Skip to content
/ http-authentication Public

PSR-15 middleware to implement Basic and Digest Http authentication

License

MIT license
36 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

middlewares/http-authentication

BranchesTags

Repository files navigation

middlewares/http-authentication

Latest Version on Packagist Software License Testing Total Downloads

Middleware to implement RFC 2617 Http Authentication. Contains the following components:

Requirements

Installation

This package is installable and autoloadable via Composer as middlewares/http-authentication.

composer require middlewares/http-authentication

BasicAuthentication

The Basic access authentication is the simplest technique.

You have to provide an Array or ArrayAccess with the usernames and passwords of all available users. The keys are the usernames and the values the passwords.

Dispatcher::run([
    new Middlewares\BasicAuthentication([
        'username1' => 'password1',
        'username2' => 'password2'
    ])
]);

Optionally, you can provide a Psr\Http\Message\ResponseFactoryInterface as the second argument, that will be used to create the error responses (401). If it's not defined, Middleware\Utils\Factory will be used to detect it automatically.

$responseFactory = new MyOwnResponseFactory();

$route = new Middlewares\BasicAuthentication($users, $responseFactory);

realm

The realm value. By default is "Login".

attribute

The attribute name used to save the username of the user. If it's not defined, it wont be saved. Example:

Dispatcher::run([
    (new Middlewares\BasicAuthentication([
        'username1' => 'password1',
        'username2' => 'password2'
    ]))->attribute('username'),

    function ($request) {
        $username = $request->getAttribute('username');

        return new Response('Hello '.$username);
    }
]);

verifyHash

This option verifies the password using password_verify. Useful if you don't want to provide the passwords in plain text.

$users = [
    'username' => password_hash('secret-password', PASSWORD_DEFAULT);
]

Dispatcher::run([
    (new Middlewares\BasicAuthentication($users))
        ->attribute('username')
        ->verifyHash(),

    function ($request) {
        $username = $request->getAttribute('username');

        return new Response('Hello '.$username);
    }
]);

DigestAuthentication

The Digest access authentication is more secure than basic.

The constructor signature is the same than BasicAuthentication:

$users = [
    'username1' => 'password1',
    'username2' => 'password2'
];
$responseFactory = new MyOwnResponseFactory();

Dispatcher::run([
    new Middlewares\DigestAuthentication($users, $responseFactory)
]);

realm

The realm value. By default is "Login".

attribute

The attribute name used to save the username of the user. If it's not defined, it wont be saved.

nonce

To configure the nonce value. If its not defined, it's generated with uniqid

Please see CHANGELOG for more information about recent changes and CONTRIBUTING for contributing details.

The MIT License (MIT). Please see LICENSE for more information.

About

PSR-15 middleware to implement Basic and Digest Http authentication

Topics

http middleware psr-15 basic-authentication digest-authentication http-authentication

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

36 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases 11

2.1.2 Latest
Jan 12, 2024
+ 10 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages