Helix SwarmHelix Swarm

ApacheResolver.php

  • //
  • guest/
  • thomas_gray/
  • jambox/
  • main/
  • swarm/
  • library/
  • Zend/
  • Authentication/
  • Adapter/
  • Http/
  • ApacheResolver.php #1
  • View
  • Commits
  • Open Download .zip Download (5 KB) 
  1. <?php
  2. /**
  3.  * Zend Framework (http://framework.zend.com/)
  4.  *
  5.  * @link      http://github.com/zendframework/zf2 for the canonical source repository
  6.  * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
  7.  * @license   http://framework.zend.com/license/new-bsd New BSD License
  8.  */
  9.  
  10. namespace Zend\Authentication\Adapter\Http;
  11.  
  12. use Zend\Authentication\Result as AuthResult;
  13. use Zend\Crypt\Password\Apache as ApachePassword;
  14. use Zend\Stdlib\ErrorHandler;
  15.  
  16. /**
  17.  * Apache Authentication Resolver
  18.  *
  19.  * @see http://httpd.apache.org/docs/2.2/misc/password_encryptions.html
  20.  */
  21. class ApacheResolver implements ResolverInterface
  22. {
  23.     /**
  24.      * Path to credentials file
  25.      *
  26.      * @var string
  27.      */
  28.     protected $file;
  29.  
  30.     /**
  31.      * Apache password object
  32.      *
  33.      * @var ApachePassword
  34.      */
  35.     protected $apachePassword;
  36.  
  37.     /**
  38.      * Constructor
  39.      *
  40.      * @param  string $path Complete filename where the credentials are stored
  41.      */
  42.     public function __construct($path = '')
  43.     {
  44.         if (!empty($path)) {
  45.             $this->setFile($path);
  46.         }
  47.     }
  48.  
  49.     /**
  50.      * Set the path to the credentials file
  51.      *
  52.      * @param  string $path
  53.      * @return FileResolver Provides a fluent interface
  54.      * @throws Exception\InvalidArgumentException if path is not readable
  55.      */
  56.     public function setFile($path)
  57.     {
  58.         if (empty($path) || !is_readable($path)) {
  59.             throw new Exception\InvalidArgumentException('Path not readable: ' . $path);
  60.         }
  61.         $this->file = $path;
  62.  
  63.         return $this;
  64.     }
  65.  
  66.     /**
  67.      * Returns the path to the credentials file
  68.      *
  69.      * @return string
  70.      */
  71.     public function getFile()
  72.     {
  73.         return $this->file;
  74.     }
  75.  
  76.     /**
  77.      * Returns the Apache Password object
  78.      *
  79.      * @return ApachePassword
  80.      */
  81.     protected function getApachePassword()
  82.     {
  83.         if (empty($this->apachePassword)) {
  84.             $this->apachePassword = new ApachePassword();
  85.         }
  86.         return $this->apachePassword;
  87.     }
  88.  
  89.     /**
  90.      * Resolve credentials
  91.      *
  92.      *
  93.      *
  94.      * @param  string $username Username
  95.      * @param  string $realm    Authentication Realm
  96.      * @param  string $password The password to authenticate
  97.      * @return AuthResult
  98.      * @throws Exception\ExceptionInterface
  99.      */
  100.     public function resolve($username, $realm, $password = null)
  101.     {
  102.         if (empty($username)) {
  103.             throw new Exception\InvalidArgumentException('Username is required');
  104.         }
  105.  
  106.         if (!ctype_print($username) || strpos($username, ':') !== false) {
  107.             throw new Exception\InvalidArgumentException(
  108.                 'Username must consist only of printable characters, excluding the colon'
  109.             );
  110.         }
  111.  
  112.         if (!empty($realm) && (!ctype_print($realm) || strpos($realm, ':') !== false)) {
  113.             throw new Exception\InvalidArgumentException(
  114.                 'Realm must consist only of printable characters, excluding the colon'
  115.             );
  116.         }
  117.  
  118.         if (empty($password)) {
  119.             throw new Exception\InvalidArgumentException('Password is required');
  120.         }
  121.  
  122.         // Open file, read through looking for matching credentials
  123.         ErrorHandler::start(E_WARNING);
  124.         $fp    = fopen($this->file, 'r');
  125.         $error = ErrorHandler::stop();
  126.         if (!$fp) {
  127.             throw new Exception\RuntimeException('Unable to open password file: ' . $this->file, 0, $error);
  128.         }
  129.  
  130.         // No real validation is done on the contents of the password file. The
  131.         // assumption is that we trust the administrators to keep it secure.
  132.         while (($line = fgetcsv($fp, 512, ':')) !== false) {
  133.             if ($line[0] != $username) {
  134.                 continue;
  135.             }
  136.  
  137.             if (isset($line[2])) {
  138.                 if ($line[1] == $realm) {
  139.                     $matchedHash = $line[2];
  140.                     break;
  141.                 }
  142.                 continue;
  143.             }
  144.  
  145.             $matchedHash = $line[1];
  146.             break;
  147.         }
  148.         fclose($fp);
  149.  
  150.         if (!isset($matchedHash)) {
  151.             return new AuthResult(AuthResult::FAILURE_IDENTITY_NOT_FOUND, null, array('Username not found in provided htpasswd file'));
  152.         }
  153.  
  154.         // Plaintext password
  155.         if ($matchedHash === $password) {
  156.             return new AuthResult(AuthResult::SUCCESS, $username);
  157.         }
  158.  
  159.         $apache = $this->getApachePassword();
  160.         $apache->setUserName($username);
  161.         if (!empty($realm)) {
  162.             $apache->setAuthName($realm);
  163.         }
  164.  
  165.         if ($apache->verify($password, $matchedHash)) {
  166.             return new AuthResult(AuthResult::SUCCESS, $username);
  167.         }
  168.  
  169.         return new AuthResult(AuthResult::FAILURE_CREDENTIAL_INVALID, null, array('Passwords did not match.'));
  170.     }
  171. }
# Change User Description Committed
#1 18334 Liz Lam initial add of jambox 9 years ago