Issues

ZF-10286: Zend_Auth_Adapater_Digest does not read entire file on blank lines

Issue Type: Improvement Created: 2010-08-09T17:39:09.000+0000 Last Updated: 2012-05-29T14:49:43.000+0000 Status: Closed Fix version(s): Reporter: Yanick Rochon (yanickrochon) Assignee: Adam Lundrigan (adamlundrigan) Tags: - Zend_Auth

Related issues: Attachments:

Description

After a good 5 minutes of login failures during development using a digest authentification, I finally realized what was going on: my file has a blank line in it.

Look at the source code, I noticed that, on line 214 (in the authenticate() method), the while block condition fails whenever a blank line is found in the digest file.

Since this is not written in the docs, it should be added about this behavior. Or better yet, the condition should be modified to read the entire file regardless of empty lines. In the PHP manual (http://php.net/manual/en/function.fgets.php) the demo shows a similar while, but using feof($fileHandle) instead. Which gives more flexibility and ensures that the entire file is read before exiting the while block.

For example :

<pre class="literal"> 
// line 214
while (!@feof($fileHandle)) {
    $line = trim(fgets($fileHandle));
    if (!empty($line) && substr($line, 0, $idLength) === $id) {
        if (substr($line, -32) === md5("$this->_username:$this->_realm:$this->_password")) {
            $result['code'] = Zend_Auth_Result::SUCCESS;
        } else {
            $result['code'] = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID;
            $result['messages'][] = 'Password incorrect';
        }
        return new Zend_Auth_Result($result['code'], $result['identity'], $result['messages']);
    }
}

Comments

Posted by Adam Lundrigan (adamlundrigan) on 2012-05-29T14:49:43.000+0000

Patch w/ Test:

<pre class="highlight">

Index: tests/Zend/Auth/Adapter/Http/_files/htdigest.3
===================================================================
--- tests/Zend/Auth/Adapter/Http/_files/htdigest.3  (revision 24820)
+++ tests/Zend/Auth/Adapter/Http/_files/htdigest.3  (working copy)
@@ -1,2 +1,5 @@
 Bryce:Test Realm:d5b7c330d5685beb782a9e22f0f20579
 Mufasa:Test Realm:200dc292ecb68e04c95bb74ae2ce3c80
+
+
+EmptyLineTest:Test Realm:200dc292ecb68e04c95bb74ae2ce3c80
Index: tests/Zend/Auth/Adapter/Http/Resolver/FileTest.php
===================================================================
--- tests/Zend/Auth/Adapter/Http/Resolver/FileTest.php  (revision 24820)
+++ tests/Zend/Auth/Adapter/Http/Resolver/FileTest.php  (working copy)
@@ -235,6 +235,18 @@
     }
 
     /**
+     * @group ZF-10286
+     */
+    public function testResolveFileIgnoresEmptyLines()
+    {
+        $this->assertEquals(
+            $this->_resolver->resolve('EmptyLineTest', 'Test Realm'),
+            '200dc292ecb68e04c95bb74ae2ce3c80',
+            'Did not read entire file due to empty line'
+        );
+    }
+
+    /**
      * Ensures that resolve() works as expected when provided valid credentials
      *
      * @return void

The above test passes without any modification to the existing Zend_Auth_Adapter_Http_Resolver_File class.

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts