Auth/Adapter/Http.php
inherited
Classes
Zend Framework
LICENSE
This source file is subject to the new BSD license that is bundled with this package in the file LICENSE.txt. It is also available through the world-wide-web at this URL: http://framework.zend.com/license/new-bsd If you did not receive a copy of the license and are unable to obtain it through the world-wide-web, please send an email to [email protected] so we can send you a copy immediately.
- Category
- Zend
- Copyright
- Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
- License
- New BSD License
- Package
- Zend_Auth
- Subpackage
- Zend_Auth_Adapter_Http
- Version
- $Id: Http.php 24593 2012-01-05 20:35:02Z matthew $
\Zend_Auth_Adapter_Http
HTTP Authentication Adapter
Implements a pretty good chunk of RFC 2617.
- Implements
- \Zend_Auth_Adapter_Interface
- Category
- Zend
- Copyright
- Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
- License
- New BSD License
- Todo
- Support auth-int
- Todo
- Track nonces, nonce-count, opaque for replay protection and stale support
- Todo
- Support Authentication-Info header
Properties
array $_acceptSchemes = List of schemes this class will accept from the client
- Type
- array
string $_algo = The actual algorithm to use.
Defaults to MD5
- Type
- string
\Zend_Auth_Adapter_Http_Resolver_Interface $_basicResolver = Object that looks up user credentials for the Basic scheme
\Zend_Auth_Adapter_Http_Resolver_Interface $_digestResolver = Object that looks up user credentials for the Digest scheme
string $_domains = Space-delimited list of protected domains for Digest Auth
- Type
- string
boolean $_ieNoOpaque = Flag indicating the client is IE and didn't bother to return the opaque string
- Type
- boolean
boolean $_imaProxy = Whether or not to do Proxy Authentication instead of origin server authentication (send 407's instead of 401's).
Off by default.
- Type
- boolean
integer $_nonceTimeout = Nonce timeout period
- Type
- integer
string $_realm = The protection realm to use
- Type
- string
\Zend_Controller_Request_Http $_request = Reference to the HTTP Request object
\Zend_Controller_Response_Http $_response = Reference to the HTTP Response object
array $_supportedAlgos = array('MD5')List of the supported digest algorithms.
I want to support both MD5 and MD5-sess, but MD5-sess won't make it into the first version.
array('MD5')Details- Type
- array
array $_supportedQops = array('auth')List of supported qop options.
My intetion is to support both 'auth' and 'auth-int', but 'auth-int' won't make it into the first version.
array('auth')Details- Type
- array
array $_supportedSchemes = array('basic', 'digest')List of authentication schemes supported by this class
array('basic', 'digest')Details- Type
- array
boolean $_useOpaque = Whether to send the opaque value in the header.
True by default
- Type
- boolean
Methods
__construct(array $config) : voidConstructor
| Name | Type | Description |
|---|---|---|
| $config | array | Configuration settings: 'accept_schemes' => 'basic'|'digest'|'basic digest' 'realm' => |
| Exception | Description |
|---|---|
| \Zend_Auth_Adapter_Exception |
_basicAuth(string $header) : \Zend_Auth_ResultBasic Authentication
| Name | Type | Description |
|---|---|---|
| $header | string | Client's Authorization header |
| Type | Description |
|---|---|
| \Zend_Auth_Result |
| Exception | Description |
|---|---|
| \Zend_Auth_Adapter_Exception |
_basicHeader() : stringBasic Header
Generates a Proxy- or WWW-Authenticate header value in the Basic authentication scheme.
| Type | Description |
|---|---|
| string | Authenticate header value |
_calcNonce() : stringCalculate Nonce
| Type | Description |
|---|---|
| string | The nonce value |
_calcOpaque() : stringCalculate Opaque
The opaque string can be anything; the client must return it exactly as it was sent. It may be useful to store data in this string in some applications. Ideally, a new value for this would be generated each time a WWW-Authenticate header is sent (in order to reduce predictability), but we would have to be able to create the same exact value across at least two separate requests from the same client.
