承接 fabiang/sasl 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

fabiang/sasl

Composer 安装命令:

composer require fabiang/sasl

包简介

Abstraction of various SASL mechanism responses.

README 文档

README

The PHP SASL Authentification Library. Full refactored version of the the original Auth_SASL2 Pear package.

Provides code to generate responses to common SASL mechanisms, including:

  • Digest-MD5
  • Cram-MD5
  • Plain
  • Anonymous
  • Login (Pseudo mechanism)
  • SCRAM

PHP Version Require Latest Stable Version Total Downloads License CI Scrutinizer Code Quality Code Coverage

Security

Please note that MD5- and SHA1-based authentication mechanism are considered insecure. Therefore you should prefer at least SCRAM-SHA-256 for non-secure connections (TLS) when ever possible. For that reason Digest-MD5, Cram-MD5 and SCRAM-SHA-1 are deprecated and were removed in modern server software.

Installation

The easiest way to install fabiang/sasl is by using Composer:

composer require fabiang/sasl

Usage

Use the factory method to create a authentication mechanism object:

use Fabiang\SASL\SASL;

$mechanism = SASL::SCRAM_SHA3_256->mechanism([
    'authcid'  => 'username',
    'secret'   => 'password',
    'authzid'  => 'authzid', // optional. Username to proxy as
    'service'  => 'servicename', // optional. Name of the service
    'hostname' => 'hostname', // optional. Hostname of the service
]);

$response = $mechanism->createResponse();

Or create from string:

// throws Fabiang\SASL\Exception\UnsupportedMechanismException
$mechanism = SASL::fromString('SCRAM-SHA3-256')->mechanism([
    // ...
]);

Challenge-based authentication mechanisms implement the interface Fabiang\SASL\Authentication\ChallengeAuthenticationInterface. For those mechanisms call the method again with the challenge returned by the server:

$response = $mechanism->createResponse($challenge);

Note: The challenge must be Base64 decoded.

SCRAM verification

To verify the data returned by the server for SCRAM you can call:

$trusted = $mechanism->verify($data);

If the method returns false you should disconnect.

SCRAM downgrade protection

To enable downgrade protection for SCRAM, you'll need to pass the allowed authentication mechanisms and channel-binding types via options to the factory:

Note: Channel-binding is currently not supported due to limitations of PHP.

$authentication = AuthenticationMechanism::SCRAM_SHA_1->mechanism([
    'authcid'  => 'username',
    'secret'   => 'password',
    'authzid'  => 'authzid', // optional. Username to proxy as
    'service'  => 'servicename', // optional. Name of the service
    'hostname' => 'hostname', // optional. Hostname of the service
    'downgrade_protection' => [ // optional. When `null` downgrade protection string from server won't be validated
        'allowed_mechanisms'       => ['SCRAM-SHA-1-PLUS', 'SCRAM-SHA-1'], // allowed mechanisms by the server
        'allowed_channel_bindings' => ['tls-unique', 'tls-exporter', 'tls-server-end-point'], // allowed channel-binding types by the server
    ],
]);

Required options

List of options required by authentication mechanisms. For mechanisms that are challenge-based you'll need to call createResponse() again and send the returned value to the server.

Mechanism Authcid Secret Authzid Service Hostname Challenge
Anonymous optional no no no no no
Cram-MD5 yes yes no no no yes
Digest-MD5 yes yes optional yes yes yes
External no no optional no no no
Login yes yes no no no no
Plain yes yes optional no no no
SCRAM-* yes yes optional no no yes

Authcid = e.g. username, Secret = e.g. password

Unit tests

If you like this library and you want to contribute, make sure the unit tests and integration tests are running.

Run the unit tests:

./vendor/bin/phpunit

Integration tests

The integration tests verify the authentication methods against an Ejabberd and Dovecot server.

To launch the servers you can use the provided Docker Compose file. Just install Docker and run:

docker compose up -d

Note: ejabberd takes up to twenty minutes to start.

Now you can run the integration tests:

./vendor/bin/behat

License

BSD-3-Clause. See the LICENSE.md.

fabiang/sasl 适用场景与选型建议

fabiang/sasl 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 48.64k 次下载、GitHub Stars 达 12, 最近一次更新时间为 2014 年 12 月 10 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「Authentication」 「auth」 「sasl」 「scram」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 fabiang/sasl 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 fabiang/sasl 我们能提供哪些服务?
定制开发 / 二次开发

基于 fabiang/sasl 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 48.64k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 13
  • 点击次数: 25
  • 依赖项目数: 3
  • 推荐数: 0

GitHub 信息

  • Stars: 12
  • Watchers: 3
  • Forks: 4
  • 开发语言: PHP

其他信息

  • 授权协议: BSD-3-Clause
  • 更新时间: 2014-12-10