Digest
extends AbstractAuth
in package
HTTP Digest Authentication handler.
Use this class for easy http digest authentication. Instructions:
- Create the object
- Call the setRealm() method with the realm you plan to use
- Call the init method function.
- Call the getUserName() function. This function may return null if no authentication information was supplied. Based on the username you should check your internal database for either the associated password, or the so-called A1 hash of the digest.
- Call either validatePassword() or validateA1(). This will return true or false.
- To make sure an authentication prompt is displayed, call the requireLogin() method.
Tags
Table of Contents
- QOP_AUTH = 1
- These constants are used in setQOP();.
- QOP_AUTHINT = 2
- $A1 : mixed
- $digestParts : mixed
- $nonce : mixed
- $opaque : mixed
- $qop : mixed
- $realm : string
- Authentication realm.
- $request : RequestInterface
- Request object.
- $response : ResponseInterface
- Response object.
- __construct() : mixed
- Initializes the object.
- getDigest() : mixed
- This method returns the full digest string.
- getRealm() : string
- Returns the HTTP realm.
- getUsername() : string|null
- Returns the username for the request.
- init() : mixed
- Gathers all information from the headers.
- requireLogin() : mixed
- Returns an HTTP 401 header, forcing login.
- setQOP() : mixed
- Sets the quality of protection value.
- validateA1() : bool
- Validates the user.
- validatePassword() : bool
- Validates authentication through a password. The actual password must be provided here.
- parseDigest() : bool|array<string|int, mixed>
- Parses the different pieces of the digest string into an array.
- validate() : bool
- Validates the digest challenge.
Constants
QOP_AUTH
These constants are used in setQOP();.
public
mixed
QOP_AUTH
= 1
QOP_AUTHINT
public
mixed
QOP_AUTHINT
= 2
Properties
$A1
protected
mixed
$A1
$digestParts
protected
mixed
$digestParts
$nonce
protected
mixed
$nonce
$opaque
protected
mixed
$opaque
$qop
protected
mixed
$qop
= self::QOP_AUTH
$realm
Authentication realm.
protected
string
$realm
$request
Request object.
protected
RequestInterface
$request
$response
Response object.
protected
ResponseInterface
$response
Methods
__construct()
Initializes the object.
public
__construct([string $realm = 'SabreTooth' ], RequestInterface $request, ResponseInterface $response) : mixed
Parameters
- $realm : string = 'SabreTooth'
- $request : RequestInterface
- $response : ResponseInterface
Return values
mixed —getDigest()
This method returns the full digest string.
public
getDigest() : mixed
It should be compatibile with mod_php format and other webservers.
If the header could not be found, null will be returned
Return values
mixed —getRealm()
Returns the HTTP realm.
public
getRealm() : string
Return values
string —getUsername()
Returns the username for the request.
public
getUsername() : string|null
Returns null if there were none.
Return values
string|null —init()
Gathers all information from the headers.
public
init() : mixed
This method needs to be called prior to anything else.
Return values
mixed —requireLogin()
Returns an HTTP 401 header, forcing login.
public
requireLogin() : mixed
This should be called when username and password are incorrect, or not supplied at all
Return values
mixed —setQOP()
Sets the quality of protection value.
public
setQOP(int $qop) : mixed
Possible values are: Sabre\HTTP\DigestAuth::QOP_AUTH Sabre\HTTP\DigestAuth::QOP_AUTHINT
Multiple values can be specified using logical OR.
QOP_AUTHINT ensures integrity of the request body, but this is not supported by most HTTP clients. QOP_AUTHINT also requires the entire request body to be md5'ed, which can put strains on CPU and memory.
Parameters
- $qop : int
Return values
mixed —validateA1()
Validates the user.
public
validateA1(string $A1) : bool
The A1 parameter should be md5($username . ':' . $realm . ':' . $password);
Parameters
- $A1 : string
Return values
bool —validatePassword()
Validates authentication through a password. The actual password must be provided here.
public
validatePassword(string $password) : bool
It is strongly recommended not store the password in plain-text and use validateA1 instead.
Parameters
- $password : string
Return values
bool —parseDigest()
Parses the different pieces of the digest string into an array.
protected
parseDigest(string $digest) : bool|array<string|int, mixed>
This method returns false if an incomplete digest was supplied
Parameters
- $digest : string
Return values
bool|array<string|int, mixed> —validate()
Validates the digest challenge.
protected
validate() : bool