nas
/
todo_api
Watch 2
Star 1
Fork 0
Code Issues 1 Pull Requests 0 Releases 0 Wiki Activity
api de gestion de ticket, basé sur php-crud-api. Le but est de décorrélé les outils de gestion des données, afin
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1557 Commits
1 Branch
Tree: de08ff5a2a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'de08ff5a2a'
${ noResults }
todo_api/src/Tqdev/PhpCrudApi/Middleware/BasicAuthMiddleware.php

BasicAuthMiddleware.php 4.3KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114 
  1. <?php

  2. 

  3. namespace Tqdev\PhpCrudApi\Middleware;

  4. 

  5. use Psr\Http\Message\ResponseInterface;

  6. use Psr\Http\Message\ServerRequestInterface;

  7. use Psr\Http\Server\RequestHandlerInterface;

  8. use Tqdev\PhpCrudApi\Controller\Responder;

  9. use Tqdev\PhpCrudApi\Middleware\Base\Middleware;

  10. use Tqdev\PhpCrudApi\Record\ErrorCode;

  11. use Tqdev\PhpCrudApi\RequestUtils;

  12. 

  13. class BasicAuthMiddleware extends Middleware

  14. {

  15.     private function hasCorrectPassword(string $username, string $password, array &$passwords): bool

  16.     {

  17.         $hash = isset($passwords[$username]) ? $passwords[$username] : false;

  18.         if ($hash && password_verify($password, $hash)) {

  19.             if (password_needs_rehash($hash, PASSWORD_DEFAULT)) {

  20.                 $passwords[$username] = password_hash($password, PASSWORD_DEFAULT);

  21.             }

  22.             return true;

  23.         }

  24.         return false;

  25.     }

  26. 

  27.     private function getValidUsername(string $username, string $password, string $passwordFile): string

  28.     {

  29.         $passwords = $this->readPasswords($passwordFile);

  30.         $valid = $this->hasCorrectPassword($username, $password, $passwords);

  31.         $this->writePasswords($passwordFile, $passwords);

  32.         return $valid ? $username : '';

  33.     }

  34. 

  35.     private function readPasswords(string $passwordFile): array

  36.     {

  37.         $passwords = [];

  38.         $passwordLines = file($passwordFile);

  39.         foreach ($passwordLines as $passwordLine) {

  40.             if (strpos($passwordLine, ':') !== false) {

  41.                 list($username, $hash) = explode(':', trim($passwordLine), 2);

  42.                 if (strlen($hash) > 0 && $hash[0] != '$') {

  43.                     $hash = password_hash($hash, PASSWORD_DEFAULT);

  44.                 }

  45.                 $passwords[$username] = $hash;

  46.             }

  47.         }

  48.         return $passwords;

  49.     }

  50. 

  51.     private function writePasswords(string $passwordFile, array $passwords): bool

  52.     {

  53.         $success = false;

  54.         $passwordFileContents = '';

  55.         foreach ($passwords as $username => $hash) {

  56.             $passwordFileContents .= "$username:$hash\n";

  57.         }

  58.         if (file_get_contents($passwordFile) != $passwordFileContents) {

  59.             $success = file_put_contents($passwordFile, $passwordFileContents) !== false;

  60.         }

  61.         return $success;

  62.     }

  63. 

  64.     private function getAuthorizationCredentials(ServerRequestInterface $request): string

  65.     {

  66.         if (isset($_SERVER['PHP_AUTH_USER'])) {

  67.             return $_SERVER['PHP_AUTH_USER'] . ':' . $_SERVER['PHP_AUTH_PW'];

  68.         }

  69.         $header = RequestUtils::getHeader($request, 'Authorization');

  70.         $parts = explode(' ', trim($header), 2);

  71.         if (count($parts) != 2) {

  72.             return '';

  73.         }

  74.         if ($parts[0] != 'Basic') {

  75.             return '';

  76.         }

  77.         return base64_decode(strtr($parts[1], '-_', '+/'));

  78.     }

  79. 

  80.     public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface

  81.     {

  82.         if (session_status() == PHP_SESSION_NONE) {

  83.             if (!headers_sent()) {

  84.                 session_start();

  85.             }

  86.         }

  87.         $credentials = $this->getAuthorizationCredentials($request);

  88.         if ($credentials) {

  89.             list($username, $password) = array('', '');

  90.             if (strpos($credentials, ':') !== false) {

  91.                 list($username, $password) = explode(':', $credentials, 2);

  92.             }

  93.             $passwordFile = $this->getProperty('passwordFile', '.htpasswd');

  94.             $validUser = $this->getValidUsername($username, $password, $passwordFile);

  95.             $_SESSION['username'] = $validUser;

  96.             if (!$validUser) {

  97.                 return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);

  98.             }

  99.             if (!headers_sent()) {

  100.                 session_regenerate_id();

  101.             }

  102.         }

  103.         if (!isset($_SESSION['username']) || !$_SESSION['username']) {

  104.             $authenticationMode = $this->getProperty('mode', 'required');

  105.             if ($authenticationMode == 'required') {

  106.                 $response = $this->responder->error(ErrorCode::AUTHENTICATION_REQUIRED, '');

  107.                 $realm = $this->getProperty('realm', 'Username and password required');

  108.                 $response = $response->withHeader('WWW-Authenticate', "Basic realm=\"$realm\"");

  109.                 return $response;

  110.             }

  111.         }

  112.         return $next->handle($request);

  113.     }

  114. }