Class HttpDigestAuthenticator
HttpDigest Authenticator
Provides Digest HTTP authentication support.
Generating passwords compatible with Digest authentication.
DigestAuthenticate requires a special password hash that conforms to RFC2617.
You can generate this password using HttpDigestAuthenticate::password()
$digestPass = HttpDigestAuthenticator::password($username, $password, env('SERVER_NAME'));
If you wish to use digest authentication alongside other authentication methods,
it's recommended that you store the digest authentication separately. For
example User.digest_pass
could be used for a digest password, while
User.password
would store the password hash for use with other methods like
BasicHttp or Form.
Property Summary
-
$_config protected
array<string, mixed>
Runtime config
-
$_configInitialized protected
bool
Whether the config property has already been configured with defaults
-
$_defaultConfig protected
array
Default config for this object.
fields
The fields to use to identify a user by.skipChallenge
If set totrue
then challenge exception will not be generated in case of authentication failure. Defaults tofalse
.
-
$_identifier protected
Authentication\Identifier\IdentifierInterface
Identifier or identifiers collection.
Method Summary
-
__construct() public
Constructor
-
_configDelete() protected
Deletes a single config key.
-
_configRead() protected
Reads a config key.
-
_configWrite() protected
Writes a config key.
-
_getDigest() protected
Gets the digest headers from the request/environment.
-
authenticate() public
Get a user based on information in the request. Used by cookie-less auth for stateless clients.
-
configShallow() public
Merge provided config with existing config. Unlike
config()
which does a recursive merge for nested keys, this method does a simple merge. -
generateNonce() protected
Generate a nonce value that is validated in future requests.
-
generateResponseHash() public
Generate the response hash for a given digest array.
-
getConfig() public
Returns the config.
-
getConfigOrFail() public
Returns the config for this specific key.
-
getIdentifier() public
Gets the identifier.
-
loginHeaders() protected
Generate the login headers
-
parseAuthData() public
Parse the digest authentication headers and split them up.
-
password() public static
Creates an auth digest password hash to store
-
setConfig() public
Sets the config.
-
setIdentifier() public
Sets the identifier.
-
unauthorizedChallenge() public
Create a challenge exception for basic auth challenge.
-
validNonce() protected
Check the nonce to ensure it is valid and not expired.
Method Detail
__construct() ¶ public
__construct(Authentication\Identifier\IdentifierInterface $identifier, array $config = [])
Constructor
Besides the keys specified in AbstractAuthenticator::$_defaultConfig, HttpDigestAuthenticate uses the following extra keys:
realm
The realm authentication is for, Defaults to the servername.nonceLifetime
The number of seconds that nonces are valid for. Defaults to 300.qop
Defaults to 'auth', no other values are supported at this time.opaque
A string that must be returned unchanged by clients. Defaults tomd5($config['realm'])
Parameters
-
Authentication\Identifier\IdentifierInterface
$identifier Identifier instance.
-
array
$config optional Configuration settings.
_configDelete() ¶ protected
_configDelete(string $key): void
Deletes a single config key.
Parameters
-
string
$key Key to delete.
Returns
void
Throws
Cake\Core\Exception\CakeException
if attempting to clobber existing config
_configRead() ¶ protected
_configRead(string|null $key): mixed
Reads a config key.
Parameters
-
string|null
$key Key to read.
Returns
mixed
_configWrite() ¶ protected
_configWrite(array<string, mixed>|string $key, mixed $value, string|bool $merge = false): void
Writes a config key.
Parameters
-
array<string, mixed>|string
$key Key to write to.
-
mixed
$value Value to write.
-
string|bool
$merge optional True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.
Returns
void
Throws
Cake\Core\Exception\CakeException
if attempting to clobber existing config
_getDigest() ¶ protected
_getDigest(Psr\Http\Message\ServerRequestInterface $request): array<string>|null
Gets the digest headers from the request/environment.
Parameters
-
Psr\Http\Message\ServerRequestInterface
$request The request that contains login information.
Returns
array<string>|null
authenticate() ¶ public
authenticate(Psr\Http\Message\ServerRequestInterface $request): Authentication\Authenticator\ResultInterface
Get a user based on information in the request. Used by cookie-less auth for stateless clients.
Parameters
-
Psr\Http\Message\ServerRequestInterface
$request The request that contains login information.
Returns
Authentication\Authenticator\ResultInterface
configShallow() ¶ public
configShallow(array<string, mixed>|string $key, mixed|null $value = null): $this
Merge provided config with existing config. Unlike config()
which does
a recursive merge for nested keys, this method does a simple merge.
