HTTP Authentication Adapter

Implements a pretty good chunk of RFC 2617.

category Zend
package Zend_Authentication
subpackage Adapter_Http
todo Support auth-int
todo Track nonces, nonce-count, opaque for replay protection and stale support
todo Support Authentication-Info header

 Methods

Constructor

__construct(array $config) 

Parameters

$config

array

Configuration settings: 'accept_schemes' => 'basic'|'digest'|'basic digest' 'realm' => 'digest_domains' => Space-delimited list of URIs 'nonce_timeout' => 'use_opaque' => Whether to send the opaque value in the header 'algorithm' => See $supportedAlgos. Default: MD5 'proxy_auth' => Whether to do authentication as a Proxy

Exceptions

\Zend\Authentication\Adapter\Exception\InvalidArgumentException

Getter for the basicResolver property

getBasicResolver() : \Zend\Authentication\Adapter\Http\ResolverInterface

Getter for the digestResolver property

getDigestResolver() : \Zend\Authentication\Adapter\Http\ResolverInterface

Getter for the Request object

getRequest() : \Zend\Http\Request

Getter for the Response object

getResponse() : \Zend\Http\Response

Setter for the basicResolver property

setBasicResolver(\Zend\Authentication\Adapter\Http\ResolverInterface $resolver) : \Zend\Authentication\Adapter\Http

Parameters

Returns

\Zend\Authentication\Adapter\HttpProvides a fluent interface

Setter for the digestResolver property

setDigestResolver(\Zend\Authentication\Adapter\Http\ResolverInterface $resolver) : \Zend\Authentication\Adapter\Http

Parameters

Returns

\Zend\Authentication\Adapter\HttpProvides a fluent interface

Setter for the Request object

setRequest(\Zend\Http\Request $request) : \Zend\Authentication\Adapter\Http

Parameters

Returns

\Zend\Authentication\Adapter\HttpProvides a fluent interface

Setter for the Response object

setResponse(\Zend\Http\Response $response) : \Zend\Authentication\Adapter\Http

Parameters

Returns

\Zend\Authentication\Adapter\HttpProvides a fluent interface

Basic Authentication

_basicAuth(string $header) : \Zend\Authentication\Result

Parameters

$header

string

Client's Authorization header

Exceptions

\Zend\Authentication\Adapter\Exception\ExceptionInterface

Returns

Basic Header

_basicHeader() : string

Generates a Proxy- or WWW-Authenticate header value in the Basic authentication scheme.

Returns

stringAuthenticate header value

Calculate Nonce

_calcNonce() : string

Returns

stringThe nonce value

Calculate Opaque

_calcOpaque() : string

The opaque string can be anything; the client must return it exactly as it was sent. It may be useful to store data in this string in some applications. Ideally, a new value for this would be generated each time a WWW-Authenticate header is sent (in order to reduce predictability), but we would have to be able to create the same exact value across at least two separate requests from the same client.

Returns

stringThe opaque value

Challenge Client

_challengeClient() : \Zend\Authentication\Result

Sets a 401 or 407 Unauthorized response code, and creates the appropriate Authenticate header(s) to prompt for credentials.

Returns

\Zend\Authentication\ResultAlways returns a non-identity Auth result

Digest Authentication

_digestAuth(string $header) : \Zend\Authentication\Result

Parameters

$header

string

Client's Authorization header

Exceptions

\Zend\Authentication\Adapter\Exception\ExceptionInterface

Returns

\Zend\Authentication\ResultValid auth result only on successful auth

Digest Header

_digestHeader() : string

Generates a Proxy- or WWW-Authenticate header value in the Digest authentication scheme.

Returns

stringAuthenticate header value

Parse Digest Authorization header

_parseDigestAuth(string $header) : array | bool

Parameters

$header

string

Client's Authorization: HTTP header

Returns

arrayboolData elements from header, or false if any part of the header is invalid

Securely compare two strings for equality while avoided C level memcmp() optimisations capable of leaking timing information useful to an attacker attempting to iteratively guess the unknown string (e.g.

_secureStringCompare(string $a, string $b) : bool

password) being compared against.

Parameters

$a

string

$b

string

Returns

bool

 Properties

 

List of schemes this class will accept from the client

$acceptSchemes : array

 

The actual algorithm to use.

$algo : string

Defaults to MD5

 

Object that looks up user credentials for the Basic scheme

$basicResolver : \Zend\Authentication\Adapter\Http\ResolverInterface

 

Object that looks up user credentials for the Digest scheme

$digestResolver : \Zend\Authentication\Adapter\Http\ResolverInterface

 

Space-delimited list of protected domains for Digest Auth

$domains : string

 

Flag indicating the client is IE and didn't bother to return the opaque string

$ieNoOpaque : bool

 

Whether or not to do Proxy Authentication instead of origin server authentication (send 407's instead of 401's).

$imaProxy : bool

Off by default.

 

Nonce timeout period

$nonceTimeout : integer

 

The protection realm to use

$realm : string

 

Reference to the HTTP Request object

$request : \Zend\Http\Request

 

Reference to the HTTP Response object

$response : \Zend\Http\Response

 

List of the supported digest algorithms.

$supportedAlgos : array

I want to support both MD5 and MD5-sess, but MD5-sess won't make it into the first version.

 

List of supported qop options.

$supportedQops : array

My intention is to support both 'auth' and 'auth-int', but 'auth-int' won't make it into the first version.

 

List of authentication schemes supported by this class

$supportedSchemes : array

 

Whether to send the opaque value in the header.

$useOpaque : bool

True by default