Switch to HTTP Basic Auth

Resolves T115
2016-05-17 22:36:26 +02:00 · 2016-05-17 22:36:26 +02:00 · 5e45579ef1
commit 5e45579ef1
parent 42f1992c97
5 changed files with 19 additions and 88 deletions
--- a/rcc/api/auth/auth.php
+++ b/rcc/api/auth/auth.php
@ -1,39 +1,22 @@
 <?php
 // Marcel Kapfer (mmk2410)
 // License: MIT License
-// api digest auth
+// HTTP Basic Auth for the API

-require 'DigestAuth.php';
+$basedir = "../../../";
+
+require '../../ssl.php';

 require '../../password.php';

-use \mmk2410\rbe\digestAuth\DigestAuth as DigestAuth;
-
-$realm = 'Restricted area';
-
-$users = array($username => $password);
-
-if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+    header('WWW-Authenticate: Basic realm="RCC API"');
    header('HTTP/1.1 401 Unauthorized');
-    header('WWW-Authenticate: Digest realm="'.$realm.
-           '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
-
-    die('Access to RCC API not granted');
-}
-
-
-// analyze the PHP_AUTH_DIGEST variable
-if (!($data = DigestAuth::httpDigestParse($_SERVER['PHP_AUTH_DIGEST'])) ||
-    !isset($users[$data['username']])) {
-    die('Wrong Credentials!');
-}
-
-
-// generate the valid response
-$A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]);
-$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
-$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
-
-if ($data['response'] != $valid_response) {
-    die('Wrong Credentials!');
+    echo "Access denied to the RCC API!";
+    exit;
+} elseif ($_SERVER['PHP_AUTH_USER'] != $username ||
+    !password_verify($_SERVER['PHP_AUTH_PW'], $password)) {
+        header('HTTP/1.1 401 Unauthorized');
+    echo "Wrong credentials: Access denied!";
+    exit;
 }