Setting a specific value:
$this->configShallow('key', $value);
Setting a nested value:
$this->configShallow('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->configShallow(['one' => 'value', 'another' => 'value']);
Parameters
-
array<string, mixed>|string
$key The key to set, or a complete array of configs.
-
mixed|null
$value optional The value to set.
Returns
$this
generateNonce() ¶ protected
generateNonce(): string
Generate a nonce value that is validated in future requests.
Returns
string
generateResponseHash() ¶ public
generateResponseHash(array<string> $digest, string $password, string $method): string
Generate the response hash for a given digest array.
Parameters
-
array<string>
$digest Digest information containing data from HttpDigestAuthenticate::parseAuthData().
-
string
$password The digest hash password generated with HttpDigestAuthenticate::password()
-
string
$method Request method
Returns
string
getConfig() ¶ public
getConfig(string|null $key = null, mixed $default = null): mixed
Returns the config.
Usage
Reading the whole config:
$this->getConfig();
Reading a specific value:
$this->getConfig('key');
Reading a nested value:
$this->getConfig('some.nested.key');
Reading with default value:
$this->getConfig('some-key', 'default-value');
Parameters
-
string|null
$key optional The key to get or null for the whole config.
-
mixed
$default optional The return value when the key does not exist.
Returns
mixed
getConfigOrFail() ¶ public
getConfigOrFail(string $key): mixed
Returns the config for this specific key.
The config value for this key must exist, it can never be null.
Parameters
-
string
$key The key to get.
Returns
mixed
Throws
InvalidArgumentException
getIdentifier() ¶ public
getIdentifier(): Authentication\Identifier\IdentifierInterface
Gets the identifier.
Returns
Authentication\Identifier\IdentifierInterface
loginHeaders() ¶ protected
loginHeaders(Psr\Http\Message\ServerRequestInterface $request): array
Generate the login headers
Parameters
-
Psr\Http\Message\ServerRequestInterface
$request The request that contains login information.
Returns
array
parseAuthData() ¶ public
parseAuthData(string $digest): array<string>|null
Parse the digest authentication headers and split them up.
Parameters
-
string
$digest The raw digest authentication headers.
Returns
array<string>|null
password() ¶ public static
password(string $username, string $password, string $realm): string
Creates an auth digest password hash to store
Parameters
-
string
$username The username to use in the digest hash.
-
string
$password The unhashed password to make a digest hash for.
-
string
$realm The realm the password is for.
Returns
string
setConfig() ¶ public
setConfig(array<string, mixed>|string $key, mixed|null $value = null, bool $merge = true): $this
Sets the config.
Usage
Setting a specific value:
$this->setConfig('key', $value);
Setting a nested value:
$this->setConfig('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->setConfig(['one' => 'value', 'another' => 'value']);
Parameters
-
array<string, mixed>|string
$key The key to set, or a complete array of configs.
-
mixed|null
$value optional The value to set.
-
bool
$merge optional Whether to recursively merge or overwrite existing config, defaults to true.
Returns
$this
Throws
Cake\Core\Exception\CakeException
When trying to set a key that is invalid.
setIdentifier() ¶ public
setIdentifier(Authentication\Identifier\IdentifierInterface $identifier): $this
Sets the identifier.
Parameters
-
Authentication\Identifier\IdentifierInterface
$identifier IdentifierInterface instance.
Returns
$this
unauthorizedChallenge() ¶ public
unauthorizedChallenge(Psr\Http\Message\ServerRequestInterface $request): void
Create a challenge exception for basic auth challenge.
Create an exception with the appropriate headers and response body to challenge a request that has missing or invalid credentials.
This is primarily used by authentication methods that use the WWW-Authorization header.
Parameters
-
Psr\Http\Message\ServerRequestInterface
$request A request object.
Returns
void
Throws
Authentication\Authenticator\AuthenticationRequiredException
validNonce() ¶ protected
validNonce(string $nonce): bool
Check the nonce to ensure it is valid and not expired.
Parameters
-
string
$nonce The nonce value to check.
Returns
bool
Property Detail
$_configInitialized ¶ protected
Whether the config property has already been configured with defaults
Type
bool
$_defaultConfig ¶ protected
Default config for this object.
fields
The fields to use to identify a user by.skipChallenge
If set totrue
then challenge exception will not be generated in case of authentication failure. Defaults tofalse
.
Type
array
$_identifier ¶ protected
Identifier or identifiers collection.
Type
Authentication\Identifier\IdentifierInterface