| Type | Description |
|---|---|
| string | The opaque value |
_challengeClient() : \Zend_Auth_ResultChallenge Client
Sets a 401 or 407 Unauthorized response code, and creates the appropriate Authenticate header(s) to prompt for credentials.
| Type | Description |
|---|---|
| \Zend_Auth_Result | Always returns a non-identity Auth result |
_digestAuth(string $header) : \Zend_Auth_ResultDigest Authentication
| Name | Type | Description |
|---|---|---|
| $header | string | Client's Authorization header |
| Type | Description |
|---|---|
| \Zend_Auth_Result | Valid auth result only on successful auth |
| Exception | Description |
|---|---|
| \Zend_Auth_Adapter_Exception |
_digestHeader() : stringDigest Header
Generates a Proxy- or WWW-Authenticate header value in the Digest authentication scheme.
| Type | Description |
|---|---|
| string | Authenticate header value |
_parseDigestAuth(string $header) : array | falseParse Digest Authorization header
| Name | Type | Description |
|---|---|---|
| $header | string | Client's Authorization: HTTP header |
| Type | Description |
|---|---|
| array | false | Data elements from header, or false if any part of the header is invalid |
_secureStringCompare(string $a, string $b) : boolSecurely compare two strings for equality while avoided C level memcmp() optimisations capable of leaking timing information useful to an attacker attempting to iteratively guess the unknown string (e.g.
password) being compared against.
| Name | Type | Description |
|---|---|---|
| $a | string | |
| $b | string |
| Type | Description |
|---|---|
| bool |
authenticate() : \Zend_Auth_ResultAuthenticate
| Type | Description |
|---|---|
| \Zend_Auth_Result |
| Exception | Description |
|---|---|
| \Zend_Auth_Adapter_Exception |
getBasicResolver() : \Zend_Auth_Adapter_Http_Resolver_InterfaceGetter for the _basicResolver property
| Type | Description |
|---|---|
| \Zend_Auth_Adapter_Http_Resolver_Interface |
getDigestResolver() : \Zend_Auth_Adapter_Http_Resolver_InterfaceGetter for the _digestResolver property
| Type | Description |
|---|---|
| \Zend_Auth_Adapter_Http_Resolver_Interface |
getRequest() : \Zend_Controller_Request_HttpGetter for the Request object
| Type | Description |
|---|---|
| \Zend_Controller_Request_Http |
getResponse() : \Zend_Controller_Response_HttpGetter for the Response object
| Type | Description |
|---|---|
| \Zend_Controller_Response_Http |
setBasicResolver(\Zend_Auth_Adapter_Http_Resolver_Interface $resolver) : \Zend_Auth_Adapter_HttpSetter for the _basicResolver property
| Name | Type | Description |
|---|---|---|
| $resolver | \Zend_Auth_Adapter_Http_Resolver_Interface |
| Type | Description |
|---|---|
| \Zend_Auth_Adapter_Http | Provides a fluent interface |
setDigestResolver(\Zend_Auth_Adapter_Http_Resolver_Interface $resolver) : \Zend_Auth_Adapter_HttpSetter for the _digestResolver property
| Name | Type | Description |
|---|---|---|
| $resolver | \Zend_Auth_Adapter_Http_Resolver_Interface |
| Type | Description |
|---|---|
| \Zend_Auth_Adapter_Http | Provides a fluent interface |
setRequest(\Zend_Controller_Request_Http $request) : \Zend_Auth_Adapter_HttpSetter for the Request object
| Name | Type | Description |
|---|---|---|
| $request | \Zend_Controller_Request_Http |
| Type | Description |
|---|---|
| \Zend_Auth_Adapter_Http | Provides a fluent interface |
setResponse(\Zend_Controller_Response_Http $response) : \Zend_Auth_Adapter_HttpSetter for the Response object
| Name | Type | Description |
|---|---|---|
| $response | \Zend_Controller_Response_Http |
| Type | Description |
|---|---|
| \Zend_Auth_Adapter_Http | Provides a fluent interface |