📄 http.php
字号:
<?php/** * Zend Framework * * LICENSE * * This source file is subject to the new BSD license that is bundled * with this package in the file LICENSE.txt. * It is also available through the world-wide-web at this URL: * http://framework.zend.com/license/new-bsd * If you did not receive a copy of the license and are unable to * obtain it through the world-wide-web, please send an email * to license@zend.com so we can send you a copy immediately. * * @category Zend * @package Zend_Auth * @subpackage Zend_Auth_Adapter_Http * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com) * @license http://framework.zend.com/license/new-bsd New BSD License * @version $Id: Http.php 163 2008-01-14 04:40:16Z matt $ *//** * @see Zend_Auth_Adapter_Interface */require_once 'Zend/Auth/Adapter/Interface.php';/** * HTTP Authentication Adapter * * Implements a pretty good chunk of RFC 2617. * * @category Zend * @package Zend_Auth * @subpackage Zend_Auth_Adapter_Http * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com) * @license http://framework.zend.com/license/new-bsd New BSD License * @todo Support auth-int * @todo Track nonces, nonce-count, opaque for replay protection and stale support * @todo Support Authentication-Info header */class Zend_Auth_Adapter_Http implements Zend_Auth_Adapter_Interface{ /** * Reference to the HTTP Request object * * @var Zend_Controller_Request_Http */ protected $_request; /** * Reference to the HTTP Response object * * @var Zend_Controller_Response_Http */ protected $_response; /** * Object that looks up user credentials for the Basic scheme * * @var Zend_Auth_Adapter_Http_Resolver_Interface */ protected $_basicResolver; /** * Object that looks up user credentials for the Digest scheme * * @var Zend_Auth_Adapter_Http_Resolver_Interface */ protected $_digestResolver; /** * List of authentication schemes supported by this class * * @var array */ protected $_supportedSchemes = array('basic', 'digest'); /** * List of schemes this class will accept from the client * * @var array */ protected $_acceptSchemes; /** * Space-delimited list of protected domains for Digest Auth * * @var string */ protected $_domains; /** * The protection realm to use * * @var string */ protected $_realm; /** * Nonce timeout period * * @var integer */ protected $_nonceTimeout; /** * Whether to send the opaque value in the header. True by default * * @var boolean */ protected $_useOpaque; /** * List of the supported digest algorithms. I want to support both MD5 and * MD5-sess, but MD5-sess won't make it into the first version. * * @var array */ protected $_supportedAlgos = array('MD5'); /** * The actual algorithm to use. Defaults to MD5 * * @var string */ protected $_algo; /** * List of supported qop options. My intetion is to support both 'auth' and * 'auth-int', but 'auth-int' won't make it into the first version. * * @var array */ protected $_supportedQops = array('auth'); /** * Whether or not to do Proxy Authentication instead of origin server * authentication (send 407's instead of 401's). Off by default. * * @var boolean */ protected $_imaProxy; /** * Flag indicating the client is IE and didn't bother to return the opaque string * * @var boolean */ protected $_ieNoOpaque; /** * Constructor * * @param array $config Configuration settings: * 'accept_schemes' => 'basic'|'digest'|'basic digest' * 'realm' => <string> * 'digest_domains' => <string> Space-delimited list of URIs * 'nonce_timeout' => <int> * 'use_opaque' => <bool> Whether to send the opaque value in the header * 'alogrithm' => <string> See $_supportedAlgos. Default: MD5 * 'proxy_auth' => <bool> Whether to do authentication as a Proxy * @throws Zend_Auth_Adapter_Exception * @return void */ public function __construct(array $config) { $this->_request = null; $this->_response = null; $this->_ieNoOpaque = false; if (empty($config['accept_schemes'])) { /** * @see Zend_Auth_Adapter_Exception */ require_once 'Zend/Auth/Adapter/Exception.php'; throw new Zend_Auth_Adapter_Exception('Config key \'accept_schemes\' is required'); } $schemes = explode(' ', $config['accept_schemes']); $this->_acceptSchemes = array_intersect($schemes, $this->_supportedSchemes); if (empty($this->_acceptSchemes)) { /** * @see Zend_Auth_Adapter_Exception */ require_once 'Zend/Auth/Adapter/Exception.php'; throw new Zend_Auth_Adapter_Exception('No supported schemes given in \'accept_schemes\'. Valid values: ' . implode(', ', $this->_supportedSchemes)); } // Double-quotes are used to delimit the realm string in the HTTP header, // and colons are field delimiters in the password file. if (empty($config['realm']) || !ctype_print($config['realm']) || strpos($config['realm'], ':') !== false || strpos($config['realm'], '"') !== false) { /** * @see Zend_Auth_Adapter_Exception */ require_once 'Zend/Auth/Adapter/Exception.php'; throw new Zend_Auth_Adapter_Exception('Config key \'realm\' is required, and must contain only printable ' . 'characters, excluding quotation marks and colons'); } else { $this->_realm = $config['realm']; } if (in_array('digest', $this->_acceptSchemes)) { if (empty($config['digest_domains']) || !ctype_print($config['digest_domains']) || strpos($config['digest_domains'], '"') !== false) { /** * @see Zend_Auth_Adapter_Exception */ require_once 'Zend/Auth/Adapter/Exception.php'; throw new Zend_Auth_Adapter_Exception('Config key \'digest_domains\' is required, and must contain ' . 'only printable characters, excluding quotation marks'); } else { $this->_domains = $config['digest_domains']; } if (empty($config['nonce_timeout']) || !is_numeric($config['nonce_timeout'])) { /** * @see Zend_Auth_Adapter_Exception */ require_once 'Zend/Auth/Adapter/Exception.php'; throw new Zend_Auth_Adapter_Exception('Config key \'nonce_timeout\' is required, and must be an ' . 'integer'); } else { $this->_nonceTimeout = (int) $config['nonce_timeout']; } // We use the opaque value unless explicitly told not to if (isset($config['use_opaque']) && false == (bool) $config['use_opaque']) { $this->_useOpaque = false; } else { $this->_useOpaque = true; } if (isset($config['algorithm']) && in_array($config['algorithm'], $this->_supportedAlgos)) { $this->_algo = $config['algorithm']; } else { $this->_algo = 'MD5'; } } // Don't be a proxy unless explicitly told to do so if (isset($config['proxy_auth']) && true == (bool) $config['proxy_auth']) { $this->_imaProxy = true; // I'm a Proxy } else { $this->_imaProxy = false; } } /** * Setter for the _basicResolver property * * @param Zend_Auth_Adapter_Http_Resolver_Interface $resolver * @return Zend_Auth_Adapter_Http Provides a fluent interface */ public function setBasicResolver(Zend_Auth_Adapter_Http_Resolver_Interface $resolver) { $this->_basicResolver = $resolver; return $this; } /** * Getter for the _basicResolver property * * @return Zend_Auth_Adapter_Http_Resolver_Interface */ public function getBasicResolver() { return $this->_basicResolver; } /** * Setter for the _digestResolver property * * @param Zend_Auth_Adapter_Http_Resolver_Interface $resolver * @return Zend_Auth_Adapter_Http Provides a fluent interface */ public function setDigestResolver(Zend_Auth_Adapter_Http_Resolver_Interface $resolver) { $this->_digestResolver = $resolver; return $this; } /** * Getter for the _digestResolver property * * @return Zend_Auth_Adapter_Http_Resolver_Interface */ public function getDigestResolver() { return $this->_digestResolver; } /** * Setter for the Request object * * @param Zend_Controller_Request_Http $request * @return Zend_Auth_Adapter_Http Provides a fluent interface */ public function setRequest(Zend_Controller_Request_Http $request) { $this->_request = $request; return $this; } /** * Getter for the Request object * * @return Zend_Controller_Request_Http */ public function getRequest() { return $this->_request; } /** * Setter for the Response object * * @param Zend_Controller_Response_Http $response * @return Zend_Auth_Adapter_Http Provides a fluent interface */ public function setResponse(Zend_Controller_Response_Http $response) { $this->_response = $response; return $this; } /** * Getter for the Response object * * @return Zend_Controller_Response_Http */ public function getResponse() { return $this->_response; } /** * Authenticate * * @return Zend_Auth_Result * @throws Zend_Auth_Adapter_Exception */ public function authenticate() { if (empty($this->_request) || empty($this->_response)) { /** * @see Zend_Auth_Adapter_Exception */ require_once 'Zend/Auth/Adapter/Exception.php'; throw new Zend_Auth_Adapter_Exception('Request and Response objects must be set before calling ' . 'authenticate()'); } if ($this->_imaProxy) { $getHeader = 'Proxy-Authorization'; } else { $getHeader = 'Authorization'; } $authHeader = $this->_request->getHeader($getHeader); if (!$authHeader) { return $this->_challengeClient(); } list($clientScheme) = explode(' ', $authHeader); $clientScheme = strtolower($clientScheme); if (!in_array($clientScheme, $this->_supportedSchemes)) { $this->_response->setHttpResponseCode(400); return new Zend_Auth_Result( Zend_Auth_Result::FAILURE_UNCATEGORIZED, array(), array('Client requested an unsupported authentication scheme') ); } // The server can issue multiple challenges, but the client should // answer with only one selected auth scheme. switch ($clientScheme) { case 'basic': $result = $this->_basicAuth($authHeader); break; case 'digest': $result = $this->_digestAuth($authHeader); break; default: /** * @see Zend_Auth_Adapter_Exception */ require_once 'Zend/Auth/Adapter/Exception.php'; throw new Zend_Auth_Adapter_Exception('Unsupported authentication scheme'); } return $result; } /** * Challenge Client * * Sets a 401 or 407 Unauthorized response code, and creates the * appropriate Authenticate header(s) to prompt for credentials. * * @return Zend_Auth_Result Always returns a non-identity Auth result⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -