68 lines
1.6 KiB
PHP
68 lines
1.6 KiB
PHP
<?php
|
|
|
|
namespace Intervention\HttpAuth\Vault;
|
|
|
|
use Intervention\HttpAuth\AbstractVault;
|
|
use Intervention\HttpAuth\Directive;
|
|
use Intervention\HttpAuth\Key;
|
|
|
|
class DigestVault extends AbstractVault
|
|
{
|
|
/**
|
|
* Determine if given key is able to unlock (access) vault.
|
|
*
|
|
* @param Key $key
|
|
* @return bool
|
|
*/
|
|
public function unlocksWithKey(Key $key): bool
|
|
{
|
|
$username_match = $key->getUsername() == $this->getUsername();
|
|
$hash_match = $key->getResponse() == $this->getKeyHash($key);
|
|
|
|
return $username_match && $hash_match;
|
|
}
|
|
|
|
/**
|
|
* Build and return hash from given key/vault
|
|
*
|
|
* @param Key $key
|
|
* @return string
|
|
*/
|
|
private function getKeyHash(Key $key): string
|
|
{
|
|
return md5(implode(':', [
|
|
md5(sprintf('%s:%s:%s', $key->getUsername(), $this->getRealm(), $this->getPassword())),
|
|
$key->getNonce(),
|
|
$key->getNc(),
|
|
$key->getCnonce(),
|
|
$key->getQop(),
|
|
md5(sprintf('%s:%s', $this->getRequestMethod(), $key->getUri())),
|
|
]));
|
|
}
|
|
|
|
/**
|
|
* Return HTTP request method
|
|
*
|
|
* @return string
|
|
*/
|
|
private function getRequestMethod()
|
|
{
|
|
return isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : 'GET';
|
|
}
|
|
|
|
/**
|
|
* Return auth directive
|
|
*
|
|
* @return Directive
|
|
*/
|
|
public function getDirective(): Directive
|
|
{
|
|
return new Directive('digest', [
|
|
'realm' => $this->getRealm(),
|
|
'qop' => 'auth',
|
|
'nonce' => uniqid(),
|
|
'opaque' => md5($this->getRealm()),
|
|
]);
|
|
}
|
|
}
|