


        $validResponse = md5("{$this->A1}:{$this->digestParts['nonce']}:{$this->digestParts['nc']}:{$this->digestParts['cnonce']}:{$this->digestParts['qop']}:{$A2}");


        return $this->digestParts['response'] == $validResponse;


    }


    function requireLogin() {


        $qop = '';

        switch ($this->qop) {

            case self::QOP_AUTH    :

                $qop = 'auth';

                break;

            case self::QOP_AUTHINT :

                $qop = 'auth-int';

                break;

            case self::QOP_AUTH | self::QOP_AUTHINT :

                $qop = 'auth,auth-int';

                break;

        }


        $this->response->addHeader('WWW-Authenticate', 'Digest realm="' . $this->realm . '",qop="' . $qop . '",nonce="' . $this->nonce . '",opaque="' . $this->opaque . '"');

        $this->response->setStatus(401);


    }


    function getDigest() {


        return $this->request->getHeader('Authorization');


    }


    protected function parseDigest($digest) {


        // protect against missing data

        $needed_parts = ['nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1];

        $data = [];


        preg_match_all('@(\w+)=(?:(?:")([^"]+)"|([^\s,$]+))@', $digest, $matches, PREG_SET_ORDER);


        foreach ($matches as $m) {

            $data[$m[1]] = $m[2] ? $m[2] : $m[3];

            unset($needed_parts[$m[1]]);

        }


        return $needed_parts ? false : $data;


    }


}

php
An exception for terminatinating execution or to throw for unit testing.

Sabre\HTTP\Auth\AbstractAuth
HTTP Authentication base class.
Definition: AbstractAuth.php:17

Sabre\HTTP\Auth\AbstractAuth\$response
$response
Definition: AbstractAuth.php:38

Sabre\HTTP\Auth\AbstractAuth\$realm
$realm
Definition: AbstractAuth.php:24

Sabre\HTTP\Auth\AbstractAuth\$request
$request
Definition: AbstractAuth.php:31

Sabre\HTTP\Auth\Digest
HTTP Digest Authentication handler.
Definition: Digest.php:30

Sabre\HTTP\Auth\Digest\parseDigest
parseDigest($digest)
Parses the different pieces of the digest string into an array.
Definition: Digest.php:214

Sabre\HTTP\Auth\Digest\setQOP
setQOP($qop)
Sets the quality of protection value.
Definition: Digest.php:85

Sabre\HTTP\Auth\Digest\validate
validate()
Validates the digest challenge.
Definition: Digest.php:136

Sabre\HTTP\Auth\Digest\$qop
$qop
Definition: Digest.php:42

Sabre\HTTP\Auth\Digest\validatePassword
validatePassword($password)
Validates authentication through a password.
Definition: Digest.php:113

Sabre\HTTP\Auth\Digest\validateA1
validateA1($A1)
Validates the user.
Definition: Digest.php:99

Sabre\HTTP\Auth\Digest\$nonce
$nonce
Definition: Digest.php:38

Sabre\HTTP\Auth\Digest\getUsername
getUsername()
Returns the username for the request.
Definition: Digest.php:125

Sabre\HTTP\Auth\Digest\init
init()
Gathers all information from the headers.
Definition: Digest.php:62

Sabre\HTTP\Auth\Digest\QOP_AUTHINT
const QOP_AUTHINT
Definition: Digest.php:36

Sabre\HTTP\Auth\Digest\$opaque
$opaque
Definition: Digest.php:39

Sabre\HTTP\Auth\Digest\$digestParts
$digestParts
Definition: Digest.php:40

Sabre\HTTP\Auth\Digest\$A1
$A1
Definition: Digest.php:41

Sabre\HTTP\Auth\Digest\requireLogin
requireLogin()
Returns an HTTP 401 header, forcing login.
Definition: Digest.php:169

Sabre\HTTP\Auth\Digest\getDigest
getDigest()
This method returns the full digest string.
Definition: Digest.php:199

Sabre\HTTP\Auth\Digest\__construct
__construct($realm='SabreTooth', RequestInterface $request, ResponseInterface $response)
Initializes the object.
Definition: Digest.php:47

Sabre\HTTP\Auth\Digest\QOP_AUTH
const QOP_AUTH
These constants are used in setQOP();.
Definition: Digest.php:35

$password
$password
Definition: cron.php:14

Sabre\HTTP\RequestInterface
The RequestInterface represents a HTTP request.
Definition: RequestInterface.php:12

Sabre\HTTP\ResponseInterface
This interface represents a HTTP response.
Definition: ResponseInterface.php:12

Sabre\HTTP\Auth
Definition: AbstractAuth.php:3

$m
$m
Definition: show_metadata.php:25

$data
$data
Definition: bench.php:6