adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-09-06 19:42:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Moving Auth related classes to the new structure

Browse source
This commit is contained in:
Jose Lorenzo Rodriguez 2011-03-01 23:38:39 -04:30
parent 42b3f993b9
commit 82834f2ec0
14 changed files with 0 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

39
lib/Cake/Controller/Component/Auth/ActionsAuthorize.php Normal file
View file

@ -0,0 +1,39 @@
<?php
/**
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
App::import('Component', 'auth/base_authorize');
/**
* An authorization adapter for AuthComponent. Provides the ability to authorize using the AclComponent,
* If AclComponent is not already loaded it will be loaded using the Controller's ComponentCollection.
*
* @package cake.libs.controller.components.auth
* @since 2.0
* @see AuthComponent::$authenticate
* @see AclComponent::check()
*/
class ActionsAuthorize extends BaseAuthorize {
/**
* Authorize a user using the AclComponent.
*
* @param array $user The user to authorize
* @param CakeRequest $request The request needing authorization.
* @return boolean
*/
public function authorize($user, CakeRequest $request) {
$Acl = $this->_Collection->load('Acl');
return $Acl->check($user, $this->action($request));
}
}

110
lib/Cake/Controller/Component/Auth/BaseAuthenticate.php Normal file
View file

@ -0,0 +1,110 @@
<?php
/**
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
App::import('Core', 'Security');
/**
* Base Authentication class with common methods and properties.
*
* @package cake.libs.controller.components.auth
*/
abstract class BaseAuthenticate {
/**
* Settings for this object.
*
* - `fields` The fields to use to identify a user by.
* - `userModel` The model name of the User, defaults to User.
* - `scope` Additional conditions to use when looking up and authenticating users,
* i.e. `array('User.is_active' => 1).`
*
* @var array
*/
public $settings = array(
'fields' => array(
'username' => 'username',
'password' => 'password'
),
'userModel' => 'User',
'scope' => array()
);
/**
* A Component collection, used to get more components.
*
* @var ComponentCollection
*/
protected $_Collection;
/**
* Constructor
*
* @param ComponentCollection $collection The Component collection used on this request.
* @param array $settings Array of settings to use.
*/
public function __construct(ComponentCollection $collection, $settings) {
$this->_Collection = $collection;
$this->settings = Set::merge($this->settings, $settings);
}
/**
* Find a user record using the standard options.
*
* @param string $username The username/identifier.
* @param string $password The unhashed password.
* @return Mixed Either false on failure, or an array of user data.
*/
protected function _findUser($username, $password) {
$userModel = $this->settings['userModel'];
list($plugin, $model) = pluginSplit($userModel);
$fields = $this->settings['fields'];
$conditions = array(
$model . '.' . $fields['username'] => $username,
$model . '.' . $fields['password'] => AuthComponent::password($password),
);
if (!empty($this->settings['scope'])) {
$conditions = array_merge($conditions, $this->settings['scope']);
}
$result = ClassRegistry::init($userModel)->find('first', array(
'conditions' => $conditions,
'recursive' => 0
));
if (empty($result) || empty($result[$model])) {
return false;
}
unset($result[$model][$fields['password']]);
return $result[$model];
}
/**
* Authenticate a user based on the request information.
*
* @param CakeRequest $request Request to get authentication information from.
* @param CakeResponse $response A response object that can have headers added.
* @return mixed Either false on failure, or an array of user data on success.
*/
abstract public function authenticate(CakeRequest $request, CakeResponse $response);
/**
* Get a user based on information in the request. Primarily used by stateless authentication
* systems like basic and digest auth.
*
* @param CakeRequest $request Request object.
* @return mixed Either false or an array of user information
*/
public function getUser($request) {
return false;
}
}

135
lib/Cake/Controller/Component/Auth/BaseAuthorize.php Normal file
View file

@ -0,0 +1,135 @@
<?php
/**
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
/**
* Abstract base authorization adapter for AuthComponent.
*
* @package cake.libs.controller.components.auth
* @since 2.0
* @see AuthComponent::$authenticate
*/
abstract class BaseAuthorize {
/**
* Controller for the request.
*
* @var Controller
*/
protected $_Controller = null;
/**
* Component collection instance for getting more components.
*
* @var ComponentCollection
*/
protected $_Collection;
/**
* Settings for authorize objects.
*
* - `actionPath` - The path to ACO nodes that contains the nodes for controllers. Used as a prefix
* when calling $this->action();
* - `actionMap` - Action -> crud mappings. Used by authorization objects that want to map actions to CRUD roles.
*
* @var array
*/
public $settings = array(
'actionPath' => null,
'actionMap' => array(
'index' => 'read',
'add' => 'create',
'edit' => 'update',
'view' => 'read',
'delete' => 'delete',
'remove' => 'delete'
)
);
/**
* Constructor
*
* @param Controller $controller The controller for this request.
* @param string $settings An array of settings. This class does not use any settings.
*/
public function __construct(ComponentCollection $collection, $settings = array()) {
$this->_Collection = $collection;
$controller = $collection->getController();
$this->controller($controller);
$this->settings = Set::merge($this->settings, $settings);
}
/**
* Checks user authorization.
*
* @param array $user Active user data
* @param CakeRequest $request
* @return boolean
*/
abstract public function authorize($user, CakeRequest $request);
/**
* Accessor to the controller object.
*
* @param mixed $controller null to get, a controller to set.
* @return mixed.
*/
public function controller($controller = null) {
if ($controller) {
if (!$controller instanceof Controller) {
throw new CakeException(__('$controller needs to be an instance of Controller'));
}
$this->_Controller = $controller;
return true;
}
return $this->_Controller;
}
/**
* Get the action path for a given request. Primarily used by authorize objects
* that need to get information about the plugin, controller, and action being invoked.
*
* @param CakeRequest $request The request a path is needed for.
* @return string the action path for the given request.
*/
public function action($request, $path = '/:plugin/:controller/:action') {
$plugin = empty($request['plugin']) ? null : Inflector::camelize($request['plugin']) . '/';
return str_replace(
array(':controller', ':action', ':plugin/'),
array(Inflector::camelize($request['controller']), $request['action'], $plugin),
$this->settings['actionPath'] . $path
);
}
/**
* Maps crud actions to actual controller names. Used to modify or get the current mapped actions.
*
* @param mixed $map Either an array of mappings, or undefined to get current values.
* @return mixed Either the current mappings or null when setting.
*/
public function mapActions($map = array()) {
if (empty($map)) {
return $this->settings['actionMap'];
}
$crud = array('create', 'read', 'update', 'delete');
foreach ($map as $action => $type) {
if (in_array($action, $crud) && is_array($type)) {
foreach ($type as $typedAction) {
$this->settings['actionMap'][$typedAction] = $action;
}
} else {
$this->settings['actionMap'][$action] = $type;
}
}
}
}

65
lib/Cake/Controller/Component/Auth/ControllerAuthorize.php Normal file
View file

@ -0,0 +1,65 @@
<?php
/**
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
App::import('Component', 'auth/base_authorize');
/**
* An authorization adapter for AuthComponent. Provides the ability to authorize using a controller callback.
* Your controller's isAuthorized() method should return a boolean to indicate whether or not the user is authorized.
*
* {{{
* function isAuthorized($user) {
* if (!empty($this->request->params['admin'])) {
* return $user['role'] == 'admin';
* }
* return !empty($user);
* }
* }}}
*
* the above is simple implementation that would only authorize users of the 'admin' role to access
* admin routing.
*
* @package cake.libs.controller.components.auth
* @since 2.0
* @see AuthComponent::$authenticate
*/
class ControllerAuthorize extends BaseAuthorize {
/**
* Get/set the controller this authorize object will be working with. Also checks that isAuthorized is implemented.
*
* @param mixed $controller null to get, a controller to set.
* @return mixed.
*/
public function controller($controller = null) {
if ($controller) {
if (!method_exists($controller, 'isAuthorized')) {
throw new CakeException(__('$controller does not implement an isAuthorized() method.'));
}
}
return parent::controller($controller);
}
/**
* Checks user authorization using a controller callback.
*
* @param array $user Active user data
* @param CakeRequest $request
* @return boolean
*/
public function authorize($user, CakeRequest $request) {
return (bool) $this->_Controller->isAuthorized($user);
}
}

98
lib/Cake/Controller/Component/Auth/CrudAuthorize.php Normal file
View file

@ -0,0 +1,98 @@
<?php
/**
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
App::import('Component', 'auth/base_authorize');
/**
* An authorization adapter for AuthComponent. Provides the ability to authorize using CRUD mappings.
* CRUD mappings allow you to translate controller actions into *C*reate *R*ead *U*pdate *D*elete actions.
* This is then checked in the AclComponent as specific permissions.
*
* For example, taking `/posts/index` as the current request. The default mapping for `index`, is a `read` permission
* check. The Acl check would then be for the `posts` controller with the `read` permission. This allows you
* to create permission systems that focus more on what is being done to resources, rather than the specific actions
* being visited.
*
* @package cake.libs.controller.components.auth
* @since 2.0
* @see AuthComponent::$authenticate
* @see AclComponent::check()
*/
class CrudAuthorize extends BaseAuthorize {
/**
* Sets up additional actionMap values that match the configured `Routing.prefixes`.
*
* @param ComponentCollection $collection The component collection from the controller.
* @param string $settings An array of settings. This class does not use any settings.
*/
public function __construct(ComponentCollection $collection, $settings = array()) {
parent::__construct($collection, $settings);
$this->_setPrefixMappings();
}
/**
* sets the crud mappings for prefix routes.
*
* @return void
*/
protected function _setPrefixMappings() {
$crud = array('create', 'read', 'update', 'delete');
$map = array_combine($crud, $crud);
$prefixes = Router::prefixes();
if (!empty($prefixes)) {
foreach ($prefixes as $prefix) {
$map = array_merge($map, array(
$prefix . '_index' => 'read',
$prefix . '_add' => 'create',
$prefix . '_edit' => 'update',
$prefix . '_view' => 'read',
$prefix . '_remove' => 'delete',
$prefix . '_create' => 'create',
$prefix . '_read' => 'read',
$prefix . '_update' => 'update',
$prefix . '_delete' => 'delete'
));
}
}
$this->mapActions($map);
}
/**
* Authorize a user using the mapped actions and the AclComponent.
*
* @param array $user The user to authorize
* @param CakeRequest $request The request needing authorization.
* @return boolean
*/
public function authorize($user, CakeRequest $request) {
if (!isset($this->settings['actionMap'][$request->params['action']])) {
trigger_error(__(
'CrudAuthorize::authorize() - Attempted access of un-mapped action "%1$s" in controller "%2$s"',
$request->action,
$request->controller
),
E_USER_WARNING
);
return false;
}
$Acl = $this->_Collection->load('Acl');
return $Acl->check(
$user,
$this->action($request, ':controller'),
$this->settings['actionMap'][$request->params['action']]
);
}
}

261
lib/Cake/Controller/Component/Auth/DigestAuthenticate.php Normal file
View file

