From 4e91eeb3abefaa8b77549f963447ef95bead3cc4 Mon Sep 17 00:00:00 2001 From: "Marcel Kapfer (mmk2410)" Date: Mon, 18 Apr 2016 17:30:12 +0200 Subject: [PATCH] API: Auth implementation --- composer.lock | 53 +++++++++++++++++++++++++++++++++++-- rcc/api/auth/DigestAuth.php | 52 ++++++++++++++++++++++++++++++++++++ rcc/api/auth/auth.php | 38 ++++++++++++++++++++++++++ rcc/api/list/index.php | 2 ++ rcc/api/media/index.php | 2 ++ rcc/api/post/index.php | 2 ++ 6 files changed, 147 insertions(+), 2 deletions(-) create mode 100644 rcc/api/auth/DigestAuth.php create mode 100644 rcc/api/auth/auth.php diff --git a/composer.lock b/composer.lock index fc3ae67..278d103 100644 --- a/composer.lock +++ b/composer.lock @@ -4,9 +4,58 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "hash": "4c701c9d01392fc6ae8ab2c7417f2290", - "content-hash": "ccdcfdb56ed68253e2388261fbb6d1b3", + "hash": "bf0772b9501ce6231c06bfbcdb671d1d", + "content-hash": "49b3f5550e60b62ffeb5306a75a87d97", "packages": [ + { + "name": "bshaffer/oauth2-server-php", + "version": "v1.8.0", + "source": { + "type": "git", + "url": "https://github.com/bshaffer/oauth2-server-php.git", + "reference": "058c98f73209f9c49495e1799d32c035196fe8b8" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/bshaffer/oauth2-server-php/zipball/058c98f73209f9c49495e1799d32c035196fe8b8", + "reference": "058c98f73209f9c49495e1799d32c035196fe8b8", + "shasum": "" + }, + "require": { + "php": ">=5.3.9" + }, + "suggest": { + "aws/aws-sdk-php": "~2.8 is required to use the DynamoDB storage engine", + "firebase/php-jwt": "~2.2 is required to use JWT features", + "predis/predis": "Required to use the Redis storage engine", + "thobbs/phpcassa": "Required to use the Cassandra storage engine" + }, + "type": "library", + "autoload": { + "psr-0": { + "OAuth2": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Brent Shaffer", + "email": "bshafs@gmail.com", + "homepage": "http://brentertainment.com" + } + ], + "description": "OAuth2 Server for PHP", + "homepage": "http://github.com/bshaffer/oauth2-server-php", + "keywords": [ + "auth", + "oauth", + "oauth2" + ], + "time": "2015-09-18 18:05:10" + }, { "name": "codeguy/upload", "version": "1.3.2", diff --git a/rcc/api/auth/DigestAuth.php b/rcc/api/auth/DigestAuth.php new file mode 100644 index 0000000..ed3ea1d --- /dev/null +++ b/rcc/api/auth/DigestAuth.php @@ -0,0 +1,52 @@ + + * @license MIT License + * @link http://marcel-kapfer.de/rangitaki + */ +namespace mmk2410\rbe\digestAuth; + +/** + * PHP Version 7 + * + * Authentication Helper Class + * + * @category Authentication + * @package Rbe + * @author Marcel Kapfer (mmk2410) + * @license MIT License + * @link http://marcel-kapfer.de/rangitaki + */ +class DigestAuth +{ + + /** + * parser for http digest + * + * @param $txt data to parse + * + * @return parsed data or FALSE + */ + public function httpDigestParse($txt) + { + // protect against missing data + $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1); + $data = array(); + $keys = implode('|', array_keys($needed_parts)); + + preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER); + + foreach ($matches as $m) { + $data[$m[1]] = $m[3] ? $m[3] : $m[4]; + unset($needed_parts[$m[1]]); + } + + return $needed_parts ? false : $data; + } +} diff --git a/rcc/api/auth/auth.php b/rcc/api/auth/auth.php new file mode 100644 index 0000000..001c312 --- /dev/null +++ b/rcc/api/auth/auth.php @@ -0,0 +1,38 @@ + password +$users = array('admin' => 'mypass', 'guest' => 'guest'); + +if (empty($_SERVER['PHP_AUTH_DIGEST'])) { + header('HTTP/1.1 401 Unauthorized'); + header('WWW-Authenticate: Digest realm="'.$realm. + '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"'); + + die('Access to RCC API not granted'); +} + + +// analyze the PHP_AUTH_DIGEST variable +if (!($data = DigestAuth::httpDigestParse($_SERVER['PHP_AUTH_DIGEST'])) || + !isset($users[$data['username']])) { + die('Wrong Credentials!'); +} + + +// generate the valid response +$A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]); +$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']); +$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2); + +if ($data['response'] != $valid_response) { + die('Wrong Credentials!'); +} diff --git a/rcc/api/list/index.php b/rcc/api/list/index.php index b55e919..287f073 100644 --- a/rcc/api/list/index.php +++ b/rcc/api/list/index.php @@ -9,6 +9,8 @@ use \Psr\Http\Message\ResponseInterface as Response; require '../../../vendor/autoload.php'; require '../../../res/php/Config.php'; +include '../auth/auth.php'; + use \mmk2410\rbe\config\Config as Config; $config = new Config("../../../config.yaml", '../../../vendor/autoload.php'); diff --git a/rcc/api/media/index.php b/rcc/api/media/index.php index 6efca5f..fd6804c 100644 --- a/rcc/api/media/index.php +++ b/rcc/api/media/index.php @@ -10,6 +10,8 @@ require '../../../vendor/autoload.php'; require '../../../res/php/Config.php'; require '../../../res/php/ArticleGenerator.php'; +include '../auth/auth.php'; + use \mmk2410\rbe\config\Config as Config; $config = new Config("../../../config.yaml", '../../../vendor/autoload.php'); diff --git a/rcc/api/post/index.php b/rcc/api/post/index.php index 9c4c67b..cc04e70 100644 --- a/rcc/api/post/index.php +++ b/rcc/api/post/index.php @@ -10,6 +10,8 @@ require '../../../vendor/autoload.php'; require '../../../res/php/Config.php'; require '../../../res/php/ArticleGenerator.php'; +include '../auth/auth.php'; + use \mmk2410\rbe\config\Config as Config; $config = new Config("../../../config.yaml", '../../../vendor/autoload.php');