HTTP Authentication Adapter

Implements a pretty good chunk of RFC 2617.

todo Support auth-int
todo Track nonces, nonce-count, opaque for replay protection and stale support
todo Support Authentication-Info header
package Default

 Methods

Constructor

__construct(array $config) 

Parameters

$config

array

Configuration settings: 'accept_schemes' => 'basic'|'digest'|'basic digest' 'realm' => 'digest_domains' => Space-delimited list of URIs 'nonce_timeout' => 'use_opaque' => Whether to send the opaque value in the header 'algorithm' => See $supportedAlgos. Default: MD5 'proxy_auth' => Whether to do authentication as a Proxy

Exceptions

\Zend\Authentication\Adapter\Exception\InvalidArgumentException

Authenticate

authenticate() : \Zend\Authentication\Result
inherited_from \Zend\Authentication\Adapter\AdapterInterface::authenticate()

Exceptions

\Zend\Authentication\Adapter\Exception\RuntimeException

Returns

\Zend\Authentication\Result

Challenge Client

challengeClient() : \Zend\Authentication\Result

Sets a 401 or 407 Unauthorized response code, and creates the appropriate Authenticate header(s) to prompt for credentials.

Returns

\Zend\Authentication\ResultAlways returns a non-identity Auth result

Getter for the basicResolver property

getBasicResolver() : \Zend\Authentication\Adapter\Http\ResolverInterface

Returns

\Zend\Authentication\Adapter\Http\ResolverInterface

Getter for the digestResolver property

getDigestResolver() : \Zend\Authentication\Adapter\Http\ResolverInterface

Returns

\Zend\Authentication\Adapter\Http\ResolverInterface

Getter for the Request object

getRequest() : \Zend\Http\Request

Returns

\Zend\Http\Request

Getter for the Response object

getResponse() : \Zend\Http\Response

Returns

\Zend\Http\Response

Setter for the basicResolver property

setBasicResolver(\Zend\Authentication\Adapter\Http\ResolverInterface $resolver) : \Zend\Authentication\Adapter\Http

Parameters

$resolver

\Zend\Authentication\Adapter\Http\ResolverInterface

Returns

\Zend\Authentication\Adapter\HttpProvides a fluent interface

Setter for the digestResolver property

setDigestResolver(\Zend\Authentication\Adapter\Http\ResolverInterface $resolver) : \Zend\Authentication\Adapter\Http

Parameters

$resolver

\Zend\Authentication\Adapter\Http\ResolverInterface

Returns

\Zend\Authentication\Adapter\HttpProvides a fluent interface

Setter for the Request object

setRequest(\Zend\Http\Request $request) : \Zend\Authentication\Adapter\Http

Parameters

$request

\Zend\Http\Request

Returns

\Zend\Authentication\Adapter\HttpProvides a fluent interface

Setter for the Response object

setResponse(\Zend\Http\Response $response) : \Zend\Authentication\Adapter\Http

Parameters

$response

\Zend\Http\Response

Returns

\Zend\Authentication\Adapter\HttpProvides a fluent interface

Basic Authentication

_basicAuth(string $header) : \Zend\Authentication\Result

Parameters

$header

string

Client's Authorization header

Exceptions

\Zend\Authentication\Adapter\Exception\ExceptionInterface

Returns

\Zend\Authentication\Result

Basic Header

_basicHeader() : string

Generates a Proxy- or WWW-Authenticate header value in the Basic authentication scheme.

Returns

stringAuthenticate header value

Calculate Nonce

_calcNonce() : string

Returns

stringThe nonce value

Calculate Opaque

_calcOpaque() : string

The opaque string can be anything; the client must return it exactly as it was sent. It may be useful to store data in this string in some applications. Ideally, a new value for this would be generated each time a WWW-Authenticate header is sent (in order to reduce predictability), but we would have to be able to create the same exact value across at least two separate requests from the same client.

Returns

stringThe opaque value

_challengeClient()

_challengeClient() : \Zend\Authentication\Result
deprecated
see

Returns

\Zend\Authentication\ResultAlways returns a non-identity Auth result

Digest Authentication

_digestAuth(string $header) : \Zend\Authentication\Result

Parameters

$header

string

Client's Authorization header

Exceptions

\Zend\Authentication\Adapter\Exception\ExceptionInterface

Returns

\Zend\Authentication\ResultValid auth result only on successful auth

Digest Header

_digestHeader() : string

Generates a Proxy- or WWW-Authenticate header value in the Digest authentication scheme.

Returns

stringAuthenticate header value

Parse Digest Authorization header

_parseDigestAuth(string $header) : array | boolean

Parameters

$header

string

Client's Authorization: HTTP header

Returns

arraybooleanData elements from header, or false if any part of the header is invalid

validates if $value is a valid Md5 hash

isValidMd5Hash(string $value) : boolean

Parameters

$value

string

Returns

boolean

 Properties

 

List of schemes this class will accept from the client

$acceptSchemes : array

Default

 

The actual algorithm to use. Defaults to MD5

$algo : string

Default

 

Object that looks up user credentials for the Basic scheme

$basicResolver : \Zend\Authentication\Adapter\Http\ResolverInterface

Default

 

Object that looks up user credentials for the Digest scheme

$digestResolver : \Zend\Authentication\Adapter\Http\ResolverInterface

Default

 

Space-delimited list of protected domains for Digest Auth

$domains : string

Default

 

Flag indicating the client is IE and didn't bother to return the opaque string

$ieNoOpaque : boolean

Default

false
 

Whether or not to do Proxy Authentication instead of origin server authentication (send 407's instead of 401's). Off by default.

$imaProxy : boolean

Default

false
 

Nonce timeout period

$nonceTimeout : integer

Default

 

The protection realm to use

$realm : string

Default

 

Reference to the HTTP Request object

$request : \Zend\Http\Request

Default

 

Reference to the HTTP Response object

$response : \Zend\Http\Response

Default

 

List of the supported digest algorithms. I want to support both MD5 and MD5-sess, but MD5-sess won't make it into the first version.

$supportedAlgos : array

Default

array('MD5')
 

List of supported qop options. My intention is to support both 'auth' and 'auth-int', but 'auth-int' won't make it into the first version.

$supportedQops : array

Default

array('auth')
 

List of authentication schemes supported by this class

$supportedSchemes : array

Default

array('basic', 'digest')
 

Whether to send the opaque value in the header. True by default

$useOpaque : boolean

Default