API Documentation

Zend/Auth/Adapter/Http.php

Show: inherited
Table of Contents

Zend Framework

LICENSE

This source file is subject to the new BSD license that is bundled with this package in the file LICENSE.txt. It is also available through the world-wide-web at this URL: http://framework.zend.com/license/new-bsd If you did not receive a copy of the license and are unable to obtain it through the world-wide-web, please send an email to license@zend.com so we can send you a copy immediately.

Category
Zend  
Copyright
Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)  
License
New BSD License  
Package
Zend_Auth  
Subpackage
Zend_Auth_Adapter_Http  
Version
$Id: Http.php 24594 2012-01-05 21:27:01Z matthew $  

\Zend_Auth_Adapter_Http

Package: Zend\Auth\Zend\Auth\Adapter\Http

HTTP Authentication Adapter

Implements a pretty good chunk of RFC 2617.

Implements
\Zend_Auth_Adapter_Interface
Category
Zend  
Copyright
Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)  
License
New BSD License  
Todo
Support auth-int  
Todo
Track nonces, nonce-count, opaque for replay protection and stale support  
Todo
Support Authentication-Info header  

Properties

Propertyprotectedarray  $_acceptSchemes= ''

List of schemes this class will accept from the client

Details
Type
array
Propertyprotectedstring  $_algo= ''

The actual algorithm to use. Defaults to MD5

Details
Type
string
Propertyprotected\Zend_Auth_Adapter_Http_Resolver_Interface  $_basicResolver= ''

Object that looks up user credentials for the Basic scheme

Propertyprotected\Zend_Auth_Adapter_Http_Resolver_Interface  $_digestResolver= ''

Object that looks up user credentials for the Digest scheme

Propertyprotectedstring  $_domains= ''

Space-delimited list of protected domains for Digest Auth

Details
Type
string
Propertyprotectedboolean  $_ieNoOpaque= ''

Flag indicating the client is IE and didn't bother to return the opaque string

Details
Type
boolean
Propertyprotectedboolean  $_imaProxy= ''

Whether or not to do Proxy Authentication instead of origin server authentication (send 407's instead of 401's). Off by default.

Details
Type
boolean
Propertyprotectedinteger  $_nonceTimeout= ''

Nonce timeout period

Details
Type
integer
Propertyprotectedstring  $_realm= ''

The protection realm to use

Details
Type
string
Propertyprotected\Zend_Controller_Request_Http  $_request= ''

Reference to the HTTP Request object

Propertyprotected\Zend_Controller_Response_Http  $_response= ''

Reference to the HTTP Response object

Propertyprotectedarray  $_supportedAlgos= 'array('MD5')'

List of the supported digest algorithms. I want to support both MD5 and MD5-sess, but MD5-sess won't make it into the first version.

Default valuearray('MD5')Details
Type
array
Propertyprotectedarray  $_supportedQops= 'array('auth')'

List of supported qop options. My intetion is to support both 'auth' and 'auth-int', but 'auth-int' won't make it into the first version.

Default valuearray('auth')Details
Type
array
Propertyprotectedarray  $_supportedSchemes= 'array('basic''

List of authentication schemes supported by this class

Default valuearray('basic'Details
Type
array
Propertyprotectedboolean  $_useOpaque= ''

Whether to send the opaque value in the header. True by default

Details
Type
boolean

Methods

methodpublic__construct( array $config ) : void

Constructor

Parameters
Name Type Description
$config array

Configuration settings: 'accept_schemes' => 'basic'|'digest'|'basic digest' 'realm' => 'digest_domains' => Space-delimited list of URIs 'nonce_timeout' => 'use_opaque' => Whether to send the opaque value in the header 'alogrithm' => See $_supportedAlgos. Default: MD5 'proxy_auth' => Whether to do authentication as a Proxy

Throws
Exception Description
\Zend_Auth_Adapter_Exception
methodprotected_basicAuth( string $header ) : \Zend_Auth_Result

Basic Authentication

Parameters
Name Type Description
$header string

Client's Authorization header

Returns
Type Description
\Zend_Auth_Result
Throws
Exception Description
\Zend_Auth_Adapter_Exception
methodprotected_basicHeader( ) : string

Basic Header

Generates a Proxy- or WWW-Authenticate header value in the Basic authentication scheme.

