search

tuupola / slim-basic-auth

PSR-7 and PSR-15 HTTP Basic Authentication Middleware
MIT License
440 stars 66 forks source link

ArrayAuthenticator class error #68

Closed ChanderTambia closed 6 years ago

ChanderTambia commented 6 years ago

Hi i just found some errors in your code and debugged it

`namespace Slim\Middleware\HttpBasicAuthentication;

class ArrayAuthenticator implements AuthenticatorInterface {

public $options;

public function __construct($options = null)
{

    /* Default options. */
    $this->options = [
        "users" => []
    ];

    if ($options) {
        $this->options = array_merge($this->options, (array)$options);
    }

}

public function __invoke(array $arguments)
{
    $user = $arguments["user"];
    $password = $arguments["password"];

    /* Unknown user. */
    if (!isset($this->options["users"]["user"])) {
        return false;
    }

    if (self::isHash($this->options["users"]["password"])) {
        /* Hashed password. */
        return password_verify($password, $this->options["users"]["password"]);
    } else {
        /* Cleartext password. */
        return $this->options["users"]["password"] === $password && $this->options["users"]["user"] === $user;
    }
}

public static function isHash($password)
{
    return preg_match('/^\$(2|2a|2y)\$\d{2}\$.*/', $password) && (strlen($password) >= 60);
}

}`

tuupola commented 6 years ago

What are the errors you found?

ChanderTambia commented 6 years ago

it was incomplete and you were using values instead of keys to get array value if i am right. sorry if i am wrong i am a newbie here fresher developer :)

tuupola commented 6 years ago

I mean what error do you encounter? Other way to ask it is does PHP show you an error message? Also what does not work as you expect and how do you expect it to work?

ChanderTambia commented 6 years ago

i was getting 'false' in return every time when authenticate. i was using Basic Authorization.

tuupola commented 6 years ago

Ok, for that copy paste here the code used for initialising the middleware. For example:

$app->add(new Tuupola\Middleware\HttpBasicAuthentication([
    "path" => "/admin",
    "realm" => "Protected",
    "users" => [
        "root" => "t00r",
        "somebody" => "passw0rd"
    ],
]));

Also copy paste an example of failing request and response done with curl (no screenshots, they are not helpful). For example:

$ curl "https://example.com/admin" \
    --include \
    --insecure \
    --user somebody:passw0rd
Bisa commented 6 years ago

@ChanderTambia I ran into your issue as well, no matter what I did the authentication kept returning false. However, in my debugging I found that the Authorization header was never passed to PHP, as such the code always rejected my login requests.

After some looking around I realized that since I'm using FastCGI I needed to configure my server to pass the headers along, this is also explained here: https://github.com/tuupola/slim-basic-auth#usage-with-fastcgi

Any way, what I'm trying to say is, have you checked to ensure the header reaches the class upon execution? The current latest version works for me as soon as I fixed my configuration.

tuupola commented 6 years ago

Closing due no feedback.