Class DigestAuthenticate

Digest Authentication adapter for AuthComponent.

Provides Digest HTTP authentication support for AuthComponent.

Using Digest auth

In your controller's components array, add auth + the required config

public $components = [
     'Auth' => [
         'authenticate' => ['Digest']
     ]
 ];

You should also set AuthComponent::$sessionKey = false; in your AppController's beforeFilter() to prevent CakePHP from sending a session cookie to the client.

Since HTTP Digest Authentication is stateless you don't need a login() action in your controller. The user credentials will be checked on each request. If valid credentials are not provided, required authentication headers will be sent by this authentication provider which triggers the login dialog in the browser/client.

You may also want to use $this->Auth->unauthorizedRedirect = false;. This causes AuthComponent to throw a ForbiddenException exception instead of redirecting to another page.

Generating passwords compatible with Digest authentication.

DigestAuthenticate requires a special password hash that conforms to RFC2617. You can generate this password using DigestAuthenticate::password()

$digestPass = DigestAuthenticate::password($username, $password, env('SERVER_NAME'));

If you wish to use digest authentication alongside other authentication methods, it's recommended that you store the digest authentication separately. For example User.digest_pass could be used for a digest password, while User.password would store the password hash for use with other methods like Basic or Form.

Cake\Auth\BaseAuthenticate implements Cake\Event\EventListenerInterface uses Cake\Core\InstanceConfigTrait
Extended by Cake\Auth\BasicAuthenticate
Extended by Cake\Auth\DigestAuthenticate
Namespace: Cake\Auth
Location: Auth/DigestAuthenticate.php

Inherited Properties

Method Summary

  • __construct() public
    Constructor
  • _getDigest() protected
    Gets the digest headers from the request/environment.
  • generateNonce() protected
    Generate a nonce value that is validated in future requests.
  • Generate the response hash for a given digest array.
  • getUser() public
    Get a user based on information in the request. Used by cookie-less auth for stateless clients.
  • Generate the login headers
  • Parse the digest authentication headers and split them up.
  • password() public static
    Creates an auth digest password hash to store
  • validNonce() protected
    Check the nonce to ensure it is valid and not expired.

Method Detail

__construct()source public

__construct( Cake\Controller\ComponentRegistry $registry , array $config [] )

Constructor

Besides the keys specified in BaseAuthenticate::$_defaultConfig, DigestAuthenticate uses the following extra keys:

  • secret The secret to use for nonce validation. Defaults to Security.salt.
  • realm The realm authentication is for, Defaults to the servername.
  • qop Defaults to 'auth', no other values are supported at this time.
  • opaque A string that must be returned unchanged by clients. Defaults to md5($config['realm'])
  • nonceLifetime The number of seconds that nonces are valid for. Defaults to 300.

Parameters

Cake\Controller\ComponentRegistry $registry

The Component registry used on this request.

array $config optional []
Array of config to use.

Overrides

Cake\Auth\BaseAuthenticate::__construct()

_getDigest()source protected

_getDigest( Cake\Http\ServerRequest $request )

Gets the digest headers from the request/environment.

Parameters

Cake\Http\ServerRequest $request
Request object.

Returns

array|boolean
Array of digest information.

generateNonce()source protected

generateNonce( )

Generate a nonce value that is validated in future requests.

Returns

string

generateResponseHash()source public

generateResponseHash( array $digest , string $password , string $method )

Generate the response hash for a given digest array.

Parameters

array $digest
Digest information containing data from DigestAuthenticate::parseAuthData().
string $password
The digest hash password generated with DigestAuthenticate::password()
string $method
Request method

Returns

string
Response hash

getUser()source public

getUser( Cake\Http\ServerRequest $request )

Get a user based on information in the request. Used by cookie-less auth for stateless clients.

Parameters

Cake\Http\ServerRequest $request
Request object.

Returns

mixed
Either false or an array of user information

Overrides

Cake\Auth\BasicAuthenticate::getUser()

loginHeaders()source public

loginHeaders( Cake\Http\ServerRequest $request )

Generate the login headers

Parameters

Cake\Http\ServerRequest $request
Request object.

Returns

string
Headers for logging in.

Overrides

Cake\Auth\BasicAuthenticate::loginHeaders()

parseAuthData()source public

parseAuthData( string $digest )

Parse the digest authentication headers and split them up.

Parameters

string $digest
The raw digest authentication headers.

Returns

array|null
An array of digest authentication headers

password()source public static

password( string $username , string $password , string $realm )

Creates an auth digest password hash to store

Parameters

string $username
The username to use in the digest hash.
string $password
The unhashed password to make a digest hash for.
string $realm
The realm the password is for.

Returns

string
the hashed password that can later be used with Digest authentication.

validNonce()source protected

validNonce( string $nonce )

Check the nonce to ensure it is valid and not expired.

Parameters

string $nonce
The nonce value to check.

Returns

boolean

Methods inherited from Cake\Auth\BasicAuthenticate

authenticate()source public

authenticate( Cake\Http\ServerRequest $request , Cake\Http\Response $response )

Authenticate a user using HTTP auth. Will use the configured User model and attempt a login using HTTP auth.

Parameters

Cake\Http\ServerRequest $request
The request to authenticate with.
Cake\Http\Response $response
The response to add headers to.

Returns

mixed
Either false on failure, or an array of user data on success.

unauthenticated()source public

unauthenticated( Cake\Http\ServerRequest $request , Cake\Http\Response $response )

Handles an unauthenticated access attempt by sending appropriate login headers

Parameters

Cake\Http\ServerRequest $request
A request object.
Cake\Http\Response $response
A response object.

Throws

Cake\Network\Exception\UnauthorizedException

Overrides

Cake\Auth\BaseAuthenticate::unauthenticated()

Methods inherited from Cake\Auth\BaseAuthenticate

_findUser()source protected

_findUser( string $username , string|null $password null )

Find a user record using the username and password provided.

Input passwords will be hashed even when a user doesn't exist. This helps mitigate timing attacks that are attempting to find valid usernames.

Parameters

string $username
The username/identifier.
string|null $password optional null

The password, if not provided password checking is skipped and result of find is returned.

Returns

boolean|array
Either false on failure, or an array of user data.

_query()source protected

_query( string $username )

Get query object for fetching user from database.

Parameters

string $username
The username/identifier.

Returns

Cake\ORM\Query

implementedEvents()source public

implementedEvents( )

Returns a list of all events that this authenticate class will listen to.

An authenticate class can listen to following events fired by AuthComponent:

  • Auth.afterIdentify - Fired after a user has been identified using one of configured authenticate class. The callback function should have signature like afterIdentify(Event $event, array $user) when $user is the identified user record.

  • Auth.logout - Fired when AuthComponent::logout() is called. The callback function should have signature like logout(Event $event, array $user) where $user is the user about to be logged out.

Returns

array
List of events this class listens to. Defaults to [].

Implementation of

Cake\Event\EventListenerInterface::implementedEvents()

needsPasswordRehash()source public

needsPasswordRehash( )

Returns whether or not the password stored in the repository for the logged in user requires to be rehashed with another algorithm

Returns

boolean

passwordHasher()source public

passwordHasher( )

Return password hasher object

Returns

Cake\Auth\AbstractPasswordHasher
Password hasher instance

Throws

RuntimeException

If password hasher class not found or it does not extend AbstractPasswordHasher


Methods used from Cake\Core\InstanceConfigTrait

_configDelete()source protected

_configDelete( string $key )

Deletes a single config key.

Parameters

string $key
Key to delete.

Throws

Cake\Core\Exception\Exception
if attempting to clobber existing config

_configRead()source protected

_configRead( string|null $key )

Reads a config key.

Parameters

string|null $key
Key to read.

Returns

mixed

_configWrite()source protected

_configWrite( string|array $key , mixed $value , boolean|string $merge false )

Writes a config key.

Parameters

string|array $key
Key to write to.
mixed $value
Value to write.
boolean|string $merge optional false

True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.

Throws

Cake\Core\Exception\Exception
if attempting to clobber existing config

config()source public

config( string|array|null $key null , mixed|null $value null , boolean $merge true )

Gets/Sets the config.

Usage

Reading the whole config:

$this->config();

Reading a specific value:

$this->config('key');

Reading a nested value:

$this->config('some.nested.key');

Setting a specific value:

$this->config('key', $value);

Setting a nested value:

$this->config('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->config(['one' => 'value', 'another' => 'value']);

Deprecated

3.4.0 use setConfig()/getConfig() instead.

Parameters

string|array|null $key optional null
The key to get/set, or a complete array of configs.
mixed|null $value optional null
The value to set.
boolean $merge optional true
Whether to recursively merge or overwrite existing config, defaults to true.

Returns

mixed
Config value being read, or the object itself on write operations.

Throws

Cake\Core\Exception\Exception
When trying to set a key that is invalid.

configShallow()source public

configShallow( string|array $key , mixed|null $value null )

Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.

Setting a specific value:

$this->configShallow('key', $value);

Setting a nested value:

$this->configShallow('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->configShallow(['one' => 'value', 'another' => 'value']);

Parameters

string|array $key
The key to set, or a complete array of configs.
mixed|null $value optional null
The value to set.

Returns


$this

getConfig()source public

getConfig( string|null $key null , mixed $default null )

Returns the config.

Usage

Reading the whole config:

$this->getConfig();

Reading a specific value:

$this->getConfig('key');

Reading a nested value:

$this->getConfig('some.nested.key');

Reading with default value:

$this->getConfig('some-key', 'default-value');

Parameters

string|null $key optional null
The key to get or null for the whole config.
mixed $default optional null
The return value when the key does not exist.

Returns

mixed
Config value being read.

setConfig()source public

setConfig( string|array $key , mixed|null $value null , boolean $merge true )

Sets the config.

Usage

Setting a specific value:

$this->setConfig('key', $value);

Setting a nested value:

$this->setConfig('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->setConfig(['one' => 'value', 'another' => 'value']);

Parameters

string|array $key
The key to set, or a complete array of configs.
mixed|null $value optional null
The value to set.
boolean $merge optional true
Whether to recursively merge or overwrite existing config, defaults to true.

Returns


$this

Throws

Cake\Core\Exception\Exception
When trying to set a key that is invalid.

© 2005–2017 The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/3.4/class-Cake.Auth.DigestAuthenticate.html