CakePHP
  • Documentation
    • Book
    • API
    • Videos
    • Reporting Security Issues
    • Privacy Policy
    • Logos & Trademarks
  • Business Solutions
  • Swag
  • Road Trip
  • Team
  • Community
    • Community
    • Get Involved
    • Issues (Github)
    • Bakery
    • Featured Resources
    • Training
    • Meetups
    • My CakePHP
    • CakeFest
    • Newsletter
    • Linkedin
    • YouTube
    • Facebook
    • Twitter
    • Mastodon
    • Help & Support
    • Forum
    • Stack Overflow
    • IRC
    • Slack
    • Paid Support
CakePHP

C Authentication 2.x API

  • Project:
    • Authentication
      • CakePHP
      • Authentication
      • Authorization
      • Chronos
      • Elastic Search
      • Queue
  • Version:
    • 2.x
      • 3.x
      • 2.x

Namespaces

  • Authentication
    • Authenticator
    • Controller
    • Identifier
    • Middleware
    • PasswordHasher
    • UrlChecker
    • View

Class HttpDigestAuthenticator

HttpDigest Authenticator

Provides Digest HTTP authentication support.

Generating passwords compatible with Digest authentication.

DigestAuthenticate requires a special password hash that conforms to RFC2617. You can generate this password using HttpDigestAuthenticate::password()

$digestPass = HttpDigestAuthenticator::password($username, $password, env('SERVER_NAME'));

If you wish to use digest authentication alongside other authentication methods, it's recommended that you store the digest authentication separately. For example User.digest_pass could be used for a digest password, while User.password would store the password hash for use with other methods like BasicHttp or Form.

Namespace: Authentication\Authenticator

Property Summary

  • $_config protected
    array<string, mixed>

    Runtime config

  • $_configInitialized protected
    bool

    Whether the config property has already been configured with defaults

  • $_defaultConfig protected
    array

    Default config for this object.

    • fields The fields to use to identify a user by.
    • skipChallenge If set to true then challenge exception will not be generated in case of authentication failure. Defaults to false.
  • $_identifier protected
    Authentication\Identifier\IdentifierInterface

    Identifier or identifiers collection.

Method Summary

  • __construct() public

    Constructor

  • _configDelete() protected

    Deletes a single config key.

  • _configRead() protected

    Reads a config key.

  • _configWrite() protected

    Writes a config key.

  • _getDigest() protected

    Gets the digest headers from the request/environment.

  • authenticate() public

    Get a user based on information in the request. Used by cookie-less auth for stateless clients.

  • configShallow() public

    Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.

  • generateNonce() protected

    Generate a nonce value that is validated in future requests.

  • generateResponseHash() public

    Generate the response hash for a given digest array.

  • getConfig() public

    Returns the config.

  • getConfigOrFail() public

    Returns the config for this specific key.

  • getIdentifier() public

    Gets the identifier.

  • loginHeaders() protected

    Generate the login headers

  • parseAuthData() public

    Parse the digest authentication headers and split them up.

  • password() public static

    Creates an auth digest password hash to store

  • setConfig() public

    Sets the config.

  • setIdentifier() public

    Sets the identifier.

  • unauthorizedChallenge() public

    Create a challenge exception for basic auth challenge.

  • validNonce() protected

    Check the nonce to ensure it is valid and not expired.

Method Detail

__construct() ¶ public 

__construct(Authentication\Identifier\IdentifierInterface $identifier, array $config = [])

Constructor

Besides the keys specified in AbstractAuthenticator::$_defaultConfig, HttpDigestAuthenticate uses the following extra keys:

  • realm The realm authentication is for, Defaults to the servername.
  • nonceLifetime The number of seconds that nonces are valid for. Defaults to 300.
  • qop Defaults to 'auth', no other values are supported at this time.
  • opaque A string that must be returned unchanged by clients. Defaults to md5($config['realm'])
Parameters
Authentication\Identifier\IdentifierInterface $identifier

Identifier instance.

array $config optional

Configuration settings.

_configDelete() ¶ protected 

_configDelete(string $key): void

Deletes a single config key.

Parameters
string $key

Key to delete.

Returns
void
Throws
Cake\Core\Exception\CakeException
if attempting to clobber existing config

_configRead() ¶ protected 

_configRead(string|null $key): mixed

Reads a config key.

Parameters
string|null $key

Key to read.

Returns
mixed

_configWrite() ¶ protected 

_configWrite(array<string, mixed>|string $key, mixed $value, string|bool $merge = false): void

Writes a config key.

Parameters
array<string, mixed>|string $key

Key to write to.

mixed $value

Value to write.

string|bool $merge optional

True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.

Returns
void
Throws
Cake\Core\Exception\CakeException
if attempting to clobber existing config

_getDigest() ¶ protected 

_getDigest(Psr\Http\Message\ServerRequestInterface $request): string[]|null

Gets the digest headers from the request/environment.

Parameters
Psr\Http\Message\ServerRequestInterface $request

The request that contains login information.

Returns
string[]|null

authenticate() ¶ public 

authenticate(Psr\Http\Message\ServerRequestInterface $request): Authentication\Authenticator\ResultInterface

Get a user based on information in the request. Used by cookie-less auth for stateless clients.

Parameters
Psr\Http\Message\ServerRequestInterface $request

The request that contains login information.

