Skip to content
Permalink
Browse files

feature #32231 [HttpClient] Add support for NTLM authentication (nico…

…las-grekas)

This PR was merged into the 4.4 branch.

Discussion
----------

[HttpClient] Add support for NTLM authentication

| Q             | A
| ------------- | ---
| Branch?       | 4.4
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | -
| License       | MIT
| Doc PR        | -

Someone mentioned NTLM auth on Twitter, so here we are, this adds support for it.
Requires curl.

Commits
-------

548f4fd [HttpClient] Add support for NTLM authentication
  • Loading branch information...
fabpot committed Jul 3, 2019
2 parents 6abaa8c + 548f4fd commit df13b506ebd3d11616b04891f410cdd5a30f7a16
@@ -1399,6 +1399,9 @@ private function addHttpClientSection(ArrayNodeDefinition $rootNode)
->scalarNode('auth_bearer')
->info('A token enabling HTTP Bearer authorization.')
->end()
->scalarNode('auth_ntlm')
->info('A "username:password" pair to use Microsoft NTLM authentication (requires the cURL extension).')
->end()
->arrayNode('query')
->info('Associative array of query string values merged with the base URI.')
->useAttributeAsKey('key')
@@ -6,6 +6,7 @@ CHANGELOG

* made `Psr18Client` implement relevant PSR-17 factories
* added `HttplugClient`
* added support for NTLM authentication

4.3.0
-----
@@ -37,7 +37,10 @@ final class CurlHttpClient implements HttpClientInterface, LoggerAwareInterface
use HttpClientTrait;
use LoggerAwareTrait;
private $defaultOptions = self::OPTIONS_DEFAULTS;
private $defaultOptions = self::OPTIONS_DEFAULTS + [
'auth_ntlm' => null, // array|string - an array containing the username as first value, and optionally the
// password as the second one; or string like username:password - enabling NTLM auth
];
/**
* An internal object to share state between the client and its responses.
@@ -150,6 +153,25 @@ public function request(string $method, string $url, array $options = []): Respo
CURLOPT_CERTINFO => $options['capture_peer_cert_chain'],
];
if (isset($options['auth_ntlm'])) {
$curlopts[CURLOPT_HTTPAUTH] = CURLAUTH_NTLM;
if (\is_array($options['auth_ntlm'])) {
$count = \count($options['auth_ntlm']);
if ($count <= 0 || $count > 2) {
throw new InvalidArgumentException(sprintf('Option "auth_ntlm" must contain 1 or 2 elements, %s given.', $count));
}
$options['auth_ntlm'] = implode(':', $options['auth_ntlm']);
}
if (!\is_string($options['auth_ntlm'])) {
throw new InvalidArgumentException(sprintf('Option "auth_ntlm" must be string or an array, %s given.', \gettype($options['auth_ntlm'])));
}
$curlopts[CURLOPT_USERPWD] = $options['auth_ntlm'];
}
if (!ZEND_THREAD_SAFE) {
$curlopts[CURLOPT_DNS_USE_GLOBAL_CACHE] = false;
}
@@ -179,6 +179,10 @@ private static function mergeDefaultOptions(array $options, array $defaultOption
}
}
if ('auth_ntlm' === $name) {
throw new InvalidArgumentException(sprintf('Option "%s" is not supported by %s, try using CurlHttpClient instead.', __CLASS__));
}
throw new InvalidArgumentException(sprintf('Unsupported option "%s" passed to %s, did you mean "%s"?', $name, __CLASS__, implode('", "', $alternatives ?: array_keys($defaultOptions))));
}

0 comments on commit df13b50

Please sign in to comment.
You can’t perform that action at this time.