-
Notifications
You must be signed in to change notification settings - Fork 104
Expand file tree
/
Copy pathHttpBasicAuthenticator.php
More file actions
124 lines (110 loc) · 4.26 KB
/
HttpBasicAuthenticator.php
File metadata and controls
124 lines (110 loc) · 4.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
<?php
declare(strict_types=1);
/**
* CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
* @link https://cakephp.org CakePHP(tm) Project
* @license https://www.opensource.org/licenses/mit-license.php MIT License
*/
namespace Authentication\Authenticator;
use Authentication\Identifier\IdentifierFactory;
use Authentication\Identifier\IdentifierInterface;
use Authentication\Identifier\PasswordIdentifier;
use Psr\Http\Message\ServerRequestInterface;
/**
* HttpBasic Authenticator
*
* Provides Basic HTTP authentication support.
*/
class HttpBasicAuthenticator extends AbstractAuthenticator implements StatelessInterface
{
/**
* Default config for this object.
* - `fields` The fields to use to identify a user by.
* - `skipChallenge` If set to `true` then challenge exception will not be
* generated in case of authentication failure. Defaults to `false`.
*
* @var array<string, mixed>
*/
protected array $_defaultConfig = [
'fields' => [
PasswordIdentifier::CREDENTIAL_USERNAME => 'username',
PasswordIdentifier::CREDENTIAL_PASSWORD => 'password',
],
'skipChallenge' => false,
];
/**
* Gets the identifier, loading a default Password identifier if none configured.
*
* This is done lazily to allow configuration to be fully set before creating the identifier.
*
* @return \Authentication\Identifier\IdentifierInterface
*/
public function getIdentifier(): IdentifierInterface
{
if (!$this->_identifier instanceof IdentifierInterface) {
$identifierConfig = [];
if ($this->getConfig('fields')) {
$identifierConfig['fields'] = $this->getConfig('fields');
}
$this->_identifier = IdentifierFactory::create('Authentication.Password', $identifierConfig);
}
return $this->_identifier;
}
/**
* Authenticate a user using HTTP auth. Will use the configured User model and attempt a
* login using HTTP auth.
*
* @param \Psr\Http\Message\ServerRequestInterface $request The request to authenticate with.
* @return \Authentication\Authenticator\ResultInterface
*/
public function authenticate(ServerRequestInterface $request): ResultInterface
{
$server = $request->getServerParams();
$username = $server['PHP_AUTH_USER'] ?? '';
$password = $server['PHP_AUTH_PW'] ?? '';
if ($username === '' || $password === '') {
return new Result(null, Result::FAILURE_CREDENTIALS_MISSING);
}
$user = $this->getIdentifier()->identify([
PasswordIdentifier::CREDENTIAL_USERNAME => $username,
PasswordIdentifier::CREDENTIAL_PASSWORD => $password,
]);
if ($user === null) {
return new Result(null, Result::FAILURE_IDENTITY_NOT_FOUND);
}
return new Result($user, Result::SUCCESS);
}
/**
* Create a challenge exception for basic auth challenge.
*
* @param \Psr\Http\Message\ServerRequestInterface $request A request object.
* @return void
* @throws \Authentication\Authenticator\AuthenticationRequiredException
*/
public function unauthorizedChallenge(ServerRequestInterface $request): void
{
if ($this->getConfig('skipChallenge')) {
return;
}
throw new AuthenticationRequiredException($this->loginHeaders($request), '');
}
/**
* Generate the login headers
*
* @param \Psr\Http\Message\ServerRequestInterface $request Request object.
* @return array<non-empty-string, string> Headers for logging in.
*/
protected function loginHeaders(ServerRequestInterface $request): array
{
$server = $request->getServerParams();
$realm = $this->getConfig('realm') ?: $server['SERVER_NAME'];
return ['WWW-Authenticate' => sprintf('Basic realm="%s"', $realm)];
}
}