diff -r 000000000000 -r 4eba9c11703f web/Zend/Auth/Adapter/Http/Resolver/File.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/web/Zend/Auth/Adapter/Http/Resolver/File.php Mon Dec 13 18:29:26 2010 +0100 @@ -0,0 +1,167 @@ +setFile($path); + } + } + + /** + * Set the path to the credentials file + * + * @param string $path + * @throws Zend_Auth_Adapter_Http_Resolver_Exception + * @return Zend_Auth_Adapter_Http_Resolver_File Provides a fluent interface + */ + public function setFile($path) + { + if (empty($path) || !is_readable($path)) { + /** + * @see Zend_Auth_Adapter_Http_Resolver_Exception + */ + require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php'; + throw new Zend_Auth_Adapter_Http_Resolver_Exception('Path not readable: ' . $path); + } + $this->_file = $path; + + return $this; + } + + /** + * Returns the path to the credentials file + * + * @return string + */ + public function getFile() + { + return $this->_file; + } + + /** + * Resolve credentials + * + * Only the first matching username/realm combination in the file is + * returned. If the file contains credentials for Digest authentication, + * the returned string is the password hash, or h(a1) from RFC 2617. The + * returned string is the plain-text password for Basic authentication. + * + * The expected format of the file is: + * username:realm:sharedSecret + * + * That is, each line consists of the user's username, the applicable + * authentication realm, and the password or hash, each delimited by + * colons. + * + * @param string $username Username + * @param string $realm Authentication Realm + * @throws Zend_Auth_Adapter_Http_Resolver_Exception + * @return string|false User's shared secret, if the user is found in the + * realm, false otherwise. + */ + public function resolve($username, $realm) + { + if (empty($username)) { + /** + * @see Zend_Auth_Adapter_Http_Resolver_Exception + */ + require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php'; + throw new Zend_Auth_Adapter_Http_Resolver_Exception('Username is required'); + } else if (!ctype_print($username) || strpos($username, ':') !== false) { + /** + * @see Zend_Auth_Adapter_Http_Resolver_Exception + */ + require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php'; + throw new Zend_Auth_Adapter_Http_Resolver_Exception('Username must consist only of printable characters, ' + . 'excluding the colon'); + } + if (empty($realm)) { + /** + * @see Zend_Auth_Adapter_Http_Resolver_Exception + */ + require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php'; + throw new Zend_Auth_Adapter_Http_Resolver_Exception('Realm is required'); + } else if (!ctype_print($realm) || strpos($realm, ':') !== false) { + /** + * @see Zend_Auth_Adapter_Http_Resolver_Exception + */ + require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php'; + throw new Zend_Auth_Adapter_Http_Resolver_Exception('Realm must consist only of printable characters, ' + . 'excluding the colon.'); + } + + // Open file, read through looking for matching credentials + $fp = @fopen($this->_file, 'r'); + if (!$fp) { + /** + * @see Zend_Auth_Adapter_Http_Resolver_Exception + */ + require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php'; + throw new Zend_Auth_Adapter_Http_Resolver_Exception('Unable to open password file: ' . $this->_file); + } + + // No real validation is done on the contents of the password file. The + // assumption is that we trust the administrators to keep it secure. + while (($line = fgetcsv($fp, 512, ':')) !== false) { + if ($line[0] == $username && $line[1] == $realm) { + $password = $line[2]; + fclose($fp); + return $password; + } + } + + fclose($fp); + return false; + } +}