blackicedbear/FHC-Core
1
0
Fork 0
mirror of https://github.com/FH-Complete/FHC-Core.git synced 2026-06-28 01:19:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

HTTP digest authentication

Browse Source 
The digest http authentication does not allow to use a password storing
systems, that do not successively allow to retrieve it, even if hashed
This commit is contained in:
paolo
2016-04-14 15:24:53 +02:00
parent 64de1ed4f4
commit aec2e7b5ac
17 changed files with 311 additions and 4195 deletions
Download Patch File Download Diff File Expand all files Collapse all files
application/libraries/FHC_Auth.php
+65
View File
@@ -0,0 +1,65 @@
<?php
/**
* FH-Complete
*
* @package FHC-Helper
* @author FHC-Team
* @copyright Copyright (c) 2016 fhcomplete.org
* @license GPLv3
* @link https://fhcomplete.org
* @since Version 1.0.0
* @filesource
*/
defined('BASEPATH') OR exit('No direct script access allowed');
require_once FCPATH.'include/authentication.class.php';
require_once FCPATH.'include/AddonAuthentication.php';
/**
* FHC-Auth Helpers
*
* @package FH-Complete
* @subpackage Helpers
* @category Helpers
* @author FHC-Team
* @link http://fhcomplete.org/user_guide/helpers/fhcauth_helper.html
*/
// ------------------------------------------------------------------------
class FHC_Auth
{
/**
* Auth Username, Password over FH-Complete
*
* @param string $username
* @param string $password
* @return bool
*/
function auth($username, $password)
{
$auth = new authentication();
if ($auth->checkpassword($username, $password))
{
//echo 'Auth-Method-True';
return true;
}
else
{
//echo 'Auth-Method-False';
return false;
}
}
/**
* Get the md5 hashed password by the addon username
*
* @param string $username addon username
* @return string md5 hashed string
*/
public function digestAuthentication($username)
{
$aam = new AddonAuthentication();
return md5($aam->getPasswordByUsername($username));
}
}
application/libraries/REST_Controller.php
+9 -2
View File
@@ -1978,12 +1978,19 @@ abstract class REST_Controller extends CI_Controller {
preg_match_all('@(username|nonce|uri|nc|cnonce|qop|response)=[\'"]?([^\'",]+)@', $digest_string, $matches);
$digest = (empty($matches[1]) || empty($matches[2])) ? [] : array_combine($matches[1], $matches[2]);
// For digest authentication the library function should return already stored md5(username:restrealm:password) for that username @see rest.php::auth_library_function config
// For digest authentication the library function should return
// already stored password for that username, even if it is hashed
$username = $this->_check_login($digest['username'], TRUE);
if (array_key_exists('username', $digest) === FALSE || $username === FALSE)
// If there no password
if (array_key_exists('username', $digest) === FALSE || $username === FALSE || $username === NULL)
{
$this->_force_login($unique_id);
}
// If the password was found for this username, generete the string md5('USERNAME:REALM:PASSWORD')
else
{
$username = md5($digest['username'].":".$this->config->item('rest_realm').":".$username);
}
$md5 = md5(strtoupper($this->request->method) . ':' . $digest['uri']);
$valid_response = md5($username . ':' . $digest['nonce'] . ':' . $digest['nc'] . ':' . $digest['cnonce'] . ':' . $digest['qop'] . ':' . $md5);