diff options
Diffstat (limited to 'vendor/sabre/http/lib/Auth')
| -rw-r--r-- | vendor/sabre/http/lib/Auth/AWS.php | 134 | ||||
| -rw-r--r-- | vendor/sabre/http/lib/Auth/AbstractAuth.php | 36 | ||||
| -rw-r--r-- | vendor/sabre/http/lib/Auth/Basic.php | 25 | ||||
| -rw-r--r-- | vendor/sabre/http/lib/Auth/Bearer.php | 25 | ||||
| -rw-r--r-- | vendor/sabre/http/lib/Auth/Digest.php | 131 |
5 files changed, 151 insertions, 200 deletions
diff --git a/vendor/sabre/http/lib/Auth/AWS.php b/vendor/sabre/http/lib/Auth/AWS.php index 5e176646a..ffda3cf15 100644 --- a/vendor/sabre/http/lib/Auth/AWS.php +++ b/vendor/sabre/http/lib/Auth/AWS.php @@ -1,11 +1,13 @@ <?php +declare(strict_types=1); + namespace Sabre\HTTP\Auth; -use Sabre\HTTP\Util; +use Sabre\HTTP; /** - * HTTP AWS Authentication handler + * HTTP AWS Authentication handler. * * Use this class to leverage amazon's AWS authentication header * @@ -13,24 +15,24 @@ use Sabre\HTTP\Util; * @author Evert Pot (http://evertpot.com/) * @license http://sabre.io/license/ Modified BSD License */ -class AWS extends AbstractAuth { - +class AWS extends AbstractAuth +{ /** - * The signature supplied by the HTTP client + * The signature supplied by the HTTP client. * * @var string */ private $signature = null; /** - * The accesskey supplied by the HTTP client + * The accesskey supplied by the HTTP client. * * @var string */ private $accessKey = null; /** - * An error code, if any + * An error code, if any. * * This value will be filled with one of the ERR_* constants * @@ -45,47 +47,45 @@ class AWS extends AbstractAuth { const ERR_INVALIDSIGNATURE = 5; /** - * Gathers all information from the headers + * Gathers all information from the headers. * * This method needs to be called prior to anything else. - * - * @return bool */ - function init() { - + public function init(): bool + { $authHeader = $this->request->getHeader('Authorization'); + + if (null === $authHeader) { + $this->errorCode = self::ERR_NOAWSHEADER; + + return false; + } $authHeader = explode(' ', $authHeader); - if ($authHeader[0] != 'AWS' || !isset($authHeader[1])) { + if ('AWS' !== $authHeader[0] || !isset($authHeader[1])) { $this->errorCode = self::ERR_NOAWSHEADER; - return false; + + return false; } list($this->accessKey, $this->signature) = explode(':', $authHeader[1]); return true; - } /** - * Returns the username for the request - * - * @return string + * Returns the username for the request. */ - function getAccessKey() { - + public function getAccessKey(): string + { return $this->accessKey; - } /** - * Validates the signature based on the secretKey - * - * @param string $secretKey - * @return bool + * Validates the signature based on the secretKey. */ - function validate($secretKey) { - + public function validate(string $secretKey): bool + { $contentMD5 = $this->request->getHeader('Content-MD5'); if ($contentMD5) { @@ -93,57 +93,53 @@ class AWS extends AbstractAuth { $body = $this->request->getBody(); $this->request->setBody($body); - if ($contentMD5 != base64_encode(md5($body, true))) { + if ($contentMD5 !== base64_encode(md5((string) $body, true))) { // content-md5 header did not match md5 signature of body $this->errorCode = self::ERR_MD5CHECKSUMWRONG; + return false; } - } - if (!$requestDate = $this->request->getHeader('x-amz-date')) + if (!$requestDate = $this->request->getHeader('x-amz-date')) { $requestDate = $this->request->getHeader('Date'); + } - if (!$this->validateRFC2616Date($requestDate)) + if (!$this->validateRFC2616Date((string) $requestDate)) { return false; + } $amzHeaders = $this->getAmzHeaders(); $signature = base64_encode( $this->hmacsha1($secretKey, - $this->request->getMethod() . "\n" . - $contentMD5 . "\n" . - $this->request->getHeader('Content-type') . "\n" . - $requestDate . "\n" . - $amzHeaders . + $this->request->getMethod()."\n". + $contentMD5."\n". + $this->request->getHeader('Content-type')."\n". + $requestDate."\n". + $amzHeaders. $this->request->getUrl() ) ); - if ($this->signature != $signature) { - + if ($this->signature !== $signature) { $this->errorCode = self::ERR_INVALIDSIGNATURE; - return false; + return false; } return true; - } - /** - * Returns an HTTP 401 header, forcing login + * Returns an HTTP 401 header, forcing login. * * This should be called when username and password are incorrect, or not supplied at all - * - * @return void */ - function requireLogin() { - + public function requireLogin() + { $this->response->addHeader('WWW-Authenticate', 'AWS'); $this->response->setStatus(401); - } /** @@ -154,17 +150,15 @@ class AWS extends AbstractAuth { * * This function also makes sure the Date header is within 15 minutes of the operating * system date, to prevent replay attacks. - * - * @param string $dateHeader - * @return bool */ - protected function validateRFC2616Date($dateHeader) { - - $date = Util::parseHTTPDate($dateHeader); + protected function validateRFC2616Date(string $dateHeader): bool + { + $date = HTTP\parseDate($dateHeader); // Unknown format if (!$date) { $this->errorCode = self::ERR_INVALIDDATEFORMAT; + return false; } @@ -174,47 +168,40 @@ class AWS extends AbstractAuth { // We allow 15 minutes around the current date/time if ($date > $max || $date < $min) { $this->errorCode = self::ERR_REQUESTTIMESKEWED; + return false; } - return $date; - + return true; } /** - * Returns a list of AMZ headers - * - * @return string + * Returns a list of AMZ headers. */ - protected function getAmzHeaders() { - + protected function getAmzHeaders(): string + { $amzHeaders = []; $headers = $this->request->getHeaders(); foreach ($headers as $headerName => $headerValue) { - if (strpos(strtolower($headerName), 'x-amz-') === 0) { - $amzHeaders[strtolower($headerName)] = str_replace(["\r\n"], [' '], $headerValue[0]) . "\n"; + if (0 === strpos(strtolower($headerName), 'x-amz-')) { + $amzHeaders[strtolower($headerName)] = str_replace(["\r\n"], [' '], $headerValue[0])."\n"; } } ksort($amzHeaders); $headerStr = ''; foreach ($amzHeaders as $h => $v) { - $headerStr .= $h . ':' . $v; + $headerStr .= $h.':'.$v; } return $headerStr; - } /** - * Generates an HMAC-SHA1 signature - * - * @param string $key - * @param string $message - * @return string + * Generates an HMAC-SHA1 signature. */ - private function hmacsha1($key, $message) { - + private function hmacsha1(string $key, string $message): string + { if (function_exists('hash_hmac')) { return hash_hmac('sha1', $message, $key, true); } @@ -226,9 +213,8 @@ class AWS extends AbstractAuth { $key = str_pad($key, $blocksize, chr(0x00)); $ipad = str_repeat(chr(0x36), $blocksize); $opad = str_repeat(chr(0x5c), $blocksize); - $hmac = pack('H*', sha1(($key ^ $opad) . pack('H*', sha1(($key ^ $ipad) . $message)))); - return $hmac; + $hmac = pack('H*', sha1(($key ^ $opad).pack('H*', sha1(($key ^ $ipad).$message)))); + return $hmac; } - } diff --git a/vendor/sabre/http/lib/Auth/AbstractAuth.php b/vendor/sabre/http/lib/Auth/AbstractAuth.php index ae45b3ee2..ada6bf0f0 100644 --- a/vendor/sabre/http/lib/Auth/AbstractAuth.php +++ b/vendor/sabre/http/lib/Auth/AbstractAuth.php @@ -1,5 +1,7 @@ <?php +declare(strict_types=1); + namespace Sabre\HTTP\Auth; use Sabre\HTTP\RequestInterface; @@ -14,60 +16,50 @@ use Sabre\HTTP\ResponseInterface; * @author Evert Pot (http://evertpot.com/) * @license http://sabre.io/license/ Modified BSD License */ -abstract class AbstractAuth { - +abstract class AbstractAuth +{ /** - * Authentication realm + * Authentication realm. * * @var string */ protected $realm; /** - * Request object + * Request object. * * @var RequestInterface */ protected $request; /** - * Response object + * Response object. * * @var ResponseInterface */ protected $response; /** - * Creates the object - * - * @param string $realm - * @return void + * Creates the object. */ - function __construct($realm = 'SabreTooth', RequestInterface $request, ResponseInterface $response) { - + public function __construct(string $realm = 'SabreTooth', RequestInterface $request, ResponseInterface $response) + { $this->realm = $realm; $this->request = $request; $this->response = $response; - } /** * This method sends the needed HTTP header and statuscode (401) to force * the user to login. - * - * @return void */ - abstract function requireLogin(); + abstract public function requireLogin(); /** - * Returns the HTTP realm - * - * @return string + * Returns the HTTP realm. */ - function getRealm() { - + public function getRealm(): string + { return $this->realm; - } - } diff --git a/vendor/sabre/http/lib/Auth/Basic.php b/vendor/sabre/http/lib/Auth/Basic.php index c263e3f9b..d04b4a811 100644 --- a/vendor/sabre/http/lib/Auth/Basic.php +++ b/vendor/sabre/http/lib/Auth/Basic.php @@ -1,5 +1,7 @@ <?php +declare(strict_types=1); + namespace Sabre\HTTP\Auth; /** @@ -15,25 +17,25 @@ namespace Sabre\HTTP\Auth; * @author Evert Pot (http://evertpot.com/) * @license http://sabre.io/license/ Modified BSD License */ -class Basic extends AbstractAuth { - +class Basic extends AbstractAuth +{ /** * This method returns a numeric array with a username and password as the * only elements. * * If no credentials were found, this method returns null. * - * @return null|array + * @return array|null */ - function getCredentials() { - + public function getCredentials() + { $auth = $this->request->getHeader('Authorization'); if (!$auth) { return null; } - if (strtolower(substr($auth, 0, 6)) !== 'basic ') { + if ('basic ' !== strtolower(substr($auth, 0, 6))) { return null; } @@ -44,20 +46,15 @@ class Basic extends AbstractAuth { } return $credentials; - } /** * This method sends the needed HTTP header and statuscode (401) to force * the user to login. - * - * @return void */ - function requireLogin() { - - $this->response->addHeader('WWW-Authenticate', 'Basic realm="' . $this->realm . '", charset="UTF-8"'); + public function requireLogin() + { + $this->response->addHeader('WWW-Authenticate', 'Basic realm="'.$this->realm.'", charset="UTF-8"'); $this->response->setStatus(401); - } - } diff --git a/vendor/sabre/http/lib/Auth/Bearer.php b/vendor/sabre/http/lib/Auth/Bearer.php index eefdf11ee..988bb29d2 100644 --- a/vendor/sabre/http/lib/Auth/Bearer.php +++ b/vendor/sabre/http/lib/Auth/Bearer.php @@ -1,5 +1,7 @@ <?php +declare(strict_types=1); + namespace Sabre\HTTP\Auth; /** @@ -15,42 +17,37 @@ namespace Sabre\HTTP\Auth; * @author François Kooman (fkooman@tuxed.net) * @license http://sabre.io/license/ Modified BSD License */ -class Bearer extends AbstractAuth { - +class Bearer extends AbstractAuth +{ /** * This method returns a string with an access token. * * If no token was found, this method returns null. * - * @return null|string + * @return string|null */ - function getToken() { - + public function getToken() + { $auth = $this->request->getHeader('Authorization'); if (!$auth) { return null; } - if (strtolower(substr($auth, 0, 7)) !== 'bearer ') { + if ('bearer ' !== strtolower(substr($auth, 0, 7))) { return null; } return substr($auth, 7); - } /** * This method sends the needed HTTP header and statuscode (401) to force * authentication. - * - * @return void */ - function requireLogin() { - - $this->response->addHeader('WWW-Authenticate', 'Bearer realm="' . $this->realm . '"'); + public function requireLogin() + { + $this->response->addHeader('WWW-Authenticate', 'Bearer realm="'.$this->realm.'"'); $this->response->setStatus(401); - } - } diff --git a/vendor/sabre/http/lib/Auth/Digest.php b/vendor/sabre/http/lib/Auth/Digest.php index 4b3f0746f..dd35a0b74 100644 --- a/vendor/sabre/http/lib/Auth/Digest.php +++ b/vendor/sabre/http/lib/Auth/Digest.php @@ -1,12 +1,14 @@ <?php +declare(strict_types=1); + namespace Sabre\HTTP\Auth; use Sabre\HTTP\RequestInterface; use Sabre\HTTP\ResponseInterface; /** - * HTTP Digest Authentication handler + * HTTP Digest Authentication handler. * * Use this class for easy http digest authentication. * Instructions: @@ -27,10 +29,10 @@ use Sabre\HTTP\ResponseInterface; * @author Evert Pot (http://evertpot.com/) * @license http://sabre.io/license/ Modified BSD License */ -class Digest extends AbstractAuth { - +class Digest extends AbstractAuth +{ /** - * These constants are used in setQOP(); + * These constants are used in setQOP();. */ const QOP_AUTH = 1; const QOP_AUTHINT = 2; @@ -42,28 +44,24 @@ class Digest extends AbstractAuth { protected $qop = self::QOP_AUTH; /** - * Initializes the object + * Initializes the object. */ - function __construct($realm = 'SabreTooth', RequestInterface $request, ResponseInterface $response) { - + public function __construct(string $realm = 'SabreTooth', RequestInterface $request, ResponseInterface $response) + { $this->nonce = uniqid(); $this->opaque = md5($realm); parent::__construct($realm, $request, $response); - } /** - * Gathers all information from the headers + * Gathers all information from the headers. * * This method needs to be called prior to anything else. - * - * @return void */ - function init() { - + public function init() + { $digest = $this->getDigest(); - $this->digestParts = $this->parseDigest($digest); - + $this->digestParts = $this->parseDigest((string) $digest); } /** @@ -78,115 +76,101 @@ class Digest extends AbstractAuth { * QOP_AUTHINT ensures integrity of the request body, but this is not * supported by most HTTP clients. QOP_AUTHINT also requires the entire * request body to be md5'ed, which can put strains on CPU and memory. - * - * @param int $qop - * @return void */ - function setQOP($qop) { - + public function setQOP(int $qop) + { $this->qop = $qop; - } /** * Validates the user. * * The A1 parameter should be md5($username . ':' . $realm . ':' . $password); - * - * @param string $A1 - * @return bool */ - function validateA1($A1) { - + public function validateA1(string $A1): bool + { $this->A1 = $A1; - return $this->validate(); + return $this->validate(); } /** * Validates authentication through a password. The actual password must be provided here. * It is strongly recommended not store the password in plain-text and use validateA1 instead. - * - * @param string $password - * @return bool */ - function validatePassword($password) { + public function validatePassword(string $password): bool + { + $this->A1 = md5($this->digestParts['username'].':'.$this->realm.':'.$password); - $this->A1 = md5($this->digestParts['username'] . ':' . $this->realm . ':' . $password); return $this->validate(); - } /** - * Returns the username for the request + * Returns the username for the request. + * Returns null if there were none. * - * @return string + * @return string|null */ - function getUsername() { - - return $this->digestParts['username']; - + public function getUsername() + { + return $this->digestParts['username'] ?? null; } /** - * Validates the digest challenge - * - * @return bool + * Validates the digest challenge. */ - protected function validate() { + protected function validate(): bool + { + if (!is_array($this->digestParts)) { + return false; + } - $A2 = $this->request->getMethod() . ':' . $this->digestParts['uri']; + $A2 = $this->request->getMethod().':'.$this->digestParts['uri']; - if ($this->digestParts['qop'] == 'auth-int') { + if ('auth-int' === $this->digestParts['qop']) { // Making sure we support this qop value - if (!($this->qop & self::QOP_AUTHINT)) return false; + if (!($this->qop & self::QOP_AUTHINT)) { + return false; + } // We need to add an md5 of the entire request body to the A2 part of the hash $body = $this->request->getBody($asString = true); $this->request->setBody($body); - $A2 .= ':' . md5($body); - } else { - - // We need to make sure we support this qop value - if (!($this->qop & self::QOP_AUTH)) return false; + $A2 .= ':'.md5($body); + } elseif (!($this->qop & self::QOP_AUTH)) { + return false; } $A2 = md5($A2); $validResponse = md5("{$this->A1}:{$this->digestParts['nonce']}:{$this->digestParts['nc']}:{$this->digestParts['cnonce']}:{$this->digestParts['qop']}:{$A2}"); - return $this->digestParts['response'] == $validResponse; - - + return $this->digestParts['response'] === $validResponse; } /** - * Returns an HTTP 401 header, forcing login + * Returns an HTTP 401 header, forcing login. * * This should be called when username and password are incorrect, or not supplied at all - * - * @return void */ - function requireLogin() { - + public function requireLogin() + { $qop = ''; switch ($this->qop) { - case self::QOP_AUTH : + case self::QOP_AUTH: $qop = 'auth'; break; - case self::QOP_AUTHINT : + case self::QOP_AUTHINT: $qop = 'auth-int'; break; - case self::QOP_AUTH | self::QOP_AUTHINT : + case self::QOP_AUTH | self::QOP_AUTHINT: $qop = 'auth,auth-int'; break; } - $this->response->addHeader('WWW-Authenticate', 'Digest realm="' . $this->realm . '",qop="' . $qop . '",nonce="' . $this->nonce . '",opaque="' . $this->opaque . '"'); + $this->response->addHeader('WWW-Authenticate', 'Digest realm="'.$this->realm.'",qop="'.$qop.'",nonce="'.$this->nonce.'",opaque="'.$this->opaque.'"'); $this->response->setStatus(401); - } - /** * This method returns the full digest string. * @@ -196,23 +180,20 @@ class Digest extends AbstractAuth { * * @return mixed */ - function getDigest() { - + public function getDigest() + { return $this->request->getHeader('Authorization'); - } - /** * Parses the different pieces of the digest string into an array. * * This method returns false if an incomplete digest was supplied * - * @param string $digest - * @return mixed + * @return bool|array */ - protected function parseDigest($digest) { - + protected function parseDigest(string $digest) + { // protect against missing data $needed_parts = ['nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1]; $data = []; @@ -220,12 +201,10 @@ class Digest extends AbstractAuth { preg_match_all('@(\w+)=(?:(?:")([^"]+)"|([^\s,$]+))@', $digest, $matches, PREG_SET_ORDER); foreach ($matches as $m) { - $data[$m[1]] = $m[2] ? $m[2] : $m[3]; + $data[$m[1]] = $m[2] ?: $m[3]; unset($needed_parts[$m[1]]); } return $needed_parts ? false : $data; - } - } |