fabiang/sasl
Composer 安装命令:
composer require fabiang/sasl
包简介
Abstraction of various SASL mechanism responses.
关键字:
README 文档
README
The PHP SASL Authentification Library. Full refactored version of the the original Auth_SASL2 Pear package.
Provides code to generate responses to common SASL mechanisms, including:
- Digest-MD5
- Cram-MD5
- Plain
- Anonymous
- Login (Pseudo mechanism)
- SCRAM
Security
Please note that MD5- and SHA1-based authentication mechanism are considered insecure. Therefore you should prefer at least SCRAM-SHA-256 for non-secure connections (TLS) when ever possible. For that reason Digest-MD5, Cram-MD5 and SCRAM-SHA-1 are deprecated and were removed in modern server software.
Installation
The easiest way to install fabiang/sasl is by using Composer:
composer require fabiang/sasl
Usage
Use the factory method to create a authentication mechanism object:
use Fabiang\SASL\SASL; $mechanism = SASL::SCRAM_SHA3_256->mechanism([ 'authcid' => 'username', 'secret' => 'password', 'authzid' => 'authzid', // optional. Username to proxy as 'service' => 'servicename', // optional. Name of the service 'hostname' => 'hostname', // optional. Hostname of the service ]); $response = $mechanism->createResponse();
Or create from string:
// throws Fabiang\SASL\Exception\UnsupportedMechanismException $mechanism = SASL::fromString('SCRAM-SHA3-256')->mechanism([ // ... ]);
Challenge-based authentication mechanisms implement the interface
Fabiang\SASL\Authentication\ChallengeAuthenticationInterface.
For those mechanisms call the method again with the challenge returned by the server:
$response = $mechanism->createResponse($challenge);
Note: The challenge must be Base64 decoded.
SCRAM verification
To verify the data returned by the server for SCRAM you can call:
$trusted = $mechanism->verify($data);
If the method returns false you should disconnect.
SCRAM downgrade protection
To enable downgrade protection for SCRAM, you'll need to pass the allowed authentication mechanisms and channel-binding types via options to the factory:
Note: Channel-binding is currently not supported due to limitations of PHP.
$authentication = AuthenticationMechanism::SCRAM_SHA_1->mechanism([ 'authcid' => 'username', 'secret' => 'password', 'authzid' => 'authzid', // optional. Username to proxy as 'service' => 'servicename', // optional. Name of the service 'hostname' => 'hostname', // optional. Hostname of the service 'downgrade_protection' => [ // optional. When `null` downgrade protection string from server won't be validated 'allowed_mechanisms' => ['SCRAM-SHA-1-PLUS', 'SCRAM-SHA-1'], // allowed mechanisms by the server 'allowed_channel_bindings' => ['tls-unique', 'tls-exporter', 'tls-server-end-point'], // allowed channel-binding types by the server ], ]);
Required options
List of options required by authentication mechanisms.
For mechanisms that are challenge-based you'll need to call createResponse()
again and send the returned value to the server.
| Mechanism | Authcid | Secret | Authzid | Service | Hostname | Challenge | |
|---|---|---|---|---|---|---|---|
| Anonymous | optional | no | no | no | no | no | |
| Cram-MD5 | yes | yes | no | no | no | yes | |
| Digest-MD5 | yes | yes | optional | yes | yes | yes | |
| External | no | no | optional | no | no | no | |
| Login | yes | yes | no | no | no | no | |
| Plain | yes | yes | optional | no | no | no | |
| SCRAM-* | yes | yes | optional | no | no | yes |
Authcid = e.g. username, Secret = e.g. password
Unit tests
If you like this library and you want to contribute, make sure the unit tests and integration tests are running.
Run the unit tests:
./vendor/bin/phpunit
Integration tests
The integration tests verify the authentication methods against an Ejabberd and Dovecot server.
To launch the servers you can use the provided Docker Compose file. Just install Docker and run:
docker compose up -d
Note: ejabberd takes up to twenty minutes to start.
Now you can run the integration tests:
./vendor/bin/behat
License
BSD-3-Clause. See the LICENSE.md.
fabiang/sasl 适用场景与选型建议
fabiang/sasl 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 48.64k 次下载、GitHub Stars 达 12, 最近一次更新时间为 2014 年 12 月 10 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「Authentication」 「auth」 「sasl」 「scram」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 fabiang/sasl 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 fabiang/sasl 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 fabiang/sasl 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
A Pure PHP SASL Library
A PHP Memcache client with binary protocol and SASL support
Extends the built-in Laravel 5 Cache Memcached driver adding support for persistent connections, SASL and Memcached options.
Laravel Multiauth package
Automatically logs-in users if they are already authenticated by a remote source. (e.g. environment variable REMOTE_USER)
GraphQL authentication for your headless Craft CMS applications.
统计信息
- 总下载量: 48.64k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 13
- 点击次数: 25
- 依赖项目数: 3
- 推荐数: 0
其他信息
- 授权协议: BSD-3-Clause
- 更新时间: 2014-12-10