Skip to content
Permalink
Browse files

Support to digest method in HttpSocket. Thanks to jmcneese and Adrien…

… Gibrat.
  • Loading branch information...
jrbasso committed Nov 13, 2010
1 parent 1d56625 commit 44629bd673e90ab65f42b871ae73c961ebac4118
Showing with 285 additions and 0 deletions.
  1. +103 −0 cake/libs/http/digest_method.php
  2. +182 −0 cake/tests/cases/libs/http/digest_method.test.php
@@ -0,0 +1,103 @@
<?php
/**
* Digest authentication
*
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @package cake
* @subpackage cake.cake.libs.http
* @since CakePHP(tm) v 2.0.0
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
/**
* Digest authentication
*
* @package cake
* @subpackage cake.cake.libs.http
*/
class DigestMethod {
/**
* Authentication
*
* @param HttpSocket $http
* @return void
* @throws Exception
* @link http://www.ietf.org/rfc/rfc2617.txt
*/
public static function authentication(&$http) {
if (isset($http->request['auth']['user'], $http->request['auth']['pass'])) {
if (!isset($http->config['request']['auth']['realm']) && !self::_getServerInformation($http)) {
return;
}
$http->request['header']['Authorization'] = self::_generateHeader($http);
}
}
/**
* Retrive information about the authetication
*
* @param HttpSocket $http
* @return boolean
*/
protected static function _getServerInformation(&$http) {
$originalRequest = $http->request;
$http->request['auth'] = array('method' => false);
$http->request($http->request);
$http->request = $originalRequest;
if (empty($http->response['header']['Www-Authenticate'])) {
return false;
}
preg_match_all('@(\w+)=(?:(?:")([^"]+)"|([^\s,$]+))@', $http->response['header']['Www-Authenticate'], $matches, PREG_SET_ORDER);
foreach ($matches as $match) {
$http->config['request']['auth'][$match[1]] = $match[2];
}
if (!empty($http->config['request']['auth']['qop']) && empty($http->config['request']['auth']['nc'])) {
$http->config['request']['auth']['nc'] = 1;
}
return true;
}
/**
* Generate the header Authorization
*
* @param HttpSocket $http
* @return string
*/
protected static function _generateHeader(&$http) {
$a1 = md5($http->request['auth']['user'] . ':' . $http->config['request']['auth']['realm'] . ':' . $http->request['auth']['pass']);
$a2 = md5($http->request['method'] . ':' . $http->request['uri']['path']);
if (empty($http->config['request']['auth']['qop'])) {
$response = md5($a1 . ':' . $http->config['request']['auth']['nonce'] . ':' . $a2);
} else {
$http->config['request']['auth']['cnonce'] = uniqid();
$nc = sprintf('%08x', $http->config['request']['auth']['nc']++);
$response = md5($a1 . ':' . $http->config['request']['auth']['nonce'] . ':' . $nc . ':' . $http->config['request']['auth']['cnonce'] . ':auth:' . $a2);
}
$authHeader = 'Digest ';
$authHeader .= 'username="' . str_replace(array('\\', '"'), array('\\\\', '\\"'), $http->request['auth']['user']) . '", ';
$authHeader .= 'realm="' . $http->config['request']['auth']['realm'] . '", ';
$authHeader .= 'nonce="' . $http->config['request']['auth']['nonce'] . '", ';
$authHeader .= 'uri="' . $http->request['uri']['path'] . '", ';
$authHeader .= 'response="' . $response . '"';
if (!empty($http->config['request']['auth']['opaque'])) {
$authHeader .= ', opaque="' . $http->config['request']['auth']['opaque'] . '"';
}
if (!empty($http->config['request']['auth']['qop'])) {
$authHeader .= ', qop="auth", nc=' . $nc . ', cnonce="' . $http->config['request']['auth']['cnonce'] . '"';
}
return $authHeader;
}
}
@@ -0,0 +1,182 @@
<?php
/**
* DigestMethodTest file
*
* PHP 5
*
* CakePHP(tm) Tests <http://book.cakephp.org/view/1196/Testing>
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice
*
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://book.cakephp.org/view/1196/Testing CakePHP(tm) Tests
* @package cake
* @subpackage cake.tests.cases.libs.http
* @since CakePHP(tm) v 2.0.0
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
App::import('Core', 'HttpSocket');
App::import('Lib', 'http/DigestMethod');
class DigestHttpSocket extends HttpSocket {
/**
* nextHeader attribute
*
* @var string
*/
public $nextHeader = '';
/**
* request method
*
* @param mixed $request
* @return void
*/
public function request($request) {
$this->response['header']['Www-Authenticate'] = $this->nextHeader;
}
}
/**
* DigestMethodTest class
*
* @package cake
* @subpackage cake.tests.cases.libs.http
*/
class DigestMethodTest extends CakeTestCase {
/**
* Socket property
*
* @var mixed null
*/
public $HttpSocket = null;
/**
* This function sets up a HttpSocket instance we are going to use for testing
*
* @return void
*/
public function setUp() {
$this->HttpSocket = new DigestHttpSocket();
$this->HttpSocket->request['method'] = 'GET';
$this->HttpSocket->request['uri']['path'] = '/';
$this->HttpSocket->request['auth'] = array(
'method' => 'Digest',
'user' => 'admin',
'pass' => '1234'
