tweet_live: web/lib/Zend/Auth/Adapter/Http.php@68c69c656a2c (annotated)

0 4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	1	<?php
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	2	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	3	* Zend Framework
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	4	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	5	* LICENSE
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	6	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	7	* This source file is subject to the new BSD license that is bundled
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	8	* with this package in the file LICENSE.txt.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	9	* It is also available through the world-wide-web at this URL:
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	10	* http://framework.zend.com/license/new-bsd
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	11	* If you did not receive a copy of the license and are unable to
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	12	* obtain it through the world-wide-web, please send an email
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	13	* to license@zend.com so we can send you a copy immediately.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	14	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	15	* @category Zend
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	16	* @package Zend_Auth
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	17	* @subpackage Zend_Auth_Adapter_Http
1230 68c69c656a2c upgrade Zend Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: 807 diff changeset	18	* @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
0 4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	19	* @license http://framework.zend.com/license/new-bsd New BSD License
1230 68c69c656a2c upgrade Zend Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: 807 diff changeset	20	* @version $Id$
0 4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	21	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	22
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	23
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	24	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	25	* @see Zend_Auth_Adapter_Interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	26	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	27	require_once 'Zend/Auth/Adapter/Interface.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	28
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	29
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	30	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	31	* HTTP Authentication Adapter
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	32	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	33	* Implements a pretty good chunk of RFC 2617.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	34	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	35	* @category Zend
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	36	* @package Zend_Auth
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	37	* @subpackage Zend_Auth_Adapter_Http
1230 68c69c656a2c upgrade Zend Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: 807 diff changeset	38	* @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
0 4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	39	* @license http://framework.zend.com/license/new-bsd New BSD License
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	40	* @todo Support auth-int
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	41	* @todo Track nonces, nonce-count, opaque for replay protection and stale support
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	42	* @todo Support Authentication-Info header
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	43	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	44	class Zend_Auth_Adapter_Http implements Zend_Auth_Adapter_Interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	45	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	46	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	47	* Reference to the HTTP Request object
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	48	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	49	* @var Zend_Controller_Request_Http
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	50	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	51	protected $_request;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	52
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	53	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	54	* Reference to the HTTP Response object
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	55	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	56	* @var Zend_Controller_Response_Http
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	57	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	58	protected $_response;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	59
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	60	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	61	* Object that looks up user credentials for the Basic scheme
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	62	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	63	* @var Zend_Auth_Adapter_Http_Resolver_Interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	64	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	65	protected $_basicResolver;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	66
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	67	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	68	* Object that looks up user credentials for the Digest scheme
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	69	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	70	* @var Zend_Auth_Adapter_Http_Resolver_Interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	71	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	72	protected $_digestResolver;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	73
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	74	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	75	* List of authentication schemes supported by this class
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	76	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	77	* @var array
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	78	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	79	protected $_supportedSchemes = array('basic', 'digest');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	80
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	81	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	82	* List of schemes this class will accept from the client
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	83	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	84	* @var array
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	85	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	86	protected $_acceptSchemes;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	87
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	88	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	89	* Space-delimited list of protected domains for Digest Auth
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	90	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	91	* @var string
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	92	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	93	protected $_domains;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	94
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	95	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	96	* The protection realm to use
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	97	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	98	* @var string
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	99	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	100	protected $_realm;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	101
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	102	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	103	* Nonce timeout period
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	104	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	105	* @var integer
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	106	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	107	protected $_nonceTimeout;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	108
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	109	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	110	* Whether to send the opaque value in the header. True by default
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	111	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	112	* @var boolean
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	113	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	114	protected $_useOpaque;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	115
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	116	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	117	* List of the supported digest algorithms. I want to support both MD5 and
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	118	* MD5-sess, but MD5-sess won't make it into the first version.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	119	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	120	* @var array
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	121	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	122	protected $_supportedAlgos = array('MD5');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	123
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	124	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	125	* The actual algorithm to use. Defaults to MD5
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	126	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	127	* @var string
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	128	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	129	protected $_algo;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	130
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	131	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	132	* List of supported qop options. My intetion is to support both 'auth' and
