Merge pull request #125 from zelgerj/master

added digest auth type, will fix #182 on appserver repo
appserver-io · Jan 14, 2015 · dd0b839 · dd0b839
2 parents 8015137 + cbb97dc
commit dd0b839
Show file tree

Hide file tree

Showing 8 changed files with 434 additions and 129 deletions.
diff --git a/etc/webserver.xml b/etc/webserver.xml
@@ -90,24 +90,18 @@
             </params>
 
             <authentications>
-                <authentication uri="^\/auth\/basic\/phpwebserver.*">
+                <authentication uri="^\/auth\/basic\/.*">
                     <params>
                         <param name="type" type="string">\AppserverIo\WebServer\Authentication\BasicAuthentication</param>
                         <param name="realm" type="string">PhpWebServer Basic Authentication System</param>
-                        <param name="hash" type="string">cGhwd2Vic2VydmVyOnBocHdlYnNlcnZlci5pMA==</param>
-                        <!-- <param name="file" type="string">var/www/auth/basic/phpwebserver</param> -->
-                        <!-- <param name="username" type="string">phpwebserver</param> -->
-                        <!-- <param name="password" type="string">wURpZpgIT.w1I</param> -->
+                        <param name="file" type="string">var/www/auth/basic/.htpasswd</param>
                     </params>
                 </authentication>
-                <authentication uri="^\/auth\/basic\/appserver.*">
+                <authentication uri="^\/auth\/digest\/.*">
                     <params>
-                        <param name="type" type="string">\AppserverIo\WebServer\Authentication\BasicAuthentication</param>
-                        <param name="realm" type="string">appserver.io Basic Authentication System</param>
-                        <param name="hash" type="string">YXBwc2VydmVyOmFwcHNlcnZlci5pMA==</param>
-                        <!-- <param name="file" type="string">var/www/auth/basic/appserver</param> -->
-                        <!-- <param name="username" type="string">appserver</param> -->
-                        <!-- <param name="password" type="string">wURpZpgIT.w1I</param> -->
+                        <param name="type" type="string">\AppserverIo\WebServer\Authentication\DigestAuthentication</param>
+                        <param name="realm" type="string">appserver.io Digest Authentication System</param>
+                        <param name="file" type="string">var/www/auth/digest/.htpasswd</param>
                     </params>
                 </authentication>
             </authentications>
@@ -397,24 +391,18 @@
             </rewrites>
 
             <authentications>
-                <authentication uri="^\/auth\/basic\/phpwebserver.*">
+                <authentication uri="^\/auth\/basic\/.*">
                     <params>
                         <param name="type" type="string">\AppserverIo\WebServer\Authentication\BasicAuthentication</param>
                         <param name="realm" type="string">PhpWebServer Basic Authentication System</param>
-                        <param name="hash" type="string">cGhwd2Vic2VydmVyOnBocHdlYnNlcnZlci5pMA==</param>
-                        <!-- <param name="file" type="string">var/www/auth/basic/phpwebserver</param> -->
-                        <!-- <param name="username" type="string">phpwebserver</param> -->
-                        <!-- <param name="password" type="string">wURpZpgIT.w1I</param> -->
+                        <param name="file" type="string">var/www/auth/basic/.htpasswd</param>
                     </params>
                 </authentication>
-                <authentication uri="^\/auth\/basic\/appserver.*">
+                <authentication uri="^\/auth\/digest\/.*">
                     <params>
-                        <param name="type" type="string">\AppserverIo\WebServer\Authentication\BasicAuthentication</param>
-                        <param name="realm" type="string">appserver.io Basic Authentication System</param>
-                        <param name="hash" type="string">YXBwc2VydmVyOmFwcHNlcnZlci5pMA==</param>
-                        <!-- <param name="file" type="string">var/www/auth/basic/appserver</param> -->
-                        <!-- <param name="username" type="string">appserver</param> -->
-                        <!-- <param name="password" type="string">wURpZpgIT.w1I</param> -->
+                        <param name="type" type="string">\AppserverIo\WebServer\Authentication\DigestAuthentication</param>
+                        <param name="realm" type="string">appserver.io Digest Authentication System</param>
+                        <param name="file" type="string">var/www/auth/digest/.htpasswd</param>
                     </params>
                 </authentication>
             </authentications>