);
}
/**
* We use this function to clean up after the test case was executed
*
* @return void
*/
function tearDown() {
unset($this->HttpSocket);
}
/**
* testBasic method
*
* @return void
*/
public function testBasic() {
$this->HttpSocket->nextHeader = 'Digest realm="The batcave",nonce="4cded326c6c51"';
$this->HttpSocket->config['request']['auth'] = array();
$this->assertFalse(isset($this->HttpSocket->request['header']['Authorization']));
DigestMethod::authentication($this->HttpSocket);
$this->assertTrue(isset($this->HttpSocket->request['header']['Authorization']));
$this->assertEqual($this->HttpSocket->config['request']['auth']['realm'], 'The batcave');
$this->assertEqual($this->HttpSocket->config['request']['auth']['nonce'], '4cded326c6c51');
}
/**
* testQop method
*
* @return void
*/
public function testQop() {
$this->HttpSocket->nextHeader = 'Digest realm="The batcave",nonce="4cded326c6c51"';
$this->HttpSocket->config['request']['auth'] = array();
DigestMethod::authentication($this->HttpSocket);
$expected = 'Digest username="admin", realm="The batcave", nonce="4cded326c6c51", uri="/", response="da7e2a46b471d77f70a9bb3698c8902b"';
$this->assertEqual($expected, $this->HttpSocket->request['header']['Authorization']);
$this->assertFalse(isset($this->HttpSocket->config['request']['auth']['qop']));
$this->assertFalse(isset($this->HttpSocket->config['request']['auth']['nc']));
$this->HttpSocket->nextHeader = 'Digest realm="The batcave",nonce="4cded326c6c51",qop="auth"';
$this->HttpSocket->config['request']['auth'] = array();
DigestMethod::authentication($this->HttpSocket);
$expected = '@Digest username="admin", realm="The batcave", nonce="4cded326c6c51", uri="/", response="[a-z0-9]{32}", qop="auth", nc=00000001, cnonce="[a-z0-9]+"@';
$this->assertPattern($expected, $this->HttpSocket->request['header']['Authorization']);
$this->assertEqual($this->HttpSocket->config['request']['auth']['qop'], 'auth');
$this->assertEqual($this->HttpSocket->config['request']['auth']['nc'], 2);
}
/**
* testOpaque method
*
* @return void
*/
public function testOpaque() {
$this->HttpSocket->nextHeader = 'Digest realm="The batcave",nonce="4cded326c6c51"';
$this->HttpSocket->config['request']['auth'] = array();
DigestMethod::authentication($this->HttpSocket);
$this->assertFalse(strpos($this->HttpSocket->request['header']['Authorization'], 'opaque="d8ea7aa61a1693024c4cc3a516f49b3c"'));
$this->HttpSocket->nextHeader = 'Digest realm="The batcave",nonce="4cded326c6c51",opaque="d8ea7aa61a1693024c4cc3a516f49b3c"';
$this->HttpSocket->config['request']['auth'] = array();
DigestMethod::authentication($this->HttpSocket);
$this->assertTrue(strpos($this->HttpSocket->request['header']['Authorization'], 'opaque="d8ea7aa61a1693024c4cc3a516f49b3c"') > 0);
}
/**
* testMultipleRequest method
*
* @return void
*/
public function testMultipleRequest() {
$this->HttpSocket->nextHeader = 'Digest realm="The batcave",nonce="4cded326c6c51",qop="auth"';
$this->HttpSocket->config['request']['auth'] = array();
DigestMethod::authentication($this->HttpSocket);
$this->assertTrue(strpos($this->HttpSocket->request['header']['Authorization'], 'nc=00000001') > 0);
$this->assertEqual($this->HttpSocket->config['request']['auth']['nc'], 2);
DigestMethod::authentication($this->HttpSocket);
$this->assertTrue(strpos($this->HttpSocket->request['header']['Authorization'], 'nc=00000002') > 0);
$this->assertEqual($this->HttpSocket->config['request']['auth']['nc'], 3);
$responsePos = strpos($this->HttpSocket->request['header']['Authorization'], 'response=');
$response = substr($this->HttpSocket->request['header']['Authorization'], $responsePos + 10, 32);
$this->HttpSocket->nextHeader = '';
DigestMethod::authentication($this->HttpSocket);
$this->assertTrue(strpos($this->HttpSocket->request['header']['Authorization'], 'nc=00000003') > 0);
$this->assertEqual($this->HttpSocket->config['request']['auth']['nc'], 4);
$responsePos = strpos($this->HttpSocket->request['header']['Authorization'], 'response=');
$response2 = substr($this->HttpSocket->request['header']['Authorization'], $responsePos + 10, 32);
$this->assertNotEqual($response, $response2);
}
/**
* testPathChanged method
*
* @return void
*/
public function testPathChanged() {
$this->HttpSocket->nextHeader = 'Digest realm="The batcave",nonce="4cded326c6c51"';
$this->HttpSocket->request['uri']['path'] = '/admin';
$this->HttpSocket->config['request']['auth'] = array();
DigestMethod::authentication($this->HttpSocket);
$responsePos = strpos($this->HttpSocket->request['header']['Authorization'], 'response=');
$response = substr($this->HttpSocket->request['header']['Authorization'], $responsePos + 10, 32);
$this->assertNotEqual($response, 'da7e2a46b471d77f70a9bb3698c8902b');
}
}

0 comments on commit 44629bd

Please sign in to comment.
You can’t perform that action at this time.