@ -0,0 +1,261 @@
<?php
/**
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
App::import('Component', 'auth/base_authenticate');
/**
* Digest Authentication adapter for AuthComponent.
*
* Provides Digest HTTP authentication support for AuthComponent. Unlike most AuthComponent adapters,
* DigestAuthenticate requires a special password hash that conforms to RFC2617. You can create this
* password using `DigestAuthenticate::password()`. If you wish to use digest authentication alongside other
* authentication methods, its recommended that you store the digest authentication separately.
*
* Clients using Digest Authentication must support cookies. Since AuthComponent identifies users based
* on Session contents, clients without support for cookies will not function properly.
*
* ### Using Digest auth
*
* In your controller's components array, add auth + the required settings.
* {{{
* var $components = array(
* 'Auth' => array(
* 'authenticate' => array('Digest')
* )
* );
* }}}
*
* In your login function just call `$this->Auth->login()` without any checks for POST data. This
* will send the authentication headers, and trigger the login dialog in the browser/client.
*
* ### Generating passwords compatible with Digest authentication.
*
* Due to the Digest authentication specification, digest auth requires a special password value. You
* can generate this password using `DigestAuthenticate::password()`
*
* `$digestPass = DigestAuthenticate::password($username, env('SERVER_NAME'), $password);`
*
* Its recommended that you store this digest auth only password separate from password hashes used for other
* login methods. For example `User.digest_pass` could be used for a digest password, while `User.password` would
* store the password hash for use with other methods like Basic or Form.
*
* @package cake.libs.controller.components.auth
* @since 2.0
*/
class DigestAuthenticate extends BaseAuthenticate {
/**
* Settings for this object.
*
* - `fields` The fields to use to identify a user by.
* - `userModel` The model name of the User, defaults to User.
* - `scope` Additional conditions to use when looking up and authenticating users,
* i.e. `array('User.is_active' => 1).`
* - `realm` The realm authentication is for, Defaults to the servername.
* - `nonce` A nonce used for authentication. Defaults to `uniqid()`.
* - `qop` Defaults to auth, no other values are supported at this time.
* - `opaque` A string that must be returned unchanged by clients. Defaults to `md5($settings['realm'])`
*
* @var array
*/
public $settings = array(
'fields' => array(
'username' => 'username',
'password' => 'password'
),
'userModel' => 'User',
'scope' => array(),
'realm' => '',
'qop' => 'auth',
'nonce' => '',
'opaque' => ''
);
/**
* Constructor, completes configuration for digest authentication.
*
* @param ComponentCollection $collection The Component collection used on this request.
* @param array $settings An array of settings.
*/
public function __construct(ComponentCollection $collection, $settings) {
parent::__construct($collection, $settings);
if (empty($this->settings['realm'])) {
$this->settings['realm'] = env('SERVER_NAME');
}
if (empty($this->settings['nonce'])) {
$this->settings['nonce'] = uniqid('');
}
if (empty($this->settings['opaque'])) {
$this->settings['opaque'] = md5($this->settings['realm']);
}
}
/**
* Authenticate a user using Digest HTTP auth. Will use the configured User model and attempt a
* login using Digest HTTP auth.
*
* @param CakeRequest $request The request to authenticate with.
* @param CakeResponse $response The response to add headers to.
* @return mixed Either false on failure, or an array of user data on success.
*/
public function authenticate(CakeRequest $request, CakeResponse $response) {
$user = $this->getUser($request);
if (empty($user)) {
$response->header($this->loginHeaders());
$response->statusCode(401);
$response->send();
return false;
}
return $user;
}
/**
* Get a user based on information in the request. Used by cookie-less auth for stateless clients.
*
* @param CakeRequest $request Request object.
* @return mixed Either false or an array of user information
*/
public function getUser($request) {
$digest = $this->_getDigest();
if (empty($digest)) {
return false;
}
$user = $this->_findUser($digest['username'], null);
if (empty($user)) {
return false;
}
$password = $user[$this->settings['fields']['password']];
unset($user[$this->settings['fields']['password']]);
if ($digest['response'] === $this->generateResponseHash($digest, $password)) {
return $user;
}
return false;
}
/**
* Find a user record using the standard options.
*
* @param string $username The username/identifier.
* @param string $password Unused password, digest doesn't require passwords.
* @return Mixed Either false on failure, or an array of user data.
*/
protected function _findUser($username, $password) {
$userModel = $this->settings['userModel'];
list($plugin, $model) = pluginSplit($userModel);
$fields = $this->settings['fields'];
$conditions = array(
$model . '.' . $fields['username'] => $username,
);
if (!empty($this->settings['scope'])) {
$conditions = array_merge($conditions, $this->settings['scope']);
}
$result = ClassRegistry::init($userModel)->find('first', array(
'conditions' => $conditions,
'recursive' => 0
));
if (empty($result) || empty($result[$model])) {
return false;
}
return $result[$model];
}
/**
* Gets the digest headers from the request/environment.
*
* @return array Array of digest information.
*/
protected function _getDigest() {
$digest = env('PHP_AUTH_DIGEST');
if (empty($digest) && function_exists('apache_request_headers')) {
$headers = apache_request_headers();
if (!empty($headers['Authorization']) && substr($headers['Authorization'], 0, 7) == 'Digest ') {
$digest = substr($headers['Authorization'], 7);
}
}
if (empty($digest)) {
return false;
}
return $this->parseAuthData($digest);
}
/**
* Parse the digest authentication headers and split them up.
*
* @param string $digest The raw digest authentication headers.
* @return array An array of digest authentication headers
*/
public function parseAuthData($digest) {
if (substr($digest, 0, 7) == 'Digest ') {
$digest = substr($digest, 7);
}
$keys = $match = array();
$req = array('nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1);
preg_match_all('/(\w+)=([\'"]?)([a-zA-Z0-9@=.\/_-]+)\2/', $digest, $match, PREG_SET_ORDER);
foreach ($match as $i) {
$keys[$i[1]] = $i[3];
unset($req[$i[1]]);
}
if (empty($req)) {
return $keys;
}
return null;
}
/**
* Generate the response hash for a given digest array.
*
* @param array $digest Digest information containing data from DigestAuthenticate::parseAuthData().
* @param string $password The digest hash password generated with DigestAuthenticate::password()
* @return string Response hash
*/
public function generateResponseHash($digest, $password) {
return md5(
$password .
':' . $digest['nonce'] . ':' . $digest['nc'] . ':' . $digest['cnonce'] . ':' . $digest['qop'] . ':' .
md5(env('REQUEST_METHOD') . ':' . $digest['uri'])
);
}
/**
* Creates an auth digest password hash to store
*
* @param string $username The username to use in the digest hash.
* @param string $password The unhashed password to make a digest hash for.
* @param string $realm The realm the password is for.
* @return string the hashed password that can later be used with Digest authentication.
*/
public static function password($username, $password, $realm) {
return md5($username . ':' . $realm . ':' . $password);
}
/**
* Generate the login headers
*
* @return string Headers for logging in.
*/
public function loginHeaders() {
$options = array(
'realm' => $this->settings['realm'],
'qop' => $this->settings['qop'],
'nonce' => $this->settings['nonce'],
'opaque' => $this->settings['opaque']
);
$opts = array();
foreach ($options as $k => $v) {
$opts[] = sprintf('%s="%s"', $k, $v);
}
return 'WWW-Authenticate: Digest ' . implode(',', $opts);
}
}

