blackicedbear/FHC-Core
1
0
Fork 0
mirror of https://github.com/FH-Complete/FHC-Core.git synced 2026-06-18 12:39:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

HTTP digest authentication

Browse Source 
The digest http authentication does not allow to use a password storing
systems, that do not successively allow to retrieve it, even if hashed
This commit is contained in:
paolo
2016-04-14 15:24:53 +02:00
parent 64de1ed4f4
commit aec2e7b5ac
17 changed files with 311 additions and 4195 deletions
Download Patch File Download Diff File Expand all files Collapse all files
application/libraries/REST_Controller.php
+9 -2
View File
@@ -1978,12 +1978,19 @@ abstract class REST_Controller extends CI_Controller {
preg_match_all('@(username|nonce|uri|nc|cnonce|qop|response)=[\'"]?([^\'",]+)@', $digest_string, $matches);
$digest = (empty($matches[1]) || empty($matches[2])) ? [] : array_combine($matches[1], $matches[2]);
// For digest authentication the library function should return already stored md5(username:restrealm:password) for that username @see rest.php::auth_library_function config
// For digest authentication the library function should return
// already stored password for that username, even if it is hashed
$username = $this->_check_login($digest['username'], TRUE);
if (array_key_exists('username', $digest) === FALSE || $username === FALSE)
// If there no password
if (array_key_exists('username', $digest) === FALSE || $username === FALSE || $username === NULL)
{
$this->_force_login($unique_id);
}
// If the password was found for this username, generete the string md5('USERNAME:REALM:PASSWORD')
else
{
$username = md5($digest['username'].":".$this->config->item('rest_realm').":".$username);
}
$md5 = md5(strtoupper($this->request->method) . ':' . $digest['uri']);
$valid_response = md5($username . ':' . $digest['nonce'] . ':' . $digest['nc'] . ':' . $digest['cnonce'] . ':' . $digest['qop'] . ':' . $md5);