/usr/share/php/sabre21/Sabre/DAV/Auth/Backend/AbstractDigest.php is in php-sabre-dav-2.1 2.1.10-1ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 | <?php
namespace Sabre\DAV\Auth\Backend;
use
Sabre\HTTP,
Sabre\DAV;
/**
* HTTP Digest authentication backend class
*
* This class can be used by authentication objects wishing to use HTTP Digest
* Most of the digest logic is handled, implementors just need to worry about
* the getDigestHash method
*
* @copyright Copyright (C) fruux GmbH (https://fruux.com/)
* @author Evert Pot (http://evertpot.com/)
* @license http://sabre.io/license/ Modified BSD License
*/
abstract class AbstractDigest implements BackendInterface {
/**
* This variable holds the currently logged in username.
*
* @var array|null
*/
protected $currentUser;
/**
* Returns a users digest hash based on the username and realm.
*
* If the user was not known, null must be returned.
*
* @param string $realm
* @param string $username
* @return string|null
*/
abstract function getDigestHash($realm, $username);
/**
* Authenticates the user based on the current request.
*
* If authentication is successful, true must be returned.
* If authentication fails, an exception must be thrown.
*
* @param DAV\Server $server
* @param string $realm
* @throws DAV\Exception\NotAuthenticated
* @return bool
*/
function authenticate(DAV\Server $server, $realm) {
$digest = new HTTP\Auth\Digest($realm, $server->httpRequest, $server->httpResponse);
$digest->init();
$username = $digest->getUsername();
// No username was given
if (!$username) {
$digest->requireLogin();
throw new DAV\Exception\NotAuthenticated('No digest authentication headers were found');
}
$hash = $this->getDigestHash($realm, $username);
// If this was false, the user account didn't exist
if ($hash===false || is_null($hash)) {
$digest->requireLogin();
throw new DAV\Exception\NotAuthenticated('The supplied username was not on file');
}
if (!is_string($hash)) {
throw new DAV\Exception('The returned value from getDigestHash must be a string or null');
}
// If this was false, the password or part of the hash was incorrect.
if (!$digest->validateA1($hash)) {
$digest->requireLogin();
throw new DAV\Exception\NotAuthenticated('Incorrect username');
}
$this->currentUser = $username;
return true;
}
/**
* Returns the currently logged in username.
*
* @return string|null
*/
function getCurrentUser() {
return $this->currentUser;
}
}
|