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	133	* 'auth-int', but 'auth-int' won't make it into the first version.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	134	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	135	* @var array
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	136	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	137	protected $_supportedQops = array('auth');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	138
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	139	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	140	* Whether or not to do Proxy Authentication instead of origin server
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	141	* authentication (send 407's instead of 401's). Off by default.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	142	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	143	* @var boolean
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	144	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	145	protected $_imaProxy;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	146
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	147	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	148	* Flag indicating the client is IE and didn't bother to return the opaque string
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	149	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	150	* @var boolean
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	151	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	152	protected $_ieNoOpaque;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	153
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	154	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	155	* Constructor
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	156	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	157	* @param array $config Configuration settings:
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	158	* 'accept_schemes' => 'basic'\|'digest'\|'basic digest'
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	159	* 'realm' => <string>
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	160	* 'digest_domains' => <string> Space-delimited list of URIs
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	161	* 'nonce_timeout' => <int>
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	162	* 'use_opaque' => <bool> Whether to send the opaque value in the header
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	163	* 'alogrithm' => <string> See $_supportedAlgos. Default: MD5
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	164	* 'proxy_auth' => <bool> Whether to do authentication as a Proxy
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	165	* @throws Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	166	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	167	public function __construct(array $config)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	168	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	169	if (!extension_loaded('hash')) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	170	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	171	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	172	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	173	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	174	throw new Zend_Auth_Adapter_Exception(__CLASS__ . ' requires the \'hash\' extension');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	175	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	176
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	177	$this->_request = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	178	$this->_response = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	179	$this->_ieNoOpaque = false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	180
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	181
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	182	if (empty($config['accept_schemes'])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	183	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	184	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	185	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	186	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	187	throw new Zend_Auth_Adapter_Exception('Config key \'accept_schemes\' is required');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	188	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	189
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	190	$schemes = explode(' ', $config['accept_schemes']);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	191	$this->_acceptSchemes = array_intersect($schemes, $this->_supportedSchemes);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	192	if (empty($this->_acceptSchemes)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	193	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	194	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	195	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	196	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	197	throw new Zend_Auth_Adapter_Exception('No supported schemes given in \'accept_schemes\'. Valid values: '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	198	. implode(', ', $this->_supportedSchemes));
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	199	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	200
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	201	// Double-quotes are used to delimit the realm string in the HTTP header,
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	202	// and colons are field delimiters in the password file.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	203	if (empty($config['realm']) \|\|
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	204	!ctype_print($config['realm']) \|\|
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	205	strpos($config['realm'], ':') !== false \|\|
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	206	strpos($config['realm'], '"') !== false) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	207	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	208	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	209	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	210	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	211	throw new Zend_Auth_Adapter_Exception('Config key \'realm\' is required, and must contain only printable '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	212	. 'characters, excluding quotation marks and colons');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	213	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	214	$this->_realm = $config['realm'];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	215	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	216
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	217	if (in_array('digest', $this->_acceptSchemes)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	218	if (empty($config['digest_domains']) \|\|
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	219	!ctype_print($config['digest_domains']) \|\|
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	220	strpos($config['digest_domains'], '"') !== false) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	221	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	222	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	223	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	224	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	225	throw new Zend_Auth_Adapter_Exception('Config key \'digest_domains\' is required, and must contain '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	226	. 'only printable characters, excluding quotation marks');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	227	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	228	$this->_domains = $config['digest_domains'];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	229	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	230
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	231	if (empty($config['nonce_timeout']) \|\|
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	232	!is_numeric($config['nonce_timeout'])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	233	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	234	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	235	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	236	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	237	throw new Zend_Auth_Adapter_Exception('Config key \'nonce_timeout\' is required, and must be an '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	238	. 'integer');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	239	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	240	$this->_nonceTimeout = (int) $config['nonce_timeout'];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	241	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	242
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	243	// We use the opaque value unless explicitly told not to
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	244	if (isset($config['use_opaque']) && false == (bool) $config['use_opaque']) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	245	$this->_useOpaque = false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	246	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	247	$this->_useOpaque = true;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	248	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	249
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	250	if (isset($config['algorithm']) && in_array($config['algorithm'], $this->_supportedAlgos)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	251	$this->_algo = $config['algorithm'];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	252	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	253	$this->_algo = 'MD5';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	254	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	255	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	256
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	257	// Don't be a proxy unless explicitly told to do so
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	258	if (isset($config['proxy_auth']) && true == (bool) $config['proxy_auth']) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	259	$this->_imaProxy = true; // I'm a Proxy
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	260	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	261	$this->_imaProxy = false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	262	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	263	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	264
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	265	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	266	* Setter for the _basicResolver property
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	267	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	268	* @param Zend_Auth_Adapter_Http_Resolver_Interface $resolver
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	269	* @return Zend_Auth_Adapter_Http Provides a fluent interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	270	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	271	public function setBasicResolver(Zend_Auth_Adapter_Http_Resolver_Interface $resolver)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	272	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	273	$this->_basicResolver = $resolver;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	274
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	275	return $this;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	276	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	277
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	278	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	279	* Getter for the _basicResolver property
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	280	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	281	* @return Zend_Auth_Adapter_Http_Resolver_Interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	282	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	283	public function getBasicResolver()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	284	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	285	return $this->_basicResolver;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	286	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	287
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	288	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	289	* Setter for the _digestResolver property
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	290	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	291	* @param Zend_Auth_Adapter_Http_Resolver_Interface $resolver
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	292	* @return Zend_Auth_Adapter_Http Provides a fluent interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	293	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	294	public function setDigestResolver(Zend_Auth_Adapter_Http_Resolver_Interface $resolver)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	295	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	296	$this->_digestResolver = $resolver;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	297
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	298	return $this;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	299	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	300
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	301	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	302	* Getter for the _digestResolver property
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	303	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	304	* @return Zend_Auth_Adapter_Http_Resolver_Interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	305	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	306	public function getDigestResolver()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	307	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	308	return $this->_digestResolver;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	309	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	310
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	311	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	312	* Setter for the Request object
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	313	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	314	* @param Zend_Controller_Request_Http $request
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	315	* @return Zend_Auth_Adapter_Http Provides a fluent interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	316	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	317	public function setRequest(Zend_Controller_Request_Http $request)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	318	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	319	$this->_request = $request;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	320
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	321	return $this;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	322	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	323
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	324	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	325	* Getter for the Request object
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	326	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	327	* @return Zend_Controller_Request_Http
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	328	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	329	public function getRequest()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	330	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	331	return $this->_request;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	332	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	333
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	334	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	335	* Setter for the Response object
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	336	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	337	* @param Zend_Controller_Response_Http $response
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	338	* @return Zend_Auth_Adapter_Http Provides a fluent interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	339	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	340	public function setResponse(Zend_Controller_Response_Http $response)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	341	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	342	$this->_response = $response;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	343
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	344	return $this;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	345	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	346
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	347	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	348	* Getter for the Response object
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	349	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	350	* @return Zend_Controller_Response_Http
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	351	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	352	public function getResponse()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	353	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	354	return $this->_response;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	355	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	356
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	357	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	358	* Authenticate
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	359	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	360	* @throws Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	361	* @return Zend_Auth_Result
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	362	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	363	public function authenticate()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	364	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	365	if (empty($this->_request) \|\|
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	366	empty($this->_response)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	367	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	368	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	369	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	370	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	371	throw new Zend_Auth_Adapter_Exception('Request and Response objects must be set before calling '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	372	. 'authenticate()');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	373	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	374
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	375	if ($this->_imaProxy) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	376	$getHeader = 'Proxy-Authorization';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	377	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	378	$getHeader = 'Authorization';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	379	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	380
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	381	$authHeader = $this->_request->getHeader($getHeader);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	382	if (!$authHeader) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	383	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	384	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	385
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	386	list($clientScheme) = explode(' ', $authHeader);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	387	$clientScheme = strtolower($clientScheme);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	388
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	389	// The server can issue multiple challenges, but the client should
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	390	// answer with only the selected auth scheme.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	391	if (!in_array($clientScheme, $this->_supportedSchemes)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	392	$this->_response->setHttpResponseCode(400);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	393	return new Zend_Auth_Result(
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	394	Zend_Auth_Result::FAILURE_UNCATEGORIZED,
