Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/matomo-org/matomo.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormattpiwik <matthieu.aubry@gmail.com>2007-07-24 16:57:04 +0400
committermattpiwik <matthieu.aubry@gmail.com>2007-07-24 16:57:04 +0400
commitb23ec243e5d16852836fb7086a9150417acb2183 (patch)
tree83a11cf9d9f02aaa41b0b7c93674eea72abe7912 /libs/Zend/Auth
parent45f9ef24fb6d6d8b53a2a70d70c2b42d7d387104 (diff)
First code commit
(from subclipse) git-svn-id: http://dev.piwik.org/svn/trunk@10 59fd770c-687e-43c8-a1e3-f5a4ff64c105
Diffstat (limited to 'libs/Zend/Auth')
-rwxr-xr-xlibs/Zend/Auth/Adapter/DbTable.php354
-rwxr-xr-xlibs/Zend/Auth/Adapter/Digest.php229
-rwxr-xr-xlibs/Zend/Auth/Adapter/Exception.php37
-rwxr-xr-xlibs/Zend/Auth/Adapter/Http.php834
-rwxr-xr-xlibs/Zend/Auth/Adapter/Http/Resolver/Exception.php41
-rwxr-xr-xlibs/Zend/Auth/Adapter/Http/Resolver/File.php168
-rwxr-xr-xlibs/Zend/Auth/Adapter/Http/Resolver/Interface.php48
-rwxr-xr-xlibs/Zend/Auth/Adapter/Interface.php45
-rwxr-xr-xlibs/Zend/Auth/Exception.php37
-rwxr-xr-xlibs/Zend/Auth/Result.php149
-rwxr-xr-xlibs/Zend/Auth/Storage/Exception.php37
-rwxr-xr-xlibs/Zend/Auth/Storage/Interface.php66
-rwxr-xr-xlibs/Zend/Auth/Storage/NonPersistent.php96
-rwxr-xr-xlibs/Zend/Auth/Storage/Session.php148
14 files changed, 2289 insertions, 0 deletions
diff --git a/libs/Zend/Auth/Adapter/DbTable.php b/libs/Zend/Auth/Adapter/DbTable.php
new file mode 100755
index 0000000000..d0cc4e18d8
--- /dev/null
+++ b/libs/Zend/Auth/Adapter/DbTable.php
@@ -0,0 +1,354 @@
+<?php
+
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @subpackage Zend_Auth_Adapter
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ * @version $Id: DbTable.php 4246 2007-03-27 22:35:56Z ralph $
+ */
+
+
+/**
+ * @see Zend_Auth_Adapter_Interface
+ */
+require_once 'Zend/Auth/Adapter/Interface.php';
+
+
+/**
+ * @see Zend_Db_Adapter_Abstract
+ */
+require_once 'Zend/Db/Adapter/Abstract.php';
+
+
+/**
+ * @category Zend
+ * @package Zend_Auth
+ * @subpackage Zend_Auth_Adapter
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+class Zend_Auth_Adapter_DbTable implements Zend_Auth_Adapter_Interface
+{
+ /**
+ * Database Connection
+ *
+ * @var Zend_Db_Adapter_Abstract
+ */
+ protected $_zendDb = null;
+
+ /**
+ * $_tableName - the table name to check
+ *
+ * @var string
+ */
+ protected $_tableName = null;
+
+ /**
+ * $_identityColumn - the column to use as the identity
+ *
+ * @var string
+ */
+ protected $_identityColumn = null;
+
+ /**
+ * $_credentialColumns - columns to be used as the credentials
+ *
+ * @var string
+ */
+ protected $_credentialColumn = null;
+
+ /**
+ * $_identity - Identity value
+ *
+ * @var string
+ */
+ protected $_identity = null;
+
+ /**
+ * $_credential - Credential values
+ *
+ * @var string
+ */
+ protected $_credential = null;
+
+ /**
+ * $_credentialTreatment - Treatment applied to the credential, such as MD5() or PASSWORD()
+ *
+ * @var string
+ */
+ protected $_credentialTreatment = null;
+
+ /**
+ * $_resultRow - Results of database authentication query
+ *
+ * @var array
+ */
+ protected $_resultRow = null;
+
+ /**
+ * __construct() - Sets configuration options
+ *
+ * @param Zend_Db_Adapter_Abstract $zendDb
+ * @param string $tableName
+ * @param string $identityColumn
+ * @param string $credentialColumn
+ * @param string $credentialTreatment
+ * @return void
+ */
+ public function __construct(Zend_Db_Adapter_Abstract $zendDb, $tableName = null, $identityColumn = null,
+ $credentialColumn = null, $credentialTreatment = null)
+ {
+ $this->_zendDb = $zendDb;
+
+ if (null !== $tableName) {
+ $this->setTableName($tableName);
+ }
+
+ if (null !== $identityColumn) {
+ $this->setIdentityColumn($identityColumn);
+ }
+
+ if (null !== $credentialColumn) {
+ $this->setCredentialColumn($credentialColumn);
+ }
+
+ if (null !== $credentialTreatment) {
+ $this->setCredentialTreatment($credentialTreatment);
+ }
+ }
+
+ /**
+ * setTableName() - set the table name to be used in the select query
+ *
+ * @param string $tableName
+ * @return Zend_Auth_Adapter_DbTable
+ */
+ public function setTableName($tableName)
+ {
+ $this->_tableName = $tableName;
+ return $this;
+ }
+
+ /**
+ * setIdentityColumn() - set the column name to be used as the identity column
+ *
+ * @param string $identityColumn
+ * @return Zend_Auth_Adapter_DbTable
+ */
+ public function setIdentityColumn($identityColumn)
+ {
+ $this->_identityColumn = $identityColumn;
+ return $this;
+ }
+
+ /**
+ * setCredentialColumn() - set the column name to be used as the credential column
+ *
+ * @param string $credentialColumn
+ * @return Zend_Auth_Adapter_DbTable
+ */
+ public function setCredentialColumn($credentialColumn)
+ {
+ $this->_credentialColumn = $credentialColumn;
+ return $this;
+ }
+
+ /**
+ * setCredentialTreatment() - allows the developer to pass a parameterized string that is
+ * used to transform or treat the input credential data
+ *
+ * In many cases, passwords and other sensitive data are encrypted, hashed, encoded,
+ * obscured, or otherwise treated through some function or algorithm. By specifying a
+ * parameterized treatment string with this method, a developer may apply arbitrary SQL
+ * upon input credential data.
+ *
+ * Examples:
+ *
+ * 'PASSWORD(?)'
+ * 'MD5(?)'
+ *
+ * @param string $treatment
+ * @return Zend_Auth_Adapter_DbTable
+ */
+ public function setCredentialTreatment($treatment)
+ {
+ $this->_credentialTreatment = $treatment;
+ return $this;
+ }
+
+ /**
+ * setIdentity() - set the value to be used as the identity
+ *
+ * @param string $value
+ * @return Zend_Auth_Adapter_DbTable
+ */
+ public function setIdentity($value)
+ {
+ $this->_identity = $value;
+ return $this;
+ }
+
+ /**
+ * setCredential() - set the credential value to be used, optionally can specify a treatment
+ * to be used, should be supplied in parameterized form, such as 'MD5(?)' or 'PASSWORD(?)'
+ *
+ * @param string $credential
+ * @return Zend_Auth_Adapter_DbTable
+ */
+ public function setCredential($credential)
+ {
+ $this->_credential = $credential;
+ return $this;
+ }
+
+ /**
+ * getResultRowObject() - Returns the result row as a stdClass object
+ *
+ * @param string|array $returnColumns
+ * @param string|array $omitColumns
+ * @return stdClass
+ */
+ public function getResultRowObject($returnColumns = null, $omitColumns = null)
+ {
+ $returnObject = new stdClass();
+
+ if (null !== $returnColumns) {
+
+ $availableColumns = array_keys($this->_resultRow);
+ foreach ( (array) $returnColumns as $returnColumn) {
+ if (in_array($returnColumn, $availableColumns)) {
+ $returnObject->{$returnColumn} = $this->_resultRow[$returnColumn];
+ }
+ }
+ return $returnObject;
+
+ } elseif (null !== $omitColumns) {
+
+ $omitColumns = (array) $omitColumns;
+ foreach ($this->_resultRow as $resultColumn => $resultValue) {
+ if (!in_array($resultColumn, $omitColumns)) {
+ $returnObject->{$resultColumn} = $resultValue;
+ }
+ }
+ return $returnObject;
+
+ } else {
+
+ foreach ($this->_resultRow as $resultColumn => $resultValue) {
+ $returnObject->{$resultColumn} = $resultValue;
+ }
+ return $returnObject;
+
+ }
+ }
+
+ /**
+ * authenticate() - defined by Zend_Auth_Adapter_Interface.
+ *
+ * @throws Zend_Auth_Adapter_Exception if answering the authentication query is impossible
+ * @return Zend_Auth_Result
+ */
+ public function authenticate()
+ {
+ $exception = null;
+
+ if ($this->_tableName == '') {
+ $exception = 'A table must be supplied for the Zend_Auth_Adapter_DbTable authentication adapter.';
+ } elseif ($this->_identityColumn == '') {
+ $exception = 'An identity column must be supplied for the Zend_Auth_Adapter_DbTable authentication adapter.';
+ } elseif ($this->_credentialColumn == '') {
+ $exception = 'A credential column must be supplied for the Zend_Auth_Adapter_DbTable authentication adapter.';
+ } elseif ($this->_identity == '') {
+ $exception = 'A value for the identity was not provided prior to authentication with Zend_Auth_Adapter_DbTable.';
+ } elseif ($this->_credential === null) {
+ $exception = 'A credential value was not provided prior to authentication with Zend_Auth_Adapter_DbTable.';
+ }
+
+ if (null !== $exception) {
+ /**
+ * @see Zend_Auth_Adapter_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Exception.php';
+ throw new Zend_Auth_Adapter_Exception($exception);
+ }
+
+ // create result array
+ $authResult = array(
+ 'code' => Zend_Auth_Result::FAILURE,
+ 'identity' => $this->_identity,
+ 'messages' => array()
+ );
+
+
+ // build credential expression
+ if (empty($this->_credentialTreatment) || (strpos($this->_credentialTreatment, "?") === false)) {
+ $this->_credentialTreatment = '?';
+ }
+
+ $credentialExpression = new Zend_Db_Expr(
+ $this->_zendDb->quoteInto(
+ $this->_zendDb->quoteIdentifier($this->_credentialColumn)
+ . ' = ' . $this->_credentialTreatment, $this->_credential
+ )
+ . ' AS zend_auth_credential_match'
+ );
+
+ // get select
+ $dbSelect = $this->_zendDb->select();
+ $dbSelect->from($this->_tableName, array('*', $credentialExpression))
+ ->where($this->_zendDb->quoteIdentifier($this->_identityColumn) . ' = ?', $this->_identity);
+
+ // query for the identity
+ try {
+ $resultIdentities = $this->_zendDb->fetchAll($dbSelect->__toString());
+ } catch (Exception $e) {
+ /**
+ * @see Zend_Auth_Adapter_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Exception.php';
+ throw new Zend_Auth_Adapter_Exception('The supplied parameters to Zend_Auth_Adapter_DbTable failed to '
+ . 'produce a valid sql statement, please check table and column names '
+ . 'for validity.');
+ }
+
+ if (count($resultIdentities) < 1) {
+ $authResult['code'] = Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND;
+ $authResult['messages'][] = 'A record with the supplied identity could not be found.';
+ return new Zend_Auth_Result($authResult['code'], $authResult['identity'], $authResult['messages']);
+ } elseif (count($resultIdentities) > 1) {
+ $authResult['code'] = Zend_Auth_Result::FAILURE_IDENTITY_AMBIGUOUS;
+ $authResult['messages'][] = 'More than one record matches the supplied identity.';
+ return new Zend_Auth_Result($authResult['code'], $authResult['identity'], $authResult['messages']);
+ }
+
+ $resultIdentity = $resultIdentities[0];
+
+ if ($resultIdentity['zend_auth_credential_match'] != '1') {
+ $authResult['code'] = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID;
+ $authResult['messages'][] = 'Supplied credential is invalid.';
+ return new Zend_Auth_Result($authResult['code'], $authResult['identity'], $authResult['messages']);
+ }
+
+ unset($resultIdentity['zend_auth_credential_match']);
+ $this->_resultRow = $resultIdentity;
+
+ $authResult['code'] = Zend_Auth_Result::SUCCESS;
+ $authResult['messages'][] = 'Authentication successful.';
+ return new Zend_Auth_Result($authResult['code'], $authResult['identity'], $authResult['messages']);
+ }
+
+} \ No newline at end of file
diff --git a/libs/Zend/Auth/Adapter/Digest.php b/libs/Zend/Auth/Adapter/Digest.php
new file mode 100755
index 0000000000..31131a1652
--- /dev/null
+++ b/libs/Zend/Auth/Adapter/Digest.php
@@ -0,0 +1,229 @@
+<?php
+
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ * @version $Id: Digest.php 4194 2007-03-22 23:50:34Z darby $
+ */
+
+
+/**
+ * @see Zend_Auth_Adapter_Interface
+ */
+require_once 'Zend/Auth/Adapter/Interface.php';
+
+
+/**
+ * @category Zend
+ * @package Zend_Auth
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+class Zend_Auth_Adapter_Digest implements Zend_Auth_Adapter_Interface
+{
+ /**
+ * Filename against which authentication queries are performed
+ *
+ * @var string
+ */
+ protected $_filename;
+
+ /**
+ * Digest authentication realm
+ *
+ * @var string
+ */
+ protected $_realm;
+
+ /**
+ * Digest authentication user
+ *
+ * @var string
+ */
+ protected $_username;
+
+ /**
+ * Password for the user of the realm
+ *
+ * @var string
+ */
+ protected $_password;
+
+ /**
+ * Sets adapter options
+ *
+ * @param mixed $filename
+ * @param mixed $realm
+ * @param mixed $username
+ * @param mixed $password
+ * @return void
+ */
+ public function __construct($filename = null, $realm = null, $username = null, $password = null)
+ {
+ $options = array('filename', 'realm', 'username', 'password');
+ foreach ($options as $option) {
+ if (null !== $$option) {
+ $methodName = 'set' . ucfirst($option);
+ $this->$methodName($$option);
+ }
+ }
+ }
+
+ /**
+ * Returns the filename option value or null if it has not yet been set
+ *
+ * @return string|null
+ */
+ public function getFilename()
+ {
+ return $this->_filename;
+ }
+
+ /**
+ * Sets the filename option value
+ *
+ * @param mixed $filename
+ * @return Zend_Auth_Adapter_Digest Provides a fluent interface
+ */
+ public function setFilename($filename)
+ {
+ $this->_filename = (string) $filename;
+ return $this;
+ }
+
+ /**
+ * Returns the realm option value or null if it has not yet been set
+ *
+ * @return string|null
+ */
+ public function getRealm()
+ {
+ return $this->_realm;
+ }
+
+ /**
+ * Sets the realm option value
+ *
+ * @param mixed $realm
+ * @return Zend_Auth_Adapter_Digest Provides a fluent interface
+ */
+ public function setRealm($realm)
+ {
+ $this->_realm = (string) $realm;
+ return $this;
+ }
+
+ /**
+ * Returns the username option value or null if it has not yet been set
+ *
+ * @return string|null
+ */
+ public function getUsername()
+ {
+ return $this->_username;
+ }
+
+ /**
+ * Sets the username option value
+ *
+ * @param mixed $username
+ * @return Zend_Auth_Adapter_Digest Provides a fluent interface
+ */
+ public function setUsername($username)
+ {
+ $this->_username = (string) $username;
+ return $this;
+ }
+
+ /**
+ * Returns the password option value or null if it has not yet been set
+ *
+ * @return string|null
+ */
+ public function getPassword()
+ {
+ return $this->_password;
+ }
+
+ /**
+ * Sets the password option value
+ *
+ * @param mixed $password
+ * @return Zend_Auth_Adapter_Digest Provides a fluent interface
+ */
+ public function setPassword($password)
+ {
+ $this->_password = (string) $password;
+ return $this;
+ }
+
+ /**
+ * Defined by Zend_Auth_Adapter_Interface
+ *
+ * @throws Zend_Auth_Adapter_Exception
+ * @return Zend_Auth_Result
+ */
+ public function authenticate()
+ {
+ $optionsRequired = array('filename', 'realm', 'username', 'password');
+ foreach ($optionsRequired as $optionRequired) {
+ if (null === $this->{"_$optionRequired"}) {
+ /**
+ * @see Zend_Auth_Adapter_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Exception.php';
+ throw new Zend_Auth_Adapter_Exception("Option '$optionRequired' must be set before authentication");
+ }
+ }
+
+ if (false === ($fileHandle = @fopen($this->_filename, 'r'))) {
+ /**
+ * @see Zend_Auth_Adapter_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Exception.php';
+ throw new Zend_Auth_Adapter_Exception("Cannot open '$this->_filename' for reading");
+ }
+
+ $id = "$this->_username:$this->_realm";
+ $idLength = strlen($id);
+
+ $result = array(
+ 'code' => Zend_Auth_Result::FAILURE,
+ 'identity' => array(
+ 'realm' => $this->_realm,
+ 'username' => $this->_username,
+ ),
+ 'messages' => array()
+ );
+
+ while ($line = trim(fgets($fileHandle))) {
+ if (substr($line, 0, $idLength) === $id) {
+ if (substr($line, -32) === md5("$this->_username:$this->_realm:$this->_password")) {
+ $result['code'] = Zend_Auth_Result::SUCCESS;
+ } else {
+ $result['code'] = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID;
+ $result['messages'][] = 'Password incorrect';
+ }
+ return new Zend_Auth_Result($result['code'], $result['identity'], $result['messages']);
+ }
+ }
+
+ $result['code'] = Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND;
+ $result['messages'][] = "Username '$this->_username' and realm '$this->_realm' combination not found";
+ return new Zend_Auth_Result($result['code'], $result['identity'], $result['messages']);
+ }
+}
diff --git a/libs/Zend/Auth/Adapter/Exception.php b/libs/Zend/Auth/Adapter/Exception.php
new file mode 100755
index 0000000000..8aa8ba4f11
--- /dev/null
+++ b/libs/Zend/Auth/Adapter/Exception.php
@@ -0,0 +1,37 @@
+<?php
+
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ * @version $Id: Exception.php 2794 2007-01-16 01:29:51Z bkarwin $
+ */
+
+
+/**
+ * Zend_Auth_Exception
+ */
+require_once 'Zend/Auth/Exception.php';
+
+
+/**
+ * @category Zend
+ * @package Zend_Auth
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+class Zend_Auth_Adapter_Exception extends Zend_Auth_Exception
+{}
diff --git a/libs/Zend/Auth/Adapter/Http.php b/libs/Zend/Auth/Adapter/Http.php
new file mode 100755
index 0000000000..43decf5336
--- /dev/null
+++ b/libs/Zend/Auth/Adapter/Http.php
@@ -0,0 +1,834 @@
+<?php
+
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @subpackage Zend_Auth_Adapter_Http
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ * @version $Id: Http.php 5260 2007-06-12 03:54:44Z gearhead $
+ */
+
+
+/**
+ * @see Zend_Auth_Adapter_Interface
+ */
+require_once 'Zend/Auth/Adapter/Interface.php';
+
+
+/**
+ * HTTP Authentication Adapter
+ *
+ * Implements a pretty good chunk of RFC 2617.
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @subpackage Zend_Auth_Adapter_Http
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ * @todo Support auth-int
+ * @todo Track nonces, nonce-count, opaque for replay protection and stale support
+ * @todo Support Authentication-Info header
+ */
+class Zend_Auth_Adapter_Http implements Zend_Auth_Adapter_Interface
+{
+ /**
+ * Reference to the HTTP Request object
+ *
+ * @var Zend_Controller_Request_Http
+ */
+ protected $_request;
+
+ /**
+ * Reference to the HTTP Response object
+ *
+ * @var Zend_Controller_Response_Http
+ */
+ protected $_response;
+
+ /**
+ * Object that looks up user credentials for the Basic scheme
+ *
+ * @var Zend_Auth_Adapter_Http_Resolver_Interface
+ */
+ protected $_basicResolver;
+
+ /**
+ * Object that looks up user credentials for the Digest scheme
+ *
+ * @var Zend_Auth_Adapter_Http_Resolver_Interface
+ */
+ protected $_digestResolver;
+
+ /**
+ * List of authentication schemes supported by this class
+ *
+ * @var array
+ */
+ protected $_supportedSchemes = array('basic', 'digest');
+
+ /**
+ * List of schemes this class will accept from the client
+ *
+ * @var array
+ */
+ protected $_acceptSchemes;
+
+ /**
+ * Space-delimited list of protected domains for Digest Auth
+ *
+ * @var string
+ */
+ protected $_domains;
+
+ /**
+ * The protection realm to use
+ *
+ * @var string
+ */
+ protected $_realm;
+
+ /**
+ * Nonce timeout period
+ *
+ * @var integer
+ */
+ protected $_nonceTimeout;
+
+ /**
+ * Whether to send the opaque value in the header. True by default
+ *
+ * @var boolean
+ */
+ protected $_useOpaque;
+
+ /**
+ * List of the supported digest algorithms. I want to support both MD5 and
+ * MD5-sess, but MD5-sess won't make it into the first version.
+ *
+ * @var array
+ */
+ protected $_supportedAlgos = array('MD5');
+
+ /**
+ * The actual algorithm to use. Defaults to MD5
+ *
+ * @var string
+ */
+ protected $_algo;
+
+ /**
+ * List of supported qop options. My intetion is to support both 'auth' and
+ * 'auth-int', but 'auth-int' won't make it into the first version.
+ *
+ * @var array
+ */
+ protected $_supportedQops = array('auth');
+
+ /**
+ * Whether or not to do Proxy Authentication instead of origin server
+ * authentication (send 407's instead of 401's). Off by default.
+ *
+ * @var boolean
+ */
+ protected $_imaProxy;
+
+ /**
+ * Flag indicating the client is IE and didn't bother to return the opaque string
+ *
+ * @var boolean
+ */
+ protected $_ieNoOpaque;
+
+ /**
+ * Constructor
+ *
+ * @param array $config Configuration settings:
+ * 'accept_schemes' => 'basic'|'digest'|'basic digest'
+ * 'realm' => <string>
+ * 'digest_domains' => <string> Space-delimited list of URIs
+ * 'nonce_timeout' => <int>
+ * 'use_opaque' => <bool> Whether to send the opaque value in the header
+ * 'alogrithm' => <string> See $_supportedAlgos. Default: MD5
+ * 'proxy_auth' => <bool> Whether to do authentication as a Proxy
+ * @throws Zend_Auth_Adapter_Exception
+ * @return void
+ */
+ public function __construct(array $config)
+ {
+ $this->_request = null;
+ $this->_response = null;
+ $this->_ieNoOpaque = false;
+
+
+ if (empty($config['accept_schemes'])) {
+ /**
+ * @see Zend_Auth_Adapter_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Exception.php';
+ throw new Zend_Auth_Adapter_Exception('Config key \'accept_schemes\' is required');
+ }
+
+ $schemes = explode(' ', $config['accept_schemes']);
+ $this->_acceptSchemes = array_intersect($schemes, $this->_supportedSchemes);
+ if (empty($this->_acceptSchemes)) {
+ /**
+ * @see Zend_Auth_Adapter_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Exception.php';
+ throw new Zend_Auth_Adapter_Exception('No supported schemes given in \'accept_schemes\'. Valid values: '
+ . implode(', ', $this->_supportedSchemes));
+ }
+
+ // Double-quotes are used to delimit the realm string in the HTTP header,
+ // and colons are field delimiters in the password file.
+ if (empty($config['realm']) ||
+ !ctype_print($config['realm']) ||
+ strpos($config['realm'], ':') !== false ||
+ strpos($config['realm'], '"') !== false) {
+ /**
+ * @see Zend_Auth_Adapter_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Exception.php';
+ throw new Zend_Auth_Adapter_Exception('Config key \'realm\' is required, and must contain only printable '
+ . 'characters, excluding quotation marks and colons');
+ } else {
+ $this->_realm = $config['realm'];
+ }
+
+ if (in_array('digest', $this->_acceptSchemes)) {
+ if (empty($config['digest_domains']) ||
+ !ctype_print($config['digest_domains']) ||
+ strpos($config['digest_domains'], '"') !== false) {
+ /**
+ * @see Zend_Auth_Adapter_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Exception.php';
+ throw new Zend_Auth_Adapter_Exception('Config key \'digest_domains\' is required, and must contain '
+ . 'only printable characters, excluding quotation marks');
+ } else {
+ $this->_domains = $config['digest_domains'];
+ }
+
+ if (empty($config['nonce_timeout']) ||
+ !is_numeric($config['nonce_timeout'])) {
+ /**
+ * @see Zend_Auth_Adapter_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Exception.php';
+ throw new Zend_Auth_Adapter_Exception('Config key \'nonce_timeout\' is required, and must be an '
+ . 'integer');
+ } else {
+ $this->_nonceTimeout = (int) $config['nonce_timeout'];
+ }
+
+ // We use the opaque value unless explicitly told not to
+ if (isset($config['use_opaque']) && false == (bool) $config['use_opaque']) {
+ $this->_useOpaque = false;
+ } else {
+ $this->_useOpaque = true;
+ }
+
+ if (isset($config['algorithm']) && in_array($config['algorithm'], $this->_supportedAlgos)) {
+ $this->_algo = $config['algorithm'];
+ } else {
+ $this->_algo = 'MD5';
+ }
+ }
+
+ // Don't be a proxy unless explicitly told to do so
+ if (isset($config['proxy_auth']) && true == (bool) $config['proxy_auth']) {
+ $this->_imaProxy = true; // I'm a Proxy
+ } else {
+ $this->_imaProxy = false;
+ }
+ }
+
+ /**
+ * Setter for the _basicResolver property
+ *
+ * @param Zend_Auth_Adapter_Http_Resolver_Interface $resolver
+ * @return Zend_Auth_Adapter_Http Provides a fluent interface
+ */
+ public function setBasicResolver(Zend_Auth_Adapter_Http_Resolver_Interface $resolver)
+ {
+ $this->_basicResolver = $resolver;
+
+ return $this;
+ }
+
+ /**
+ * Getter for the _basicResolver property
+ *
+ * @return Zend_Auth_Adapter_Http_Resolver_Interface
+ */
+ public function getBasicResolver()
+ {
+ return $this->_basicResolver;
+ }
+
+ /**
+ * Setter for the _digestResolver property
+ *
+ * @param Zend_Auth_Adapter_Http_Resolver_Interface $resolver
+ * @return Zend_Auth_Adapter_Http Provides a fluent interface
+ */
+ public function setDigestResolver(Zend_Auth_Adapter_Http_Resolver_Interface $resolver)
+ {
+ $this->_digestResolver = $resolver;
+
+ return $this;
+ }
+
+ /**
+ * Getter for the _digestResolver property
+ *
+ * @return Zend_Auth_Adapter_Http_Resolver_Interface
+ */
+ public function getDigestResolver()
+ {
+ return $this->_digestResolver;
+ }
+
+ /**
+ * Setter for the Request object
+ *
+ * @param Zend_Controller_Request_Http $request
+ * @return Zend_Auth_Adapter_Http Provides a fluent interface
+ */
+ public function setRequest(Zend_Controller_Request_Http $request)
+ {
+ $this->_request = $request;
+
+ return $this;
+ }
+
+ /**
+ * Getter for the Request object
+ *
+ * @return Zend_Controller_Request_Http
+ */
+ public function getRequest()
+ {
+ return $this->_request;
+ }
+
+ /**
+ * Setter for the Response object
+ *
+ * @param Zend_Controller_Response_Http $response
+ * @return Zend_Auth_Adapter_Http Provides a fluent interface
+ */
+ public function setResponse(Zend_Controller_Response_Http $response)
+ {
+ $this->_response = $response;
+
+ return $this;
+ }
+
+ /**
+ * Getter for the Response object
+ *
+ * @return Zend_Controller_Response_Http
+ */
+ public function getResponse()
+ {
+ return $this->_response;
+ }
+
+ /**
+ * Authenticate
+ *
+ * @return Zend_Auth_Result
+ * @throws Zend_Auth_Adapter_Exception
+ */
+ public function authenticate()
+ {
+ if (empty($this->_request) ||
+ empty($this->_response)) {
+ /**
+ * @see Zend_Auth_Adapter_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Exception.php';
+ throw new Zend_Auth_Adapter_Exception('Request and Response objects must be set before calling '
+ . 'authenticate()');
+ }
+
+ if ($this->_imaProxy) {
+ $getHeader = 'Proxy-Authorization';
+ } else {
+ $getHeader = 'Authorization';
+ }
+
+ $authHeader = $this->_request->getHeader($getHeader);
+ if (!$authHeader) {
+ return $this->_challengeClient();
+ }
+
+ list($clientScheme) = explode(' ', $authHeader);
+ $clientScheme = strtolower($clientScheme);
+
+ if (!in_array($clientScheme, $this->_supportedSchemes)) {
+ $this->_response->setHttpResponseCode(400);
+ return new Zend_Auth_Result(
+ Zend_Auth_Result::FAILURE_UNCATEGORIZED,
+ array(),
+ array('Client requested an unsupported authentication scheme')
+ );
+ }
+
+ // The server can issue multiple challenges, but the client should
+ // answer with only one selected auth scheme.
+ switch ($clientScheme) {
+ case 'basic':
+ $result = $this->_basicAuth($authHeader);
+ break;
+ case 'digest':
+ $result = $this->_digestAuth($authHeader);
+ break;
+ default:
+ /