README

Middleware to implement RFC 2617 Http Authentication. Contains the following components:

• BasicAuthentication
• DigestAuthentication

Requirements

• PHP >= 7.2
• A PSR-7 http library
• A PSR-15 middleware dispatcher

Installation

This package is installable and autoloadable via Composer as middlewares/http-authentication.

composer require middlewares/http-authentication

BasicAuthentication

The Basic access authentication is the simplest technique.

You have to provide an Array or ArrayAccess with the usernames and passwords of all available users. The keys are the usernames and the values the passwords.

Dispatcher::run([
    new Middlewares\BasicAuthentication([
        'username1' => 'password1',
        'username2' => 'password2'
    ])
]);

Optionally, you can provide a Psr\Http\Message\ResponseFactoryInterface as the second argument, that will be used to create the error responses (401). If it's not defined, Middleware\Utils\Factory will be used to detect it automatically.

$responseFactory = new MyOwnResponseFactory();

$route = new Middlewares\BasicAuthentication($users, $responseFactory);

realm

The realm value. By default is "Login".

attribute

The attribute name used to save the username of the user. If it's not defined, it wont be saved. Example:

Dispatcher::run([
    (new Middlewares\BasicAuthentication([
        'username1' => 'password1',
        'username2' => 'password2'
    ]))->attribute('username'),

    function ($request) {
        $username = $request->getAttribute('username');

        return new Response('Hello '.$username);
    }
]);

verifyHash

This option verifies the password using password_verify. Useful if you don't want to provide the passwords in plain text.

$users = [
    'username' => password_hash('secret-password', PASSWORD_DEFAULT);
]

Dispatcher::run([
    (new Middlewares\BasicAuthentication($users))
        ->attribute('username')
        ->verifyHash(),

    function ($request) {
        $username = $request->getAttribute('username');

        return new Response('Hello '.$username);
    }
]);

DigestAuthentication

The Digest access authentication is more secure than basic.

The constructor signature is the same than BasicAuthentication:

$users = [
    'username1' => 'password1',
    'username2' => 'password2'
];
$responseFactory = new MyOwnResponseFactory();

Dispatcher::run([
    new Middlewares\DigestAuthentication($users, $responseFactory)
]);

realm

The realm value. By default is "Login".

attribute

The attribute name used to save the username of the user. If it's not defined, it wont be saved.

nonce

To configure the nonce value. If its not defined, it's generated with uniqid

Please see CHANGELOG for more information about recent changes and CONTRIBUTING for contributing details.

The MIT License (MIT). Please see LICENSE for more information.