67
lib/Cake/Controller/Component/Auth/FormAuthenticate.php Normal file
View file

@ -0,0 +1,67 @@
<?php
/**
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
App::import('Component', 'auth/base_authenticate');
/**
* An authentication adapter for AuthComponent. Provides the ability to authenticate using POST
* data. Can be used by configuring AuthComponent to use it via the AuthComponent::$authenticate setting.
*
* {{{
* $this->Auth->authenticate = array(
* 'Form' => array(
* 'scope' => array('User.active' => 1)
* )
* )
* }}}
*
* When configuring FormAuthenticate you can pass in settings to which fields, model and additional conditions
* are used. See FormAuthenticate::$settings for more information.
*
* @package cake.libs.controller.components.auth
* @since 2.0
* @see AuthComponent::$authenticate
*/
class FormAuthenticate extends BaseAuthenticate {
/**
* Authenticates the identity contained in a request. Will use the `settings.userModel`, and `settings.fields`
* to find POST data that is used to find a matching record in the `settings.userModel`. Will return false if
* there is no post data, either username or password is missing, of if the scope conditions have not been met.
*
* @param CakeRequest $request The request that contains login information.
* @param CakeResponse $response Unused response object.
* @return mixed. False on login failure. An array of User data on success.
*/
public function authenticate(CakeRequest $request, CakeResponse $response) {
$userModel = $this->settings['userModel'];
list($plugin, $model) = pluginSplit($userModel);
$fields = $this->settings['fields'];
if (empty($request->data[$model])) {
return false;
}
if (
empty($request->data[$model][$fields['username']]) ||
empty($request->data[$model][$fields['password']])
) {
return false;
}
return $this->_findUser(
$request->data[$model][$fields['username']],
$request->data[$model][$fields['password']]
);
}
}

121
lib/Cake/Controller/Component/Auth/basic_authenticate.php Normal file
View file

@ -0,0 +1,121 @@
<?php
/**
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
App::import('Component', 'auth/base_authenticate');
/**
* Basic Authentication adapter for AuthComponent.
*
* Provides Basic HTTP authentication support for AuthComponent. Basic Auth will authenticate users
* against the configured userModel and verify the username and passwords match. Clients using Basic Authentication
* must support cookies. Since AuthComponent identifies users based on Session contents, clients using Basic
* Auth must support cookies.
*
* ### Using Basic auth
*
* In your controller's components array, add auth + the required settings.
* {{{
* var $components = array(
* 'Auth' => array(
* 'authenticate' => array('Basic')
* )
* );
* }}}
*
* In your login function just call `$this->Auth->login()` without any checks for POST data. This
* will send the authentication headers, and trigger the login dialog in the browser/client.
*
* @package cake.libs.controller.components.auth
* @since 2.0
*/
class BasicAuthenticate extends BaseAuthenticate {
/**
* Settings for this object.
*
* - `fields` The fields to use to identify a user by.
* - `userModel` The model name of the User, defaults to User.
* - `scope` Additional conditions to use when looking up and authenticating users,
* i.e. `array('User.is_active' => 1).`
* - `realm` The realm authentication is for. Defaults the server name.
*
* @var array
*/
public $settings = array(
'fields' => array(
'username' => 'username',
'password' => 'password'
),
'userModel' => 'User',
'scope' => array(),
'realm' => '',
);
/**
* Constructor, completes configuration for basic authentication.
*
* @param ComponentCollection $collection The Component collection used on this request.
* @param array $settings An array of settings.
*/
public function __construct(ComponentCollection $collection, $settings) {
parent::__construct($collection, $settings);
if (empty($this->settings['realm'])) {
$this->settings['realm'] = env('SERVER_NAME');
}
}
/**
* Authenticate a user using basic HTTP auth. Will use the configured User model and attempt a
* login using basic HTTP auth.
*
* @param CakeRequest $request The request to authenticate with.
* @param CakeResponse $response The response to add headers to.
* @return mixed Either false on failure, or an array of user data on success.
*/
public function authenticate(CakeRequest $request, CakeResponse $response) {
$result = $this->getUser($request);
if (empty($result)) {
$response->header($this->loginHeaders());
$response->statusCode(401);
$response->send();
return false;
}
return $result;
}
/**
* Get a user based on information in the request. Used by cookie-less auth for stateless clients.
*
* @param CakeRequest $request Request object.
* @return mixed Either false or an array of user information
*/
public function getUser($request) {
$username = env('PHP_AUTH_USER');
$pass = env('PHP_AUTH_PW');
if (empty($username) || empty($pass)) {
return false;
}
return $this->_findUser($username, $pass);
}
/**
* Generate the login headers
*
* @return string Headers for logging in.
*/
public function loginHeaders() {
return sprintf('WWW-Authenticate: Basic realm="%s"', $this->settings['realm']);
}
}

143
lib/Cake/tests/cases/libs/controller/components/auth/actions_authorize.test.php Normal file
View file

@ -0,0 +1,143 @@
<?php
/**
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @package cake.tests.cases.libs.controller.components.auth
* @since CakePHP(tm) v 2.0
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
App::import('Component', 'auth/actions_authorize');
App::import('Controller', 'ComponentCollection');
App::import('Component', 'Acl');
App::import('Core', 'CakeRequest');
App::import('Core', 'Controller');
class ActionsAuthorizeTest extends CakeTestCase {
/**
* setup
*
* @return void
*/
function setUp() {
parent::setUp();
$this->controller = $this->getMock('Controller', array(), array(), '', false);
$this->Acl = $this->getMock('AclComponent', array(), array(), '', false);
$this->Collection = $this->getMock('ComponentCollection');
$this->auth = new ActionsAuthorize($this->Collection);
$this->auth->settings['actionPath'] = '/controllers';
}
/**
* setup the mock acl.
*
* @return void
*/
protected function _mockAcl() {
$this->Collection->expects($this->any())
->method('load')
->with('Acl')
->will($this->returnValue($this->Acl));
}
/**
* test failure
*
* @return void
*/
function testAuthorizeFailure() {
$user = array(
'User' => array(
'id' => 1,
'user' => 'mariano'
)
);
$request = new CakeRequest('/posts/index', false);
$request->addParams(array(
'plugin' => null,
'controller' => 'posts',
'action' => 'index'
));
$this->_mockAcl();
$this->Acl->expects($this->once())
->method('check')
->with($user, '/controllers/Posts/index')
->will($this->returnValue(false));
$this->assertFalse($this->auth->authorize($user, $request));
}
/**
* test isAuthorized working.
*
* @return void
*/
function testAuthorizeSuccess() {
$user = array(
'User' => array(
'id' => 1,
'user' => 'mariano'
)
);
$request = new CakeRequest('/posts/index', false);
$request->addParams(array(
'plugin' => null,
'controller' => 'posts',
'action' => 'index'
));
$this->_mockAcl();
$this->Acl->expects($this->once())
->method('check')
->with($user, '/controllers/Posts/index')
->will($this->returnValue(true));
$this->assertTrue($this->auth->authorize($user, $request));
}
/**
* test action()
*
* @return void
*/
function testActionMethod() {
$request = new CakeRequest('/posts/index', false);
$request->addParams(array(
'plugin' => null,
'controller' => 'posts',
'action' => 'index'
));
$result = $this->auth->action($request);
$this->assertEquals('/controllers/Posts/index', $result);
}
/**
* test action() and plugins
*
* @return void
*/
function testActionWithPlugin() {
$request = new CakeRequest('/debug_kit/posts/index', false);
$request->addParams(array(
'plugin' => 'debug_kit',
'controller' => 'posts',
'action' => 'index'
));
$result = $this->auth->action($request);
$this->assertEquals('/controllers/DebugKit/Posts/index', $result);
}
}

211
lib/Cake/tests/cases/libs/controller/components/auth/basic_authenticate.test.php Normal file
View file

@ -0,0 +1,211 @@
<?php
/**
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @package cake.tests.cases.libs.controller.components.auth
* @since CakePHP(tm) v 2.0
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
App::import('Component', 'Auth');
App::import('Component', 'auth/basic_authenticate');
App::import('Model', 'AppModel');
App::import('Core', 'CakeRequest');
App::import('Core', 'CakeResponse');
require_once CAKE_TESTS . 'cases' . DS . 'libs' . DS . 'model' . DS . 'models.php';
/**
* Test case for BasicAuthentication
*
* @package cake.test.cases.controller.components.auth
*/
class BasicAuthenticateTest extends CakeTestCase {
public $fixtures = array('core.user', 'core.auth_user');
/**
* setup
*
* @return void
*/
function setUp() {
parent::setUp();
$this->Collection = $this->getMock('ComponentCollection');
$this->auth = new BasicAuthenticate($this->Collection, array(
'fields' => array('username' => 'user', 'password' => 'password'),
'userModel' => 'User',
'realm' => 'localhost',
));
$password = Security::hash('password', null, true);
ClassRegistry::init('User')->updateAll(array('password' => '"' . $password . '"'));
$this->server = $_SERVER;
$this->response = $this->getMock('CakeResponse');
}
/**
* teardown
*
* @return void
*/
function tearDown() {
parent::tearDown();
$_SERVER = $this->server;
}
/**
* test applying settings in the constructor
*
* @return void
*/
function testConstructor() {
$object = new BasicAuthenticate($this->Collection, array(
'userModel' => 'AuthUser',
'fields' => array('username' => 'user', 'password' => 'password')
));
$this->assertEquals('AuthUser', $object->settings['userModel']);
$this->assertEquals(array('username' => 'user', 'password' => 'password'), $object->settings['fields']);
$this->assertEquals(env('SERVER_NAME'), $object->settings['realm']);
}
/**
* test the authenticate method
*
* @return void
*/
function testAuthenticateNoData() {
$request = new CakeRequest('posts/index', false);
$this->response->expects($this->once())
->method('header')
->with('WWW-Authenticate: Basic realm="localhost"');
$this->assertFalse($this->auth->authenticate($request, $this->response));
}
/**
* test the authenticate method
*
* @return void
*/
function testAuthenticateNoUsername() {
$request = new CakeRequest('posts/index', false);
$_SERVER['PHP_AUTH_PW'] = 'foobar';
$this->response->expects($this->once())
->method('header')
->with('WWW-Authenticate: Basic realm="localhost"');
$this->assertFalse($this->auth->authenticate($request, $this->response));
}
/**
* test the authenticate method
*
* @return void
*/
function testAuthenticateNoPassword() {
$request = new CakeRequest('posts/index', false);
$_SERVER['PHP_AUTH_USER'] = 'mariano';
$_SERVER['PHP_AUTH_PW'] = null;
$this->response->expects($this->once())
->method('header')
->with('WWW-Authenticate: Basic realm="localhost"');
$this->assertFalse($this->auth->authenticate($request, $this->response));
}
/**
* test the authenticate method
*
* @return void
*/
function testAuthenticateInjection() {
$request = new CakeRequest('posts/index', false);
$request->addParams(array('pass' => array(), 'named' => array()));
$_SERVER['PHP_AUTH_USER'] = '> 1';
$_SERVER['PHP_AUTH_PW'] = "' OR 1 = 1";
$this->assertFalse($this->auth->authenticate($request, $this->response));
}
/**
* test that challenge headers are sent when no credentials are found.
*
* @return void
*/
function testAuthenticateChallenge() {
$request = new CakeRequest('posts/index', false);
$request->addParams(array('pass' => array(), 'named' => array()));
$this->response->expects($this->at(0))
->method('header')
->with('WWW-Authenticate: Basic realm="localhost"');
$this->response->expects($this->at(1))
->method('send');
$result = $this->auth->authenticate($request, $this->response);
$this->assertFalse($result);
}
/**
* test authenticate sucesss
*
* @return void
*/
function testAuthenticateSuccess() {
$request = new CakeRequest('posts/index', false);
$request->addParams(array('pass' => array(), 'named' => array()));
$_SERVER['PHP_AUTH_USER'] = 'mariano';
$_SERVER['PHP_AUTH_PW'] = 'password';
$result = $this->auth->authenticate($request, $this->response);
$expected = array(
'id' => 1,
'user' => 'mariano',
'created' => '2007-03-17 01:16:23',
'updated' => '2007-03-17 01:18:31'
);
$this->assertEquals($expected, $result);
}
/**
* test scope failure.
*
* @return void
*/
function testAuthenticateFailReChallenge() {
$this->auth->settings['scope'] = array('user' => 'nate');
$request = new CakeRequest('posts/index', false);
$request->addParams(array('pass' => array(), 'named' => array()));
$_SERVER['PHP_AUTH_USER'] = 'mariano';
$_SERVER['PHP_AUTH_PW'] = 'password';
$this->response->expects($this->at(0))
->method('header')
->with('WWW-Authenticate: Basic realm="localhost"');
$this->response->expects($this->at(1))
->method('statusCode')
->with(401);
$this->response->expects($this->at(2))
->method('send');
$this->assertFalse($this->auth->authenticate($request, $this->response));
}
}