diff --git a/src/AppserverIo/WebServer/Authentication/AbstractAuthentication.php b/src/AppserverIo/WebServer/Authentication/AbstractAuthentication.php
@@ -0,0 +1,190 @@
+<?php
+
+/**
+ * \AppserverIo\WebServer\Authentication\AbstractAuthentication
+ *
+ * NOTICE OF LICENSE
+ *
+ * This source file is subject to the Open Software License (OSL 3.0)
+ * that is available through the world-wide-web at this URL:
+ * http://opensource.org/licenses/osl-3.0.php
+ *
+ * PHP version 5
+ *
+ * @category   Server
+ * @package    WebServer
+ * @subpackage Authentication
+ * @author     Johann Zelger <jz@appserver.io>
+ * @copyright  2014 TechDivision GmbH <info@appserver.io>
+ * @license    http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
+ * @link       https://github.com/appserver-io/webserver
+ */
+
+namespace AppserverIo\WebServer\Authentication;
+
+use AppserverIo\Server\Exceptions\ModuleException;
+use AppserverIo\WebServer\Interfaces\AuthenticationInterface;
+
+/**
+ * Class AbstractAuthentication
+ *
+ * @category   Server
+ * @package    WebServer
+ * @subpackage Authentication
+ * @author     Johann Zelger <jz@appserver.io>
+ * @copyright  2014 TechDivision GmbH <info@appserver.io>
+ * @license    http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
+ * @link       https://github.com/appserver-io/webserver
+ */
+class AbstractAuthentication
+{
+    /**
+     * Holds the valid credentials given in passwd file
+     *
+     * @var array
+     */
+    protected $credentials;
+
+    /**
+     * The parsed username given by header content payload
+     *
+     * @var string
+     */
+    protected $username;
+
+    /**
+     * The password given by header content payload
+     *
+     * @var string
+     */
+    protected $password;
+
+    /**
+     * Hold's the auth data got from http authentication header
+     *
+     * @var string
+     */
+    protected $authData;
+
+    /**
+     * Hold's the auth hash to compare with auth information given by system
+     *
+     * @var string
+     */
+    protected $authHash;
+
+    /**
+     * Hold's the requests method
+     *
+     * @var string
+     */
+    protected $reqMethod;
+
+    /**
+     * Hold's the configuration data given for authentication type
+     *
+     * @var array
+     */
+    protected $configData;
+
+    /**
+     * Constructs the authentication type
+     *
+     * @param array $configData The configuration data for auth type instance
+     */
+    public function __construct(array $configData = array())
+    {
+        // set vars internally
+        $this->configData = $configData;
+        // init credentials
+        $this->initCredentials();
+    }
+
+    /**
+     * Initialise by the auth content got from client
+     *
+     * @param string $authData  The content of authentication data sent by client
+     * @param string $reqMethod The https request method as string
+     *
+     * @return void
+     */
+    public function init($authData, $reqMethod)
+    {
+        // set vars internally
+        $this->authData = $authData;
+        $this->reqMethod = $reqMethod;
+
+        // parse auth data
+        $this->parse();
+    }
+
+    /**
+     * Return's the request method
+     *
+     * @return string The request method
+     */
+    public function getReqMethod()
+    {
+        return $this->reqMethod;
+    }
+
+    /**
+     * Return's the authentication data content
+     *
+     * @return string The authentication data content
+     */
+    public function getAuthData()
+    {
+        return $this->authData;
+    }
+
+    /**
+     * Return's the auth hash got from request parsing
+     *
+     * @return string
+     */
+    public function getAuthHash()
+    {
+        return $this->authHash;
+    }
+
+    /**
+     * Return's the authentication type token
+     *
+     * @return string
+     */
+    public function getType()
+    {
+        return $this::AUTH_TYPE;
+    }
+
+    /**
+     * Return's the parsed username
+     *
+     * @return string
+     */
+    public function getUsername()
+    {
+        return $this->username;
+    }
+
+    /**
+     * Return's the parsed password
+     *
+     * @return string
+     */
+    public function getPassword()
+    {
+        return $this->password;
+    }
+
+    /**
+     * Return's the parsed password
+     *
+     * @return string
+     */
+    public function getCredentials()
+    {
+        return $this->credentials;
+    }
+}
diff --git a/src/AppserverIo/WebServer/Authentication/BasicAuthentication.php b/src/AppserverIo/WebServer/Authentication/BasicAuthentication.php
@@ -22,6 +22,7 @@
 
