Added Basic Authentication

Moved all HTTP response header settings to HTTP_Response
sabre-io · Jan 14, 2009 · 25e8352 · 25e8352
1 parent c8a4080
commit 25e8352
Show file tree

Hide file tree

Showing 4 changed files with 136 additions and 26 deletions.
diff --git a/lib/Sabre.includes.php b/lib/Sabre.includes.php
@@ -3,6 +3,7 @@
 /* Utilities */
 include 'Sabre/PHP/Exception.php';
 include 'Sabre/HTTP/Response.php';
+include 'Sabre/HTTP/BasicAuth.php';
 
 /* Basics */
 include 'Sabre/DAV/Lock.php';

diff --git a/lib/Sabre/DAV/Server.php b/lib/Sabre/DAV/Server.php
@@ -111,13 +111,13 @@ public function setBaseUri($uri) {
      */
     protected function httpOptions() {
 
-        $this->addHeader('Allow',strtoupper(implode(' ',$this->getAllowedMethods())));
+        $this->httpResponse->setHeader('Allow',strtoupper(implode(' ',$this->getAllowedMethods())));
         if ($this->tree->supportsLocks()) {
-            $this->addHeader('DAV','1,2,3');
+            $this->httpResponse->setHeader('DAV','1,2,3');
         } else {
-            $this->addHeader('DAV','1,3');
+            $this->httpResponse->setHeader('DAV','1,3');
         }
-        $this->addHeader('MS-Author-Via','DAV');
+        $this->httpResponse->setHeader('MS-Author-Via','DAV');
 
     }
 
@@ -132,9 +132,9 @@ protected function httpGet() {
 
         $nodeInfo = $this->tree->getNodeInfo($this->getRequestUri(),0);
 
-        if ($nodeInfo[0]['size']) $this->addHeader('Content-Length',$nodeInfo[0]['size']);
+        if ($nodeInfo[0]['size']) $this->httpResponse->setHeader('Content-Length',$nodeInfo[0]['size']);
 
-        $this->addHeader('Content-Type', 'application/octet-stream');
+        $this->httpResponse->setHeader('Content-Type', 'application/octet-stream');
         echo $this->tree->get($this->getRequestUri());
 
     }
@@ -151,8 +151,8 @@ protected function httpGet() {
     protected function httpHead() {
 
         $nodeInfo = $this->tree->getNodeInfo($this->getRequestUri(),0);
-        if ($nodeInfo[0]['size']) $this->addHeader('Content-Length',$nodeInfo[0]['size']);
-        $this->addHeader('Content-Type', 'application/octet-stream');
+        if ($nodeInfo[0]['size']) $this->httpResponse->setHeader('Content-Length',$nodeInfo[0]['size']);
+        $this->httpResponse->setHeader('Content-Type', 'application/octet-stream');
 
     }
 
@@ -219,7 +219,7 @@ protected function httpPropfind() {
 
         // This is a multi-status response
         $this->httpResponse->sendStatus(207);
-        $this->addHeader('Content-Type','text/xml; charset="utf-8"');
+        $this->httpResponse->setHeader('Content-Type','text/xml; charset="utf-8"');
         $data = $this->generatePropfindResponse($fileList,$properties);
         echo $data;
 
@@ -323,7 +323,7 @@ protected function httpPOST() {
         }
 
         // We assume > 5.1.2, which has the header injection attack prevention
-        if (isset($_POST['redirectUrl']) && is_string($_POST['redirectUrl'])) header('Location: ' . $_POST['redirectUrl']);
+        if (isset($_POST['redirectUrl']) && is_string($_POST['redirectUrl'])) $this->httpResponse->setHeader('Location', $_POST['redirectUrl']);
 
     }
 
@@ -478,7 +478,7 @@ protected function httpLock() {
         }
 
         $this->tree->lockNode($uri,$lockInfo);
-        $this->addHeader('Lock-Token','opaquelocktoken:' . $lockInfo->token);
+        $this->httpResponse->setHeader('Lock-Token','opaquelocktoken:' . $lockInfo->token);
         echo $this->generateLockResponse($lockInfo);
 