80
lib/Cake/tests/cases/libs/controller/components/auth/controller_authorize.test.php Normal file
View file

@ -0,0 +1,80 @@
<?php
/**
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @package cake.tests.cases.libs.controller.components.auth
* @since CakePHP(tm) v 2.0
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
App::import('Component', 'auth/controller_authorize');
App::import('Core', 'CakeRequest');
App::import('Core', 'Controller');
class ControllerAuthorizeTest extends CakeTestCase {
/**
* setup
*
* @return void
*/
function setUp() {
parent::setUp();
$this->controller = $this->getMock('Controller', array('isAuthorized'), array(), '', false);
$this->components = $this->getMock('ComponentCollection');
$this->components->expects($this->any())
->method('getController')
->will($this->returnValue($this->controller));
$this->auth = new ControllerAuthorize($this->components);
}
/**
*
* @expectedException CakeException
*/
function testControllerTypeError() {
$this->auth->controller(new StdClass());
}
/**
* @expectedException CakeException
*/
function testControllerErrorOnMissingMethod() {
$this->auth->controller(new Controller());
}
/**
* test failure
*
* @return void
*/
function testAuthorizeFailure() {
$user = array();
$request = new CakeRequest('/posts/index', false);
$this->assertFalse($this->auth->authorize($user, $request));
}
/**
* test isAuthorized working.
*
* @return void
*/
function testAuthorizeSuccess() {
$user = array('User' => array('username' => 'mark'));
$request = new CakeRequest('/posts/index', false);
$this->controller->expects($this->once())
->method('isAuthorized')
->with($user)
->will($this->returnValue(true));
$this->assertTrue($this->auth->authorize($user, $request));
}
}

183
lib/Cake/tests/cases/libs/controller/components/auth/crud_authorize.test.php Normal file
View file

@ -0,0 +1,183 @@
<?php
/**
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @package cake.tests.cases.libs.controller.components.auth
* @since CakePHP(tm) v 2.0
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
App::import('Component', 'auth/crud_authorize');
App::import('Controller', 'ComponentCollection');
App::import('Component', 'Acl');
App::import('Core', 'CakeRequest');
App::import('Core', 'Controller');
class CrudAuthorizeTest extends CakeTestCase {
/**
* setup
*
* @return void
*/
function setUp() {
Configure::write('Routing.prefixes', array());
parent::setUp();
$this->Acl = $this->getMock('AclComponent', array(), array(), '', false);
$this->Components = $this->getMock('ComponentCollection');
$this->auth = new CrudAuthorize($this->Components);
}
/**
* setup the mock acl.
*
* @return void
*/
protected function _mockAcl() {
$this->Components->expects($this->any())
->method('load')
->with('Acl')
->will($this->returnValue($this->Acl));
}
/**
* test authorize() without a mapped action, ensure an error is generated.
*
* @expectedException Exception
* @return void
*/
function testAuthorizeNoMappedAction() {
$request = new CakeRequest('/posts/foobar', false);
$request->addParams(array(
'controller' => 'posts',
'action' => 'foobar'
));
$user = array('User' => array('user' => 'mark'));
$this->auth->authorize($user, $request);
}
/**
* test check() passing
*
* @return void
*/
function testAuthorizeCheckSuccess() {
$request = new CakeRequest('posts/index', false);
$request->addParams(array(
'controller' => 'posts',
'action' => 'index'
));
$user = array('User' => array('user' => 'mark'));
$this->_mockAcl();
$this->Acl->expects($this->once())
->method('check')
->with($user, 'Posts', 'read')
->will($this->returnValue(true));
$this->assertTrue($this->auth->authorize($user, $request));
}
/**
* test check() failing
*
* @return void
*/
function testAuthorizeCheckFailure() {
$request = new CakeRequest('posts/index', false);
$request->addParams(array(
'controller' => 'posts',
'action' => 'index'
));
$user = array('User' => array('user' => 'mark'));
$this->_mockAcl();
$this->Acl->expects($this->once())
->method('check')
->with($user, 'Posts', 'read')
->will($this->returnValue(false));
$this->assertFalse($this->auth->authorize($user, $request));
}
/**
* test getting actionMap
*
* @return void
*/
function testMapActionsGet() {
$result = $this->auth->mapActions();
$expected = array(
'create' => 'create',
'read' => 'read',
'update' => 'update',
'delete' => 'delete',
'index' => 'read',
'add' => 'create',
'edit' => 'update',
'view' => 'read',
'remove' => 'delete'
);
$this->assertEquals($expected, $result);
}
/**
* test adding into mapActions
*
* @return void
*/
function testMapActionsSet() {
$map = array(
'create' => array('generate'),
'read' => array('listing', 'show'),
'update' => array('update'),
'random' => 'custom'
);
$result = $this->auth->mapActions($map);
$this->assertNull($result);
$result = $this->auth->mapActions();
$expected = array(
'add' => 'create',
'create' => 'create',
'read' => 'read',
'index' => 'read',
'add' => 'create',
'edit' => 'update',
'view' => 'read',
'delete' => 'delete',
'remove' => 'delete',
'generate' => 'create',
'listing' => 'read',
'show' => 'read',
'update' => 'update',
'random' => 'custom',
);
$this->assertEquals($expected, $result);
}
/**
* test prefix routes getting auto mapped.
*
* @return void
*/
function testAutoPrefixMapActions() {
Configure::write('Routing.prefixes', array('admin', 'manager'));
Router::reload();
$auth = new CrudAuthorize($this->Components);
$this->assertTrue(isset($auth->settings['actionMap']['admin_index']));
}
}

304
lib/Cake/tests/cases/libs/controller/components/auth/digest_authenticate.test.php Normal file
View file