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	395	array(),
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	396	array('Client requested an incorrect or unsupported authentication scheme')
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	397	);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	398	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	399
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	400	// client sent a scheme that is not the one required
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	401	if (!in_array($clientScheme, $this->_acceptSchemes)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	402	// challenge again the client
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	403	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	404	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	405
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	406	switch ($clientScheme) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	407	case 'basic':
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	408	$result = $this->_basicAuth($authHeader);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	409	break;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	410	case 'digest':
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	411	$result = $this->_digestAuth($authHeader);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	412	break;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	413	default:
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	414	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	415	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	416	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	417	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	418	throw new Zend_Auth_Adapter_Exception('Unsupported authentication scheme');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	419	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	420
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	421	return $result;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	422	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	423
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	424	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	425	* Challenge Client
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	426	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	427	* Sets a 401 or 407 Unauthorized response code, and creates the
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	428	* appropriate Authenticate header(s) to prompt for credentials.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	429	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	430	* @return Zend_Auth_Result Always returns a non-identity Auth result
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	431	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	432	protected function _challengeClient()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	433	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	434	if ($this->_imaProxy) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	435	$statusCode = 407;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	436	$headerName = 'Proxy-Authenticate';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	437	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	438	$statusCode = 401;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	439	$headerName = 'WWW-Authenticate';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	440	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	441
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	442	$this->_response->setHttpResponseCode($statusCode);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	443
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	444	// Send a challenge in each acceptable authentication scheme
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	445	if (in_array('basic', $this->_acceptSchemes)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	446	$this->_response->setHeader($headerName, $this->_basicHeader());
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	447	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	448	if (in_array('digest', $this->_acceptSchemes)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	449	$this->_response->setHeader($headerName, $this->_digestHeader());
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	450	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	451	return new Zend_Auth_Result(
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	452	Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID,
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	453	array(),
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	454	array('Invalid or absent credentials; challenging client')
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	455	);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	456	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	457
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	458	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	459	* Basic Header
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	460	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	461	* Generates a Proxy- or WWW-Authenticate header value in the Basic
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	462	* authentication scheme.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	463	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	464	* @return string Authenticate header value
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	465	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	466	protected function _basicHeader()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	467	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	468	return 'Basic realm="' . $this->_realm . '"';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	469	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	470
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	471	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	472	* Digest Header
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	473	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	474	* Generates a Proxy- or WWW-Authenticate header value in the Digest
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	475	* authentication scheme.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	476	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	477	* @return string Authenticate header value
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	478	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	479	protected function _digestHeader()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	480	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	481	$wwwauth = 'Digest realm="' . $this->_realm . '", '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	482	. 'domain="' . $this->_domains . '", '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	483	. 'nonce="' . $this->_calcNonce() . '", '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	484	. ($this->_useOpaque ? 'opaque="' . $this->_calcOpaque() . '", ' : '')
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	485	. 'algorithm="' . $this->_algo . '", '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	486	. 'qop="' . implode(',', $this->_supportedQops) . '"';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	487
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	488	return $wwwauth;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	489	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	490
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	491	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	492	* Basic Authentication
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	493	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	494	* @param string $header Client's Authorization header
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	495	* @throws Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	496	* @return Zend_Auth_Result
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	497	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	498	protected function _basicAuth($header)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	499	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	500	if (empty($header)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	501	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	502	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	503	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	504	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	505	throw new Zend_Auth_Adapter_Exception('The value of the client Authorization header is required');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	506	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	507	if (empty($this->_basicResolver)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	508	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	509	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	510	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	511	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	512	throw new Zend_Auth_Adapter_Exception('A basicResolver object must be set before doing Basic '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	513	. 'authentication');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	514	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	515
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	516	// Decode the Authorization header
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	517	$auth = substr($header, strlen('Basic '));
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	518	$auth = base64_decode($auth);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	519	if (!$auth) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	520	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	521	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	522	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	523	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	524	throw new Zend_Auth_Adapter_Exception('Unable to base64_decode Authorization header value');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	525	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	526