Returns
Authentication\Authenticator\ResultInterface

configShallow() ¶ public 

configShallow(array<string, mixed>|string $key, mixed|null $value = null): $this

Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.

Setting a specific value:

$this->configShallow('key', $value);

Setting a nested value:

$this->configShallow('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->configShallow(['one' => 'value', 'another' => 'value']);
Parameters
array<string, mixed>|string $key

The key to set, or a complete array of configs.

mixed|null $value optional

The value to set.

Returns
$this

generateNonce() ¶ protected 

generateNonce(): string

Generate a nonce value that is validated in future requests.

Returns
string

generateResponseHash() ¶ public 

generateResponseHash(string[] $digest, string $password, string $method): string

Generate the response hash for a given digest array.

Parameters
string[] $digest

Digest information containing data from HttpDigestAuthenticate::parseAuthData().

string $password

The digest hash password generated with HttpDigestAuthenticate::password()

string $method

Request method

Returns
string

getConfig() ¶ public 

getConfig(string|null $key = null, mixed $default = null): mixed

Returns the config.

Usage

Reading the whole config:

$this->getConfig();

Reading a specific value:

$this->getConfig('key');

Reading a nested value:

$this->getConfig('some.nested.key');

Reading with default value:

$this->getConfig('some-key', 'default-value');
Parameters
string|null $key optional

The key to get or null for the whole config.

mixed $default optional

The return value when the key does not exist.

Returns
mixed

getConfigOrFail() ¶ public 

getConfigOrFail(string $key): mixed

Returns the config for this specific key.

The config value for this key must exist, it can never be null.

Parameters
string $key

The key to get.

Returns
mixed
Throws
InvalidArgumentException

getIdentifier() ¶ public 

getIdentifier(): Authentication\Identifier\IdentifierInterface

Gets the identifier.

Returns
Authentication\Identifier\IdentifierInterface

loginHeaders() ¶ protected 

loginHeaders(Psr\Http\Message\ServerRequestInterface $request): array

Generate the login headers

Parameters
Psr\Http\Message\ServerRequestInterface $request

The request that contains login information.

Returns
array

parseAuthData() ¶ public 

parseAuthData(string $digest): string[]|null

Parse the digest authentication headers and split them up.

Parameters
string $digest

The raw digest authentication headers.

Returns
string[]|null

password() ¶ public static 

password(string $username, string $password, string $realm): string

Creates an auth digest password hash to store

Parameters
string $username

The username to use in the digest hash.

string $password

The unhashed password to make a digest hash for.

string $realm

The realm the password is for.

Returns
string

setConfig() ¶ public 

setConfig(array<string, mixed>|string $key, mixed|null $value = null, bool $merge = true): $this

Sets the config.

Usage

Setting a specific value:

$this->setConfig('key', $value);

Setting a nested value:

$this->setConfig('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->setConfig(['one' => 'value', 'another' => 'value']);
Parameters
array<string, mixed>|string $key

The key to set, or a complete array of configs.

mixed|null $value optional

The value to set.

bool $merge optional

Whether to recursively merge or overwrite existing config, defaults to true.

Returns
$this
Throws
Cake\Core\Exception\CakeException
When trying to set a key that is invalid.

setIdentifier() ¶ public 

setIdentifier(Authentication\Identifier\IdentifierInterface $identifier): $this

Sets the identifier.

Parameters
Authentication\Identifier\IdentifierInterface $identifier

IdentifierInterface instance.

Returns
$this

unauthorizedChallenge() ¶ public 

unauthorizedChallenge(Psr\Http\Message\ServerRequestInterface $request): void

Create a challenge exception for basic auth challenge.

Create an exception with the appropriate headers and response body to challenge a request that has missing or invalid credentials.

This is primarily used by authentication methods that use the WWW-Authorization header.

Parameters
Psr\Http\Message\ServerRequestInterface $request

A request object.

Returns
void
Throws
Authentication\Authenticator\AuthenticationRequiredException

validNonce() ¶ protected 

validNonce(string $nonce): bool

Check the nonce to ensure it is valid and not expired.

Parameters
string $nonce

The nonce value to check.

Returns
bool

Property Detail

$_config ¶ protected

Runtime config

Type
array<string, mixed>

$_configInitialized ¶ protected

Whether the config property has already been configured with defaults

Type
bool

$_defaultConfig ¶ protected

Default config for this object.

  • fields The fields to use to identify a user by.
  • skipChallenge If set to true then challenge exception will not be generated in case of authentication failure. Defaults to false.
Type
array

$_identifier ¶ protected

Identifier or identifiers collection.

Type
Authentication\Identifier\IdentifierInterface
OpenHub
Pingping
Linode
  • Business Solutions
  • Showcase
  • Documentation
  • Book
  • API
  • Videos
  • Reporting Security Issues
  • Privacy Policy
  • Logos & Trademarks
  • Community
  • Get Involved
  • Issues (Github)
  • Bakery
  • Featured Resources
  • Training
  • Meetups
  • My CakePHP
  • CakeFest
  • Newsletter
  • Linkedin
  • YouTube
  • Facebook
  • Twitter
  • Mastodon
  • Help & Support
  • Forum
  • Stack Overflow
  • IRC
  • Slack
  • Paid Support

Generated using CakePHP API Docs