@ -0,0 +1,304 @@
<?php
/**
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @package cake.tests.cases.libs.controller.components.auth
* @since CakePHP(tm) v 2.0
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
App::import('Component', 'auth/digest_authenticate');
App::import('Model', 'AppModel');
App::import('Core', 'CakeRequest');
App::import('Core', 'CakeResponse');
require_once CAKE_TESTS . 'cases' . DS . 'libs' . DS . 'model' . DS . 'models.php';
/**
* Test case for DigestAuthentication
*
* @package cake.test.cases.controller.components.auth
*/
class DigestAuthenticateTest extends CakeTestCase {
public $fixtures = array('core.user', 'core.auth_user');
/**
* setup
*
* @return void
*/
function setUp() {
parent::setUp();
$this->Collection = $this->getMock('ComponentCollection');
$this->server = $_SERVER;
$this->auth = new DigestAuthenticate($this->Collection, array(
'fields' => array('username' => 'user', 'password' => 'password'),
'userModel' => 'User',
'realm' => 'localhost',
'nonce' => 123,
'opaque' => '123abc'
));
$password = DigestAuthenticate::password('mariano', 'cake', 'localhost');
ClassRegistry::init('User')->updateAll(array('password' => '"' . $password . '"'));
$_SERVER['REQUEST_METHOD'] = 'GET';
$this->response = $this->getMock('CakeResponse');
}
/**
* teardown
*
* @return void
*/
function tearDown() {
parent::tearDown();
$_SERVER = $this->server;
}
/**
* test applying settings in the constructor
*
* @return void
*/
function testConstructor() {
$object = new DigestAuthenticate($this->Collection, array(
'userModel' => 'AuthUser',
'fields' => array('username' => 'user', 'password' => 'password'),
'nonce' => 123456
));
$this->assertEquals('AuthUser', $object->settings['userModel']);
$this->assertEquals(array('username' => 'user', 'password' => 'password'), $object->settings['fields']);
$this->assertEquals(123456, $object->settings['nonce']);
$this->assertEquals(env('SERVER_NAME'), $object->settings['realm']);
}
/**
* test the authenticate method
*
* @return void
*/
function testAuthenticateNoData() {
$request = new CakeRequest('posts/index', false);
$this->response->expects($this->once())
->method('header')
->with('WWW-Authenticate: Digest realm="localhost",qop="auth",nonce="123",opaque="123abc"');
$this->assertFalse($this->auth->authenticate($request, $this->response));
}
/**
* test the authenticate method
*
* @return void
*/
function testAuthenticateWrongUsername() {
$request = new CakeRequest('posts/index', false);
$request->addParams(array('pass' => array(), 'named' => array()));
$_SERVER['PHP_AUTH_DIGEST'] = <<<DIGEST
Digest username="incorrect_user",
realm="localhost",
nonce="123456",
uri="/dir/index.html",
qop=auth,
nc=00000001,
cnonce="0a4f113b",
response="6629fae49393a05397450978507c4ef1",
opaque="123abc"
DIGEST;
$this->response->expects($this->at(0))
->method('header')
->with('WWW-Authenticate: Digest realm="localhost",qop="auth",nonce="123",opaque="123abc"');
$this->response->expects($this->at(1))
->method('statusCode')
->with(401);
$this->response->expects($this->at(2))
->method('send');
$this->assertFalse($this->auth->authenticate($request, $this->response));
}
/**
* test that challenge headers are sent when no credentials are found.
*
* @return void
*/
function testAuthenticateChallenge() {
$request = new CakeRequest('posts/index', false);
$request->addParams(array('pass' => array(), 'named' => array()));
$this->response->expects($this->at(0))
->method('header')
->with('WWW-Authenticate: Digest realm="localhost",qop="auth",nonce="123",opaque="123abc"');
$this->response->expects($this->at(1))
->method('statusCode')
->with(401);
$this->response->expects($this->at(2))
->method('send');
$result = $this->auth->authenticate($request, $this->response);
$this->assertFalse($result);
}
/**
* test authenticate sucesss
*
* @return void
*/
function testAuthenticateSuccess() {
$request = new CakeRequest('posts/index', false);
$request->addParams(array('pass' => array(), 'named' => array()));
$_SERVER['PHP_AUTH_DIGEST'] = <<<DIGEST
Digest username="mariano",
realm="localhost",
nonce="123",
uri="/dir/index.html",
qop=auth,
nc=1,
cnonce="123",
response="06b257a54befa2ddfb9bfa134224aa29",
opaque="123abc"
DIGEST;
$result = $this->auth->authenticate($request, $this->response);
$expected = array(
'id' => 1,
'user' => 'mariano',
'created' => '2007-03-17 01:16:23',
'updated' => '2007-03-17 01:18:31'
);
$this->assertEquals($expected, $result);
}
/**
* test scope failure.
*
* @return void
*/
function testAuthenticateFailReChallenge() {
$this->auth->settings['scope'] = array('user' => 'nate');
$request = new CakeRequest('posts/index', false);
$request->addParams(array('pass' => array(), 'named' => array()));
$_SERVER['PHP_AUTH_DIGEST'] = <<<DIGEST
Digest username="mariano",
realm="localhost",
nonce="123",
uri="/dir/index.html",
qop=auth,
nc=1,
cnonce="123",
response="6629fae49393a05397450978507c4ef1",
opaque="123abc"
DIGEST;
$this->response->expects($this->at(0))
->method('header')
->with('WWW-Authenticate: Digest realm="localhost",qop="auth",nonce="123",opaque="123abc"');
$this->response->expects($this->at(1))
->method('statusCode')
->with(401);
$this->response->expects($this->at(2))
->method('send');
$this->assertFalse($this->auth->authenticate($request, $this->response));
}
/**
* testParseDigestAuthData method
*
* @access public
* @return void
*/
function testParseAuthData() {
$digest = <<<DIGEST
Digest username="Mufasa",
realm="testrealm@host.com",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri="/dir/index.html",
qop=auth,
nc=00000001,
cnonce="0a4f113b",
response="6629fae49393a05397450978507c4ef1",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
DIGEST;
$expected = array(
'username' => 'Mufasa',
'realm' => 'testrealm@host.com',
'nonce' => 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
'uri' => '/dir/index.html',
'qop' => 'auth',
'nc' => '00000001',
'cnonce' => '0a4f113b',
'response' => '6629fae49393a05397450978507c4ef1',
'opaque' => '5ccc069c403ebaf9f0171e9517f40e41'
);
$result = $this->auth->parseAuthData($digest);
$this->assertSame($expected, $result);
$result = $this->auth->parseAuthData('');
$this->assertNull($result);
}
/**
* test parsing digest information with email addresses
*
* @return void
*/
function testParseAuthEmailAddress() {
$digest = <<<DIGEST
Digest username="mark@example.com",
realm="testrealm@host.com",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri="/dir/index.html",
qop=auth,
nc=00000001,
cnonce="0a4f113b",
response="6629fae49393a05397450978507c4ef1",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
DIGEST;
$expected = array(
'username' => 'mark@example.com',
'realm' => 'testrealm@host.com',
'nonce' => 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
'uri' => '/dir/index.html',
'qop' => 'auth',
'nc' => '00000001',
'cnonce' => '0a4f113b',
'response' => '6629fae49393a05397450978507c4ef1',
'opaque' => '5ccc069c403ebaf9f0171e9517f40e41'
);
$result = $this->auth->parseAuthData($digest);
$this->assertIdentical($expected, $result);
}
/**
* test password hashing
*
* @return void
*/
function testPassword() {
$result = DigestAuthenticate::password('mark', 'password', 'localhost');
$expected = md5('mark:localhost:password');
$this->assertEquals($expected, $result);
}
}

187
lib/Cake/tests/cases/libs/controller/components/auth/form_authenticate.test.php Normal file
View file

@ -0,0 +1,187 @@
<?php
/**
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @package cake.tests.cases.libs.controller.components.auth
* @since CakePHP(tm) v 2.0
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
App::import('Component', 'Auth');
App::import('Component', 'auth/form_authenticate');
App::import('Model', 'AppModel');
App::import('Core', 'CakeRequest');
App::import('Core', 'CakeResponse');
require_once CAKE_TESTS . 'cases' . DS . 'libs' . DS . 'model' . DS . 'models.php';
/**
* Test case for FormAuthentication
*
* @package cake.test.cases.controller.components.auth
*/
class FormAuthenticateTest extends CakeTestCase {
public $fixtures = array('core.user', 'core.auth_user');
/**
* setup
*
* @return void
*/
function setUp() {
parent::setUp();
$this->Collection = $this->getMock('ComponentCollection');
$this->auth = new FormAuthenticate($this->Collection, array(
'fields' => array('username' => 'user', 'password' => 'password'),
'userModel' => 'User'
));
$password = Security::hash('password', null, true);
ClassRegistry::init('User')->updateAll(array('password' => '"' . $password . '"'));
$this->response = $this->getMock('CakeResponse');
}
/**
* test applying settings in the constructor
*
* @return void
*/
function testConstructor() {
$object = new FormAuthenticate($this->Collection, array(
'userModel' => 'AuthUser',
'fields' => array('username' => 'user', 'password' => 'password')
));
$this->assertEquals('AuthUser', $object->settings['userModel']);
$this->assertEquals(array('username' => 'user', 'password' => 'password'), $object->settings['fields']);
}
/**
* test the authenticate method
*
* @return void
*/
function testAuthenticateNoData() {
$request = new CakeRequest('posts/index', false);
$request->data = array();
$this->assertFalse($this->auth->authenticate($request, $this->response));
}
/**
* test the authenticate method
*
* @return void
*/
function testAuthenticateNoUsername() {
$request = new CakeRequest('posts/index', false);
$request->data = array('User' => array('password' => 'foobar'));
$this->assertFalse($this->auth->authenticate($request, $this->response));
}
/**
* test the authenticate method
*
* @return void
*/
function testAuthenticateNoPassword() {
$request = new CakeRequest('posts/index', false);
$request->data = array('User' => array('user' => 'mariano'));
$this->assertFalse($this->auth->authenticate($request, $this->response));
}
/**
* test the authenticate method
*
* @return void
*/
function testAuthenticateInjection() {
$request = new CakeRequest('posts/index', false);
$request->data = array(
'User' => array(
'user' => '> 1',
'password' => "' OR 1 = 1"
));
$this->assertFalse($this->auth->authenticate($request, $this->response));
}
/**
* test authenticate sucesss
*
* @return void
*/
function testAuthenticateSuccess() {
$request = new CakeRequest('posts/index', false);
$request->data = array('User' => array(
'user' => 'mariano',
'password' => 'password'
));
$result = $this->auth->authenticate($request, $this->response);
$expected = array(
'id' => 1,
'user' => 'mariano',
'created' => '2007-03-17 01:16:23',
'updated' => '2007-03-17 01:18:31'
);
$this->assertEquals($expected, $result);
}
/**
* test scope failure.
*
* @return void
*/
function testAuthenticateScopeFail() {
$this->auth->settings['scope'] = array('user' => 'nate');
$request = new CakeRequest('posts/index', false);
$request->data = array('User' => array(
'user' => 'mariano',
'password' => 'password'
));
$this->assertFalse($this->auth->authenticate($request, $this->response));
}
/**
* test a model in a plugin.
*
* @return void
*/
function testPluginModel() {
Cache::delete('object_map', '_cake_core_');
App::build(array(
'plugins' => array(TEST_CAKE_CORE_INCLUDE_PATH . 'tests' . DS . 'test_app' . DS . 'plugins' . DS),
), true);
App::objects('plugin', null, false);
$PluginModel = ClassRegistry::init('TestPlugin.TestPluginAuthUser');
$user['id'] = 1;
$user['username'] = 'gwoo';
$user['password'] = Security::hash(Configure::read('Security.salt') . 'cake');
$PluginModel->save($user, false);
$this->auth->settings['userModel'] = 'TestPlugin.TestPluginAuthUser';
$this->auth->settings['fields']['username'] = 'username';
$request = new CakeRequest('posts/index', false);
$request->data = array('TestPluginAuthUser' => array(
'username' => 'gwoo',
'password' => 'cake'
));
$result = $this->auth->authenticate($request, $this->response);
$expected = array(
'id' => 1,
'username' => 'gwoo',
'created' => '2007-03-17 01:16:23',
'updated' => date('Y-m-d H:i:s')
);
$this->assertEquals($expected, $result);
}
}