     }
@@ -561,19 +561,6 @@ protected function getAllowedMethods() {
 
     }
 
-    /**
-     * Adds an HTTP response header 
-     * 
-     * @param string $name 
-     * @param string $value 
-     * @return void
-     */
-    protected function addHeader($name,$value) {
-
-        header($name . ': ' . str_replace(array("\n","\r"),array('\n','\r'),$value));
-
-    }
-
     /**
      * Gets the uri for the request, keeping the base uri into consideration 
      * 

diff --git a/lib/Sabre/HTTP/BasicAuth.php b/lib/Sabre/HTTP/BasicAuth.php
@@ -0,0 +1,107 @@
+<?php
+
+/**
+ * HTTP Basic Authentication handler
+ *
+ * Use this class for easy http authentication setup
+ * 
+ * @package Sabre
+ * @subpackage HTTP 
+ * @version $Id$
+ * @copyright Copyright (C) 2009 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/) 
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class Sabre_HTTP_BasicAuth {
+
+    /**
+     * The realm will be displayed in the dialog boxes
+     *
+     * This identifier can be changed through setRealm()
+     * 
+     * @var string
+     */
+    protected $realm = 'SabreDAV';
+
+    /**
+     * HTTP response helper 
+     * 
+     * @var Sabre_HTTP_Response 
+     */
+    protected $httpResponse;
+
+    /**
+     * __construct 
+     * 
+     * @return void
+     */
+    public function __construct() {
+
+        $this->httpResponse = new Sabre_HTTP_Response();
+
+    }
+
+    /**
+     * Returns the supplied username and password.
+     *
+     * The returned array has two values:
+     *   * 0 - username
+     *   * 1 - password
+     *
+     * If nothing was supplied, 'false' will be returned
+     *
+     * @return mixed 
+     */
+    public function getUserPass() {
+
+        // Apache
+        if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
+
+            $username = $_SERVER['PHP_AUTH_USER'];
+            $password = $_SERVER['PHP_AUTH_PW'];
+
+            return array($username,$password);
+
+        }
+
+        // IIS
+        if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
+
+            return explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
+
+        }
+
+        return false;
+
+    }
+
+    /**
+     * Sets the realm
+     *
+     * The realm is often displayed in authentication dialog boxes
+     * Commonly an application name displayed here
+     * 
+     * @param mixed $realm 
+     * @return void
+     */
+    public function setRealm($realm) {
+
+        $this->realm = $realm;
+
+    }
+
+    /**
+     * Returns an HTTP 401 header, forcing login
+     *
+     * This should be called when username and password are incorrect, or not supplied at all
+     *
+     * @return void
+     */
+    public function requireLogin() {
+
+        $this->httpResponse->setHeader('WWW-Authenticate','Basic realm="' . $this->realm . '"');
+        $this->httpResponse->sendStatus(401);
+
+    }
+
+}
diff --git a/lib/Sabre/HTTP/Response.php b/lib/Sabre/HTTP/Response.php
@@ -4,10 +4,11 @@
  * Sabre_HTTP_Response 
  * 
  * @package Sabre
+ * @subpackage DAV
  * @version $Id$
- * @copyright Copyright (C) 2007 Rooftop Solutions. All rights reserved.
+ * @copyright Copyright (C) 2007-2009 Rooftop Solutions. All rights reserved.
  * @author Evert Pot (http://www.rooftopsolutions.nl/) 
- * @license licence http://www.freebsd.org/copyright/license.html  BSD License (4 Clause)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
  */
 class Sabre_HTTP_Response {
 
@@ -54,4 +55,18 @@ public function sendStatus($code) {
 
     }
 
+    /**
+     * Sets an HTTP header for the response
+     * 
+     * @param string $name 
+     * @param string $value 
+     * @return void
+     */
+    public function setHeader($name, $value) {
+
+        $value = str_replace(array("\r","\n"),array('\r','\n'),$value);
+        header($name . ': ' . $value);
+
+    }
+
 }