Home Explore Help
Register Sign In
chengwenliang
/
newsupernova
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: c9405dd336
Branches Tags
newsupernova
/
vendor
/
magento
/
framework
/
HTTP
/
Authentication.php

Authentication.php 2.7 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * Copyright © Magento, Inc. All rights reserved.
    4. 

  4.  * See COPYING.txt for license details.
    5. 

  5.  */
    6. 

  6. namespace Magento\Framework\HTTP;
    7. 

  7. 

  8. /**
    9. 

  9.  * Library for working with HTTP authentication
    10. 

  10.  */
    11. 

  11. class Authentication
    12. 

  12. {
    13. 

  13.     /**
    14. 

  14.      * Request object
    15. 

  15.      *
    16. 

  16.      * @var \Magento\Framework\App\RequestInterface
    17. 

  17.      */
    18. 

  18.     protected $request;
    19. 

  19. 

  20.     /**
    21. 

  21.      * Response object
    22. 

  22.      *
    23. 

  23.      * @var \Magento\Framework\App\ResponseInterface
    24. 

  24.      */
    25. 

  25.     protected $response;
    26. 

  26. 

  27.     /**
    28. 

  28.      * @param \Magento\Framework\App\RequestInterface $httpRequest
    29. 

  29.      * @param \Magento\Framework\App\ResponseInterface $httpResponse
    30. 

  30.      */
    31. 

  31.     public function __construct(
    32. 

  32.         \Magento\Framework\App\RequestInterface $httpRequest,
    33. 

  33.         \Magento\Framework\App\ResponseInterface $httpResponse
    34. 

  34.     ) {
    35. 

  35.         $this->request = $httpRequest;
    36. 

  36.         $this->response = $httpResponse;
    37. 

  37.     }
    38. 

  38. 

  39.     /**
    40. 

  40.      * Extract "login" and "password" credentials from HTTP-request
    41. 

  41.      *
    42. 

  42.      * Returns plain array with 2 items: login and password respectively
    43. 

  43.      *
    44. 

  44.      * @return array
    45. 

  45.      */
    46. 

  46.     public function getCredentials()
    47. 

  47.     {
    48. 

  48.         $server = $this->request->getServerValue();
    49. 

  49.         $user = '';
    50. 

  50.         $pass = '';
    51. 

  51. 

  52.         if (empty($server['HTTP_AUTHORIZATION'])) {
    53. 

  53.             foreach ($server as $k => $v) {
    54. 

  54.                 if (substr($k, -18) === 'HTTP_AUTHORIZATION' && !empty($v)) {
    55. 

  55.                     $server['HTTP_AUTHORIZATION'] = $v;
    56. 

  56.                     break;
    57. 

  57.                 }
    58. 

  58.             }
    59. 

  59.         }
    60. 

  60. 

  61.         if (isset($server['PHP_AUTH_USER']) && isset($server['PHP_AUTH_PW'])) {
    62. 

  62.             $user = $server['PHP_AUTH_USER'];
    63. 

  63.             $pass = $server['PHP_AUTH_PW'];
    64. 

  64.         } elseif (!empty($server['HTTP_AUTHORIZATION'])) {
    65. 

  65.             /**
    66. 

  66.              * IIS Note: for HTTP authentication to work with IIS,
    67. 

  67.              * the PHP directive cgi.rfc2616_headers must be set to 0 (the default value).
    68. 

  68.              */
    69. 

  69.             $auth = $server['HTTP_AUTHORIZATION'];
    70. 

  70.             list($user, $pass) = explode(':', base64_decode(substr($auth, strpos($auth, " ") + 1)));
    71. 

  71.         } elseif (!empty($server['Authorization'])) {
    72. 

  72.             $auth = $server['Authorization'];
    73. 

  73.             list($user, $pass) = explode(':', base64_decode(substr($auth, strpos($auth, " ") + 1)));
    74. 

  74.         }
    75. 

  75. 

  76.         return [$user, $pass];
    77. 

  77.     }
    78. 

  78. 

  79.     /**
    80. 

  80.      * Set "auth failed" headers to the specified response object
    81. 

  81.      *
    82. 

  82.      * @param string $realm
    83. 

  83.      * @return void
    84. 

  84.      */
    85. 

  85.     public function setAuthenticationFailed($realm)
    86. 

  86.     {
    87. 

  87.         $this->response->setStatusHeader(401, '1.1', 'Unauthorized');
    88. 

  88.         $this->response->setHeader(
    89. 

  89.             'WWW-Authenticate',
    90. 

  90.             'Basic realm="' . $realm . '"'
    91. 

  91.         )->setBody(
    92. 

  92.             '<h1>401 Unauthorized</h1>'
    93. 

  93.         );
    94. 

  94.     }
    95. 

  95. }
    96.