HTTP Authentication Adapter

Implements a pretty good chunk of RFC 2617.

category Zend
package Zend_Auth
subpackage Zend_Auth_Adapter_Http
copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
license New BSD License
todo Support auth-int
todo Track nonces, nonce-count, opaque for replay protection and stale support
todo Support Authentication-Info header

 Methods

Constructor

__construct(array $config) 

Parameters

$config

array

Configuration settings: 'accept_schemes' => 'basic'|'digest'|'basic digest' 'realm' => 'digest_domains' => Space-delimited list of URIs 'nonce_timeout' => 'use_opaque' => Whether to send the opaque value in the header 'alogrithm' => See $_supportedAlgos. Default: MD5 'proxy_auth' => Whether to do authentication as a Proxy

Exceptions

\Zend_Auth_Adapter_Exception

Authenticate

authenticate() : \Zend_Auth_Result
inherited_from \Zend_Auth_Adapter_Interface::authenticate()

Exceptions

\Zend_Auth_Adapter_Exception

Returns

\Zend_Auth_Result

Getter for the _basicResolver property

getBasicResolver() : \Zend_Auth_Adapter_Http_Resolver_Interface

Returns

\Zend_Auth_Adapter_Http_Resolver_Interface

Getter for the _digestResolver property

getDigestResolver() : \Zend_Auth_Adapter_Http_Resolver_Interface

Returns

\Zend_Auth_Adapter_Http_Resolver_Interface

Getter for the Request object

getRequest() : \Zend_Controller_Request_Http

Returns

\Zend_Controller_Request_Http

Getter for the Response object

getResponse() : \Zend_Controller_Response_Http

Returns

\Zend_Controller_Response_Http

Setter for the _basicResolver property

setBasicResolver(\Zend_Auth_Adapter_Http_Resolver_Interface $resolver) : \Zend_Auth_Adapter_Http

Parameters

$resolver

\Zend_Auth_Adapter_Http_Resolver_Interface

Returns

\Zend_Auth_Adapter_HttpProvides a fluent interface

Setter for the _digestResolver property

setDigestResolver(\Zend_Auth_Adapter_Http_Resolver_Interface $resolver) : \Zend_Auth_Adapter_Http

Parameters

$resolver

\Zend_Auth_Adapter_Http_Resolver_Interface

Returns

\Zend_Auth_Adapter_HttpProvides a fluent interface

Setter for the Request object

setRequest(\Zend_Controller_Request_Http $request) : \Zend_Auth_Adapter_Http

Parameters

$request

\Zend_Controller_Request_Http

Returns

\Zend_Auth_Adapter_HttpProvides a fluent interface

Setter for the Response object

setResponse(\Zend_Controller_Response_Http $response) : \Zend_Auth_Adapter_Http

Parameters

$response

\Zend_Controller_Response_Http

Returns

\Zend_Auth_Adapter_HttpProvides a fluent interface

Basic Authentication

_basicAuth(string $header) : \Zend_Auth_Result

Parameters

$header

string

Client's Authorization header

Exceptions

\Zend_Auth_Adapter_Exception

Returns

\Zend_Auth_Result

Basic Header

_basicHeader() : string

Generates a Proxy- or WWW-Authenticate header value in the Basic authentication scheme.

Returns

stringAuthenticate header value

Calculate Nonce

_calcNonce() : string

Returns

stringThe nonce value

Calculate Opaque

_calcOpaque() : string

The opaque string can be anything; the client must return it exactly as it was sent. It may be useful to store data in this string in some applications. Ideally, a new value for this would be generated each time a WWW-Authenticate header is sent (in order to reduce predictability), but we would have to be able to create the same exact value across at least two separate requests from the same client.

Returns

stringThe opaque value

Challenge Client

_challengeClient() : \Zend_Auth_Result

Sets a 401 or 407 Unauthorized response code, and creates the appropriate Authenticate header(s) to prompt for credentials.

Returns

\Zend_Auth_ResultAlways returns a non-identity Auth result

Digest Authentication

_digestAuth(string $header) : \Zend_Auth_Result

Parameters

$header

string

Client's Authorization header

Exceptions

\Zend_Auth_Adapter_Exception

Returns

\Zend_Auth_ResultValid auth result only on successful auth

Digest Header

_digestHeader() : string

Generates a Proxy- or WWW-Authenticate header value in the Digest authentication scheme.

Returns

stringAuthenticate header value

Parse Digest Authorization header

_parseDigestAuth(string $header) : array | false

Parameters

$header

string

Client's Authorization: HTTP header

Returns

arrayfalseData elements from header, or false if any part of the header is invalid

Securely compare two strings for equality while avoided C level memcmp() optimisations capable of leaking timing information useful to an attacker attempting to iteratively guess the unknown string (e.g. password) being compared against.

_secureStringCompare(string $a, string $b) : boolean

Parameters

$a

string

$b

string

Returns

boolean

 Properties

 

List of schemes this class will accept from the client

$_acceptSchemes : array

Default

 

The actual algorithm to use. Defaults to MD5

$_algo : string

Default

 

Object that looks up user credentials for the Basic scheme

$_basicResolver : \Zend_Auth_Adapter_Http_Resolver_Interface

Default

 

Object that looks up user credentials for the Digest scheme

$_digestResolver : \Zend_Auth_Adapter_Http_Resolver_Interface

Default

 

Space-delimited list of protected domains for Digest Auth

$_domains : string

Default

 

Flag indicating the client is IE and didn't bother to return the opaque string

$_ieNoOpaque : boolean

Default

 

Whether or not to do Proxy Authentication instead of origin server authentication (send 407's instead of 401's). Off by default.

$_imaProxy : boolean

Default

 

Nonce timeout period

$_nonceTimeout : integer

Default

 

The protection realm to use

$_realm : string

Default

 

Reference to the HTTP Request object

$_request : \Zend_Controller_Request_Http

Default

 

Reference to the HTTP Response object

$_response : \Zend_Controller_Response_Http

Default

 

List of the supported digest algorithms. I want to support both MD5 and MD5-sess, but MD5-sess won't make it into the first version.

$_supportedAlgos : array

Default

array('MD5')
 

List of supported qop options. My intetion is to support both 'auth' and 'auth-int', but 'auth-int' won't make it into the first version.

$_supportedQops : array

Default

array('auth')
 

List of authentication schemes supported by this class

$_supportedSchemes : array

Default

array('basic', 'digest')
 

Whether to send the opaque value in the header. True by default

$_useOpaque : boolean

Default