Blame | Last modification | View Log | RSS feed
<?php/*** Digest authentication** CakePHP(tm) : Rapid Development Framework (http://cakephp.org)* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)** Licensed under The MIT License* For full copyright and license information, please see the LICENSE.txt* Redistributions of files must retain the above copyright notice.** @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)* @link http://cakephp.org CakePHP(tm) Project* @package Cake.Network.Http* @since CakePHP(tm) v 2.0.0* @license http://www.opensource.org/licenses/mit-license.php MIT License*//*** Digest authentication** @package Cake.Network.Http*/class DigestAuthentication {/*** Authentication** @param HttpSocket $http* @param array $authInfo* @return void* @link http://www.ietf.org/rfc/rfc2617.txt*/public static function authentication(HttpSocket $http, &$authInfo) {if (isset($authInfo['user'], $authInfo['pass'])) {if (!isset($authInfo['realm']) && !self::_getServerInformation($http, $authInfo)) {return;}$http->request['header']['Authorization'] = self::_generateHeader($http, $authInfo);}}/*** Retrieve information about the authentication** @param HttpSocket $http* @param array $authInfo* @return boolean*/protected static function _getServerInformation(HttpSocket $http, &$authInfo) {$originalRequest = $http->request;$http->configAuth(false);$http->request($http->request);$http->request = $originalRequest;$http->configAuth('Digest', $authInfo);if (empty($http->response['header']['WWW-Authenticate'])) {return false;}preg_match_all('@(\w+)=(?:(?:")([^"]+)"|([^\s,$]+))@', $http->response['header']['WWW-Authenticate'], $matches, PREG_SET_ORDER);foreach ($matches as $match) {$authInfo[$match[1]] = $match[2];}if (!empty($authInfo['qop']) && empty($authInfo['nc'])) {$authInfo['nc'] = 1;}return true;}/*** Generate the header Authorization** @param HttpSocket $http* @param array $authInfo* @return string*/protected static function _generateHeader(HttpSocket $http, &$authInfo) {$a1 = md5($authInfo['user'] . ':' . $authInfo['realm'] . ':' . $authInfo['pass']);$a2 = md5($http->request['method'] . ':' . $http->request['uri']['path']);if (empty($authInfo['qop'])) {$response = md5($a1 . ':' . $authInfo['nonce'] . ':' . $a2);} else {$authInfo['cnonce'] = uniqid();$nc = sprintf('%08x', $authInfo['nc']++);$response = md5($a1 . ':' . $authInfo['nonce'] . ':' . $nc . ':' . $authInfo['cnonce'] . ':auth:' . $a2);}$authHeader = 'Digest ';$authHeader .= 'username="' . str_replace(array('\\', '"'), array('\\\\', '\\"'), $authInfo['user']) . '", ';$authHeader .= 'realm="' . $authInfo['realm'] . '", ';$authHeader .= 'nonce="' . $authInfo['nonce'] . '", ';$authHeader .= 'uri="' . $http->request['uri']['path'] . '", ';$authHeader .= 'response="' . $response . '"';if (!empty($authInfo['opaque'])) {$authHeader .= ', opaque="' . $authInfo['opaque'] . '"';}if (!empty($authInfo['qop'])) {$authHeader .= ', qop="auth", nc=' . $nc . ', cnonce="' . $authInfo['cnonce'] . '"';}return $authHeader;}}