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	527	// See ZF-1253. Validate the credentials the same way the digest
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	528	// implementation does. If invalid credentials are detected,
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	529	// re-challenge the client.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	530	if (!ctype_print($auth)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	531	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	532	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	533	// Fix for ZF-1515: Now re-challenges on empty username or password
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	534	$creds = array_filter(explode(':', $auth));
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	535	if (count($creds) != 2) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	536	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	537	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	538
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	539	$password = $this->_basicResolver->resolve($creds[0], $this->_realm);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	540	if ($password && $this->_secureStringCompare($password, $creds[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	541	$identity = array('username'=>$creds[0], 'realm'=>$this->_realm);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	542	return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	543	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	544	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	545	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	546	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	547
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	548	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	549	* Digest Authentication
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	550	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	551	* @param string $header Client's Authorization header
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	552	* @throws Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	553	* @return Zend_Auth_Result Valid auth result only on successful auth
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	554	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	555	protected function _digestAuth($header)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	556	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	557	if (empty($header)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	558	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	559	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	560	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	561	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	562	throw new Zend_Auth_Adapter_Exception('The value of the client Authorization header is required');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	563	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	564	if (empty($this->_digestResolver)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	565	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	566	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	567	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	568	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	569	throw new Zend_Auth_Adapter_Exception('A digestResolver object must be set before doing Digest authentication');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	570	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	571
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	572	$data = $this->_parseDigestAuth($header);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	573	if ($data === false) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	574	$this->_response->setHttpResponseCode(400);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	575	return new Zend_Auth_Result(
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	576	Zend_Auth_Result::FAILURE_UNCATEGORIZED,
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	577	array(),
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	578	array('Invalid Authorization header format')
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	579	);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	580	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	581
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	582	// See ZF-1052. This code was a bit too unforgiving of invalid
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	583	// usernames. Now, if the username is bad, we re-challenge the client.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	584	if ('::invalid::' == $data['username']) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	585	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	586	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	587
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	588	// Verify that the client sent back the same nonce
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	589	if ($this->_calcNonce() != $data['nonce']) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	590	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	591	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	592	// The opaque value is also required to match, but of course IE doesn't
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	593	// play ball.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	594	if (!$this->_ieNoOpaque && $this->_calcOpaque() != $data['opaque']) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	595	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	596	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	597
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	598	// Look up the user's password hash. If not found, deny access.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	599	// This makes no assumptions about how the password hash was
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	600	// constructed beyond that it must have been built in such a way as
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	601	// to be recreatable with the current settings of this object.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	602	$ha1 = $this->_digestResolver->resolve($data['username'], $data['realm']);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	603	if ($ha1 === false) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	604	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	605	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	606
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	607	// If MD5-sess is used, a1 value is made of the user's password
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	608	// hash with the server and client nonce appended, separated by
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	609	// colons.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	610	if ($this->_algo == 'MD5-sess') {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	611	$ha1 = hash('md5', $ha1 . ':' . $data['nonce'] . ':' . $data['cnonce']);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	612	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	613
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	614	// Calculate h(a2). The value of this hash depends on the qop
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	615	// option selected by the client and the supported hash functions
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	616	switch ($data['qop']) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	617	case 'auth':
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	618	$a2 = $this->_request->getMethod() . ':' . $data['uri'];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	619	break;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	620	case 'auth-int':
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	621	// Should be REQUEST_METHOD . ':' . uri . ':' . hash(entity-body),
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	622	// but this isn't supported yet, so fall through to default case
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	623	default:
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	624	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	625	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	626	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	627	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	628	throw new Zend_Auth_Adapter_Exception('Client requested an unsupported qop option');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	629	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	630	// Using hash() should make parameterizing the hash algorithm
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	631	// easier
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	632	$ha2 = hash('md5', $a2);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	633
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	634
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	635	// Calculate the server's version of the request-digest. This must
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	636	// match $data['response']. See RFC 2617, section 3.2.2.1
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	637	$message = $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $ha2;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	638	$digest = hash('md5', $ha1 . ':' . $message);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	639
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	640	// If our digest matches the client's let them in, otherwise return
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	641	// a 401 code and exit to prevent access to the protected resource.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	642	if ($this->_secureStringCompare($digest, $data['response'])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	643	$identity = array('username'=>$data['username'], 'realm'=>$data['realm']);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	644	return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	645	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	646	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	647	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	648	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	649
