_client = $client; } /** * Add Authorization header to the request. * * @param \Cake\Http\Client\Request $request The request object. * @param array $credentials Authentication credentials. * @return \Cake\Http\Client\Request The updated request. * @see http://www.ietf.org/rfc/rfc2617.txt */ public function authentication(Request $request, array $credentials) { if (!isset($credentials['username'], $credentials['password'])) { return $request; } if (!isset($credentials['realm'])) { $credentials = $this->_getServerInfo($request, $credentials); } if (!isset($credentials['realm'])) { return $request; } $value = $this->_generateHeader($request, $credentials); return $request->withHeader('Authorization', $value); } /** * Retrieve information about the authentication * * Will get the realm and other tokens by performing * another request without authentication to get authentication * challenge. * * @param \Cake\Http\Client\Request $request The request object. * @param array $credentials Authentication credentials. * @return array modified credentials. */ protected function _getServerInfo(Request $request, $credentials) { $response = $this->_client->get( $request->url(), [], ['auth' => []] ); if (!$response->getHeader('WWW-Authenticate')) { return []; } preg_match_all( '@(\w+)=(?:(?:")([^"]+)"|([^\s,$]+))@', $response->getHeaderLine('WWW-Authenticate'), $matches, PREG_SET_ORDER ); foreach ($matches as $match) { $credentials[$match[1]] = $match[2]; } if (!empty($credentials['qop']) && empty($credentials['nc'])) { $credentials['nc'] = 1; } return $credentials; } /** * Generate the header Authorization * * @param \Cake\Http\Client\Request $request The request object. * @param array $credentials Authentication credentials. * @return string */ protected function _generateHeader(Request $request, $credentials) { $path = $request->getUri()->getPath(); $a1 = md5($credentials['username'] . ':' . $credentials['realm'] . ':' . $credentials['password']); $a2 = md5($request->method() . ':' . $path); if (empty($credentials['qop'])) { $response = md5($a1 . ':' . $credentials['nonce'] . ':' . $a2); } else { $credentials['cnonce'] = uniqid(); $nc = sprintf('%08x', $credentials['nc']++); $response = md5($a1 . ':' . $credentials['nonce'] . ':' . $nc . ':' . $credentials['cnonce'] . ':auth:' . $a2); } $authHeader = 'Digest '; $authHeader .= 'username="' . str_replace(['\\', '"'], ['\\\\', '\\"'], $credentials['username']) . '", '; $authHeader .= 'realm="' . $credentials['realm'] . '", '; $authHeader .= 'nonce="' . $credentials['nonce'] . '", '; $authHeader .= 'uri="' . $path . '", '; $authHeader .= 'response="' . $response . '"'; if (!empty($credentials['opaque'])) { $authHeader .= ', opaque="' . $credentials['opaque'] . '"'; } if (!empty($credentials['qop'])) { $authHeader .= ', qop="auth", nc=' . $nc . ', cnonce="' . $credentials['cnonce'] . '"'; } return $authHeader; } } // @deprecated Add backwards compat alias. class_alias('Cake\Http\Client\Auth\Digest', 'Cake\Network\Http\Auth\Digest');