 namespace AppserverIo\WebServer\Authentication;
 
+use AppserverIo\Server\Exceptions\ModuleException;
 use AppserverIo\WebServer\Interfaces\AuthenticationInterface;
 
 /**
@@ -35,7 +36,7 @@
  * @license    http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
  * @link       https://github.com/appserver-io/webserver
  */
-class BasicAuthentication implements AuthenticationInterface
+class BasicAuthentication extends AbstractAuthentication implements AuthenticationInterface
 {
     /**
      * Defines the auth type which should match the client request type definition
@@ -44,34 +45,6 @@ class BasicAuthentication implements AuthenticationInterface
      */
     const AUTH_TYPE = 'Basic';
 
-    /**
-     * The parsed username given by header content payload
-     *
-     * @var string
-     */
-    protected $username;
-
-    /**
-     * The password given by header content payload
-     *
-     * @var string
-     */
-    protected $password;
-
-    /**
-     * Hold's the auth data got from http authentication header
-     *
-     * @var string
-     */
-    protected $authData;
-
-    /**
-     * Hold's the auth hash to compare with auth information given by system
-     *
-     * @var string
-     */
-    protected $authHash;
-
     /**
      * Parses the header content set in init before
      *
@@ -91,72 +64,46 @@ protected function parse()
     }
 
     /**
-     * Initialise by the authentication data given by client
-     *
-     * @param string $authData The content of authentication header sent by client
-     *
-     * @return void
-     */
-    public function init($authData)
-    {
-        $this->authData = $authData;
-        $this->parse();
-    }
-
-    /**
-     * Return's the authentication data content
+     * Returns the authentication header for response to set
      *
-     * @return string The authentication data content
+     * @return string
      */
-    public function getAuthData()
+    public function getAuthenticateHeader()
     {
-        return $this->authData;
+        return $this->getType() . ' realm="' . $this->configData["realm"] . "'";
     }
 
     /**
-     * Return's the auth hash got from request parsing
+     * Inits the credentials by given file in config
      *
-     * @return string
+     * @return void
      */
-    public function getAuthHash()
+    public function initCredentials()
     {
-        return $this->authHash;
+        // get file content
+        $fileLines = file($this->configData['file']);
+        // iterate all lines and set credentials
+        foreach ($fileLines as $fileLine) {
+            list($user, $pass) = explode(':', $fileLine);
+            $this->credentials[trim($user)] = trim($pass);
+        }
     }
 
     /**
      * Try to authenticate
      *
-     * @param array $credentialData The credential data to auth against
-     *
      * @return bool If auth was successful return true if no false will be returned
      */
-    public function auth(array $credentialData)
+    public function auth()
     {
-        if ($this->getAuthHash() === $credentialData["hash"]) {
-            return true;
-        }
-        // todo: check if hashFile is given and try to auth against
-        // todo: check if username password combination is given and try to auth against
-        return false;
-    }
+        // set internal var refs
+        $credentials = $this->getCredentials();
 
-    /**
-     * Return's the authentication type token
-     *
-     * @return string
-     */
-    public function getType()
-    {
-        return self::AUTH_TYPE;
-    }
+        // check request header data does not contains exact username requested
+        if (!isset($credentials[$this->getUsername()])) {
+            return false;
+        }
 
-    /**
-     * Return's the parsed username
-     *
-     * @return string
-     */
-    public function getUsername()
-    {
-        return $this->username;
+        return (password_verify($this->getPassword(), $credentials[$this->getUsername()]));
     }
 }