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	650	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	651	* Calculate Nonce
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	652	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	653	* @return string The nonce value
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	654	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	655	protected function _calcNonce()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	656	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	657	// Once subtle consequence of this timeout calculation is that it
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	658	// actually divides all of time into _nonceTimeout-sized sections, such
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	659	// that the value of timeout is the point in time of the next
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	660	// approaching "boundary" of a section. This allows the server to
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	661	// consistently generate the same timeout (and hence the same nonce
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	662	// value) across requests, but only as long as one of those
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	663	// "boundaries" is not crossed between requests. If that happens, the
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	664	// nonce will change on its own, and effectively log the user out. This
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	665	// would be surprising if the user just logged in.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	666	$timeout = ceil(time() / $this->_nonceTimeout) * $this->_nonceTimeout;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	667
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	668	$nonce = hash('md5', $timeout . ':' . $this->_request->getServer('HTTP_USER_AGENT') . ':' . __CLASS__);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	669	return $nonce;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	670	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	671
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	672	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	673	* Calculate Opaque
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	674	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	675	* The opaque string can be anything; the client must return it exactly as
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	676	* it was sent. It may be useful to store data in this string in some
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	677	* applications. Ideally, a new value for this would be generated each time
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	678	* a WWW-Authenticate header is sent (in order to reduce predictability),
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	679	* but we would have to be able to create the same exact value across at
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	680	* least two separate requests from the same client.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	681	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	682	* @return string The opaque value
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	683	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	684	protected function _calcOpaque()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	685	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	686	return hash('md5', 'Opaque Data:' . __CLASS__);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	687	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	688
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	689	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	690	* Parse Digest Authorization header
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	691	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	692	* @param string $header Client's Authorization: HTTP header
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	693	* @return array\|false Data elements from header, or false if any part of
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	694	* the header is invalid
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	695	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	696	protected function _parseDigestAuth($header)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	697	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	698	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	699	$data = array();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	700
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	701	// See ZF-1052. Detect invalid usernames instead of just returning a
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	702	// 400 code.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	703	$ret = preg_match('/username="([^"]+)"/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	704	if (!$ret \|\| empty($temp[1])
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	705	\|\| !ctype_print($temp[1])
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	706	\|\| strpos($temp[1], ':') !== false) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	707	$data['username'] = '::invalid::';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	708	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	709	$data['username'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	710	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	711	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	712
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	713	$ret = preg_match('/realm="([^"]+)"/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	714	if (!$ret \|\| empty($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	715	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	716	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	717	if (!ctype_print($temp[1]) \|\| strpos($temp[1], ':') !== false) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	718	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	719	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	720	$data['realm'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	721	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	722	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	723
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	724	$ret = preg_match('/nonce="([^"]+)"/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	725	if (!$ret \|\| empty($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	726	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	727	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	728	if (!ctype_xdigit($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	729	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	730	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	731	$data['nonce'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	732	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	733	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	734
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	735	$ret = preg_match('/uri="([^"]+)"/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	736	if (!$ret \|\| empty($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	737	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	738	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	739	// Section 3.2.2.5 in RFC 2617 says the authenticating server must
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	740	// verify that the URI field in the Authorization header is for the
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	741	// same resource requested in the Request Line.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	742	$rUri = @parse_url($this->_request->getRequestUri());
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	743	$cUri = @parse_url($temp[1]);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	744	if (false === $rUri \|\| false === $cUri) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	745	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	746	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	747	// Make sure the path portion of both URIs is the same
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	748	if ($rUri['path'] != $cUri['path']) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	749	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	750	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	751	// Section 3.2.2.5 seems to suggest that the value of the URI
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	752	// Authorization field should be made into an absolute URI if the
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	753	// Request URI is absolute, but it's vague, and that's a bunch of
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	754	// code I don't want to write right now.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	755	$data['uri'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	756	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	757	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	758
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	759	$ret = preg_match('/response="([^"]+)"/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	760	if (!$ret \|\| empty($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	761	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	762	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	763	if (32 != strlen($temp[1]) \|\| !ctype_xdigit($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	764	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	765	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	766	$data['response'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	767	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	768	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	769
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	770	// The spec says this should default to MD5 if omitted. OK, so how does
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	771	// that square with the algo we send out in the WWW-Authenticate header,
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	772	// if it can easily be overridden by the client?
