Switch to HTTP Basic Auth
Resolves T115
This commit is contained in:
Marcel Kapfer (mmk2410)
parent
42f1992c97
commit
5e45579ef1
5 changed files with 19 additions and 88 deletions
|
|
@ -1,52 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* PHP Version 7
|
||||
*
|
||||
* Authentication Helper Class
|
||||
*
|
||||
* @category Authentication
|
||||
* @package Rbe
|
||||
* @author Marcel Kapfer (mmk2410) <marcelmichaelkapfer@yahoo.co.nz>
|
||||
* @license MIT License
|
||||
* @link http://marcel-kapfer.de/rangitaki
|
||||
*/
|
||||
namespace mmk2410\rbe\digestAuth;
|
||||
|
||||
/**
|
||||
* PHP Version 7
|
||||
*
|
||||
* Authentication Helper Class
|
||||
*
|
||||
* @category Authentication
|
||||
* @package Rbe
|
||||
* @author Marcel Kapfer (mmk2410) <marcelmichaelkapfer@yahoo.co.nz>
|
||||
* @license MIT License
|
||||
* @link http://marcel-kapfer.de/rangitaki
|
||||
*/
|
||||
class DigestAuth
|
||||
{
|
||||
|
||||
/**
|
||||
* parser for http digest
|
||||
*
|
||||
* @param $txt data to parse
|
||||
*
|
||||
* @return parsed data or FALSE
|
||||
*/
|
||||
public function httpDigestParse($txt)
|
||||
{
|
||||
// protect against missing data
|
||||
$needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
|
||||
$data = array();
|
||||
$keys = implode('|', array_keys($needed_parts));
|
||||
|
||||
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
|
||||
|
||||
foreach ($matches as $m) {
|
||||
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
|
||||
unset($needed_parts[$m[1]]);
|
||||
}
|
||||
|
||||
return $needed_parts ? false : $data;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,39 +1,22 @@
|
|||
<?php
|
||||
// Marcel Kapfer (mmk2410)
|
||||
// License: MIT License
|
||||
// api digest auth
|
||||
// HTTP Basic Auth for the API
|
||||
|
||||
require 'DigestAuth.php';
|
||||
$basedir = "../../../";
|
||||
|
||||
require '../../ssl.php';
|
||||
|
||||
require '../../password.php';
|
||||
|
||||
use \mmk2410\rbe\digestAuth\DigestAuth as DigestAuth;
|
||||
|
||||
$realm = 'Restricted area';
|
||||
|
||||
$users = array($username => $password);
|
||||
|
||||
if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
|
||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
header('WWW-Authenticate: Basic realm="RCC API"');
|
||||
header('HTTP/1.1 401 Unauthorized');
|
||||
header('WWW-Authenticate: Digest realm="'.$realm.
|
||||
'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
|
||||
|
||||
die('Access to RCC API not granted');
|
||||
}
|
||||
|
||||
|
||||
// analyze the PHP_AUTH_DIGEST variable
|
||||
if (!($data = DigestAuth::httpDigestParse($_SERVER['PHP_AUTH_DIGEST'])) ||
|
||||
!isset($users[$data['username']])) {
|
||||
die('Wrong Credentials!');
|
||||
}
|
||||
|
||||
|
||||
// generate the valid response
|
||||
$A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]);
|
||||
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
|
||||
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
|
||||
|
||||
if ($data['response'] != $valid_response) {
|
||||
die('Wrong Credentials!');
|
||||
echo "Access denied to the RCC API!";
|
||||
exit;
|
||||
} elseif ($_SERVER['PHP_AUTH_USER'] != $username ||
|
||||
!password_verify($_SERVER['PHP_AUTH_PW'], $password)) {
|
||||
header('HTTP/1.1 401 Unauthorized');
|
||||
echo "Wrong credentials: Access denied!";
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,13 +9,13 @@ use \Psr\Http\Message\ResponseInterface as Response;
|
|||
require '../../../vendor/autoload.php';
|
||||
require '../../../res/php/Config.php';
|
||||
|
||||
include '../auth/auth.php';
|
||||
|
||||
use \mmk2410\rbe\config\Config as Config;
|
||||
|
||||
$config = new Config("../../../config.yaml", '../../../vendor/autoload.php');
|
||||
$settings = $config->getConfig();
|
||||
|
||||
include '../auth/auth.php';
|
||||
|
||||
if ($settings["rcc"]["api"] == "on" && $settings["rcc"]["rcc"] == "on") {
|
||||
$app = new \Slim\App();
|
||||
|
||||
|
|
|
|||
|
|
@ -10,13 +10,13 @@ require '../../../vendor/autoload.php';
|
|||
require '../../../res/php/Config.php';
|
||||
require '../../../res/php/ArticleGenerator.php';
|
||||
|
||||
include '../auth/auth.php';
|
||||
|
||||
use \mmk2410\rbe\config\Config as Config;
|
||||
|
||||
$config = new Config("../../../config.yaml", '../../../vendor/autoload.php');
|
||||
$settings = $config->getConfig();
|
||||
|
||||
include '../auth/auth.php';
|
||||
|
||||
if ($settings["rcc"]["api"] == "on" && $settings["rcc"]["rcc"] == "on") {
|
||||
$app = new \Slim\App();
|
||||
|
||||
|
|
|
|||
|
|
@ -10,13 +10,13 @@ require '../../../vendor/autoload.php';
|
|||
require '../../../res/php/Config.php';
|
||||
require '../../../res/php/ArticleGenerator.php';
|
||||
|
||||
include '../auth/auth.php';
|
||||
|
||||
use \mmk2410\rbe\config\Config as Config;
|
||||
|
||||
$config = new Config("../../../config.yaml", '../../../vendor/autoload.php');
|
||||
$settings = $config->getConfig();
|
||||
|
||||
include '../auth/auth.php';
|
||||
|
||||
if ($settings["rcc"]["api"] == "on" && $settings["rcc"]["rcc"] == "on") {
|
||||
$app = new \Slim\App();
|
||||
|
||||
|
|
|
|||
Reference in a new issue