Returns
Type Description
string Authenticate header value
methodprotected_calcNonce( ) : string

Calculate Nonce

Returns
Type Description
string The nonce value
methodprotected_calcOpaque( ) : string

Calculate Opaque

The opaque string can be anything; the client must return it exactly as it was sent. It may be useful to store data in this string in some applications. Ideally, a new value for this would be generated each time a WWW-Authenticate header is sent (in order to reduce predictability), but we would have to be able to create the same exact value across at least two separate requests from the same client.

Returns
Type Description
string The opaque value
methodprotected_challengeClient( ) : \Zend_Auth_Result

Challenge Client

Sets a 401 or 407 Unauthorized response code, and creates the appropriate Authenticate header(s) to prompt for credentials.

Returns
Type Description
\Zend_Auth_Result Always returns a non-identity Auth result
methodprotected_digestAuth( string $header ) : \Zend_Auth_Result

Digest Authentication

Parameters
Name Type Description
$header string

Client's Authorization header

Returns
Type Description
\Zend_Auth_Result Valid auth result only on successful auth
Throws
Exception Description
\Zend_Auth_Adapter_Exception
methodprotected_digestHeader( ) : string

Digest Header

Generates a Proxy- or WWW-Authenticate header value in the Digest authentication scheme.

Returns
Type Description
string Authenticate header value
methodprotected_parseDigestAuth( string $header ) : array|false

Parse Digest Authorization header

Parameters
Name Type Description
$header string

Client's Authorization: HTTP header

Returns
Type Description
array|false Data elements from header, or false if any part of the header is invalid
methodprotected_secureStringCompare( string $a, string $b ) : bool

Securely compare two strings for equality while avoided C level memcmp() optimisations capable of leaking timing information useful to an attacker attempting to iteratively guess the unknown string (e.g. password) being compared against.

Parameters
Name Type Description
$a string
$b string
Returns
Type Description
bool
methodpublicauthenticate( ) : \Zend_Auth_Result

Authenticate

Returns
Type Description
\Zend_Auth_Result
Throws
Exception Description
\Zend_Auth_Adapter_Exception
methodpublicgetBasicResolver( ) : \Zend_Auth_Adapter_Http_Resolver_Interface

Getter for the _basicResolver property

methodpublicgetDigestResolver( ) : \Zend_Auth_Adapter_Http_Resolver_Interface

Getter for the _digestResolver property

methodpublicgetRequest( ) : \Zend_Controller_Request_Http

Getter for the Request object

Returns
Type Description
\Zend_Controller_Request_Http
methodpublicgetResponse( ) : \Zend_Controller_Response_Http

Getter for the Response object

Returns
Type Description
\Zend_Controller_Response_Http
methodpublicsetBasicResolver( \Zend_Auth_Adapter_Http_Resolver_Interface $resolver ) : \Zend_Auth_Adapter_Http

Setter for the _basicResolver property

Parameters
Name Type Description
$resolver \Zend_Auth_Adapter_Http_Resolver_Interface
Returns
Type Description
\Zend_Auth_Adapter_Http Provides a fluent interface
methodpublicsetDigestResolver( \Zend_Auth_Adapter_Http_Resolver_Interface $resolver ) : \Zend_Auth_Adapter_Http

Setter for the _digestResolver property

Parameters
Name Type Description
$resolver \Zend_Auth_Adapter_Http_Resolver_Interface
Returns
Type Description
\Zend_Auth_Adapter_Http Provides a fluent interface
methodpublicsetRequest( \Zend_Controller_Request_Http $request ) : \Zend_Auth_Adapter_Http

Setter for the Request object

Parameters
Name Type Description
$request \Zend_Controller_Request_Http
Returns
Type Description
\Zend_Auth_Adapter_Http Provides a fluent interface
methodpublicsetResponse( \Zend_Controller_Response_Http $response ) : \Zend_Auth_Adapter_Http

Setter for the Response object

Parameters
Name Type Description
$response \Zend_Controller_Response_Http
Returns
Type Description
\Zend_Auth_Adapter_Http Provides a fluent interface
Documentation was generated by DocBlox 0.15.1.