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	773	$ret = preg_match('/algorithm="?(' . $this->_algo . ')"?/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	774	if ($ret && !empty($temp[1])
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	775	&& in_array($temp[1], $this->_supportedAlgos)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	776	$data['algorithm'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	777	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	778	$data['algorithm'] = 'MD5'; // = $this->_algo; ?
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	779	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	780	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	781
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	782	// Not optional in this implementation
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	783	$ret = preg_match('/cnonce="([^"]+)"/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	784	if (!$ret \|\| empty($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	785	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	786	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	787	if (!ctype_print($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	788	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	789	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	790	$data['cnonce'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	791	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	792	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	793
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	794	// If the server sent an opaque value, the client must send it back
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	795	if ($this->_useOpaque) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	796	$ret = preg_match('/opaque="([^"]+)"/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	797	if (!$ret \|\| empty($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	798
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	799	// Big surprise: IE isn't RFC 2617-compliant.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	800	if (false !== strpos($this->_request->getHeader('User-Agent'), 'MSIE')) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	801	$temp[1] = '';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	802	$this->_ieNoOpaque = true;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	803	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	804	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	805	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	806	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	807	// This implementation only sends MD5 hex strings in the opaque value
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	808	if (!$this->_ieNoOpaque &&
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	809	(32 != strlen($temp[1]) \|\| !ctype_xdigit($temp[1]))) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	810	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	811	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	812	$data['opaque'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	813	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	814	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	815	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	816
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	817	// Not optional in this implementation, but must be one of the supported
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	818	// qop types
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	819	$ret = preg_match('/qop="?(' . implode('\|', $this->_supportedQops) . ')"?/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	820	if (!$ret \|\| empty($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	821	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	822	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	823	if (!in_array($temp[1], $this->_supportedQops)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	824	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	825	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	826	$data['qop'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	827	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	828	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	829
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	830	// Not optional in this implementation. The spec says this value
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	831	// shouldn't be a quoted string, but apparently some implementations
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	832	// quote it anyway. See ZF-1544.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	833	$ret = preg_match('/nc="?([0-9A-Fa-f]{8})"?/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	834	if (!$ret \|\| empty($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	835	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	836	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	837	if (8 != strlen($temp[1]) \|\| !ctype_xdigit($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	838	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	839	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	840	$data['nc'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	841	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	842	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	843
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	844	return $data;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	845	}
807 877f952ae2bd update Zend and twitter oauth end point Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: 207 diff changeset	846
0 4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	847	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	848	* Securely compare two strings for equality while avoided C level memcmp()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	849	* optimisations capable of leaking timing information useful to an attacker
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	850	* attempting to iteratively guess the unknown string (e.g. password) being
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	851	* compared against.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	852	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	853	* @param string $a
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	854	* @param string $b
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	855	* @return bool
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	856	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	857	protected function _secureStringCompare($a, $b)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	858	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	859	if (strlen($a) !== strlen($b)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	860	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	861	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	862	$result = 0;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	863	for ($i = 0; $i < strlen($a); $i++) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	864	$result \|= ord($a[$i]) ^ ord($b[$i]);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	865	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	866	return $result == 0;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	867	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	868	}

author	Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com>
	Thu, 07 May 2015 15:16:02 +0200
changeset 1230	68c69c656a2c
parent 807	877f952ae2bd
permissions	-rw-r--r--