interface/modules/zend_modules/library/Zend/Authentication/Adapter/Http/ApacheResolver.php

   1 <?php
   2 /**
   3  * Zend Framework (http://framework.zend.com/)
   4  *
   5  * @link      http://github.com/zendframework/zf2 for the canonical source repository
   6  * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
   7  * @license   http://framework.zend.com/license/new-bsd New BSD License
   8  */
   9
  10 namespace Zend\Authentication\Adapter\Http;
  11
  12 use Zend\Authentication\Result as AuthResult;
  13 use Zend\Crypt\Password\Apache as ApachePassword;
  14 use Zend\Stdlib\ErrorHandler;
  15
  16 /**
  17  * Apache Authentication Resolver
  18  *
  19  * @see http://httpd.apache.org/docs/2.2/misc/password_encryptions.html
  20  */
  21 class ApacheResolver implements ResolverInterface
  22 {
  23     /**
  24      * Path to credentials file
  25      *
  26      * @var string
  27      */
  28     protected $file;
  29
  30     /**
  31      * Apache password object
  32      *
  33      * @var ApachePassword
  34      */
  35     protected $apachePassword;
  36
  37     /**
  38      * Constructor
  39      *
  40      * @param  string $path Complete filename where the credentials are stored
  41      */
  42     public function __construct($path = '')
  43     {
  44         if (!empty($path)) {
  45             $this->setFile($path);
  46         }
  47     }
  48
  49     /**
  50      * Set the path to the credentials file
  51      *
  52      * @param  string $path
  53      * @return FileResolver Provides a fluent interface
  54      * @throws Exception\InvalidArgumentException if path is not readable
  55      */
  56     public function setFile($path)
  57     {
  58         if (empty($path) || !is_readable($path)) {
  59             throw new Exception\InvalidArgumentException('Path not readable: ' . $path);
  60         }
  61         $this->file = $path;
  62
  63         return $this;
  64     }
  65
  66     /**
  67      * Returns the path to the credentials file
  68      *
  69      * @return string
  70      */
  71     public function getFile()
  72     {
  73         return $this->file;
  74     }
  75
  76     /**
  77      * Returns the Apache Password object
  78      *
  79      * @return ApachePassword
  80      */
  81     protected function getApachePassword()
  82     {
  83         if (empty($this->apachePassword)) {
  84             $this->apachePassword = new ApachePassword();
  85         }
  86         return $this->apachePassword;
  87     }
  88
  89     /**
  90      * Resolve credentials
  91      *
  92      *
  93      *
  94      * @param  string $username Username
  95      * @param  string $realm    Authentication Realm
  96      * @param  string $password The password to authenticate
  97      * @return AuthResult
  98      * @throws Exception\ExceptionInterface
  99      */
 100     public function resolve($username, $realm, $password = null)
 101     {
 102         if (empty($username)) {
 103             throw new Exception\InvalidArgumentException('Username is required');
 104         }
 105
 106         if (!ctype_print($username) || strpos($username, ':') !== false) {
 107             throw new Exception\InvalidArgumentException(
 108                 'Username must consist only of printable characters, excluding the colon'
 109             );
 110         }
 111
 112         if (!empty($realm) && (!ctype_print($realm) || strpos($realm, ':') !== false)) {
 113             throw new Exception\InvalidArgumentException(
 114                 'Realm must consist only of printable characters, excluding the colon'
 115             );
 116         }
 117
 118         if (empty($password)) {
 119             throw new Exception\InvalidArgumentException('Password is required');
 120         }
 121
 122         // Open file, read through looking for matching credentials
 123         ErrorHandler::start(E_WARNING);
 124         $fp    = fopen($this->file, 'r');
 125         $error = ErrorHandler::stop();
 126         if (!$fp) {
 127             throw new Exception\RuntimeException('Unable to open password file: ' . $this->file, 0, $error);
 128         }
 129
 130         // No real validation is done on the contents of the password file. The
 131         // assumption is that we trust the administrators to keep it secure.
 132         while (($line = fgetcsv($fp, 512, ':')) !== false) {
 133             if ($line[0] != $username) {
 134                 continue;
 135             }
 136
 137             if (isset($line[2])) {
 138                 if ($line[1] == $realm) {
 139                     $matchedHash = $line[2];
 140                     break;
 141                 }
 142                 continue;
 143             }
 144
 145             $matchedHash = $line[1];
 146             break;
 147         }
 148         fclose($fp);
 149
 150         if (!isset($matchedHash)) {
 151             return new AuthResult(AuthResult::FAILURE_IDENTITY_NOT_FOUND, null, array('Username not found in provided htpasswd file'));
 152         }
 153
 154         // Plaintext password
 155         if ($matchedHash === $password) {
 156             return new AuthResult(AuthResult::SUCCESS, $username);
 157         }
 158
 159         $apache = $this->getApachePassword();
 160         $apache->setUserName($username);
 161         if (!empty($realm)) {
 162             $apache->setAuthName($realm);
 163         }
 164
 165         if ($apache->verify($password, $matchedHash)) {
 166             return new AuthResult(AuthResult::SUCCESS, $username);
 167         }
 168
 169         return new AuthResult(AuthResult::FAILURE_CREDENTIAL_INVALID, null, array('Passwords did not match.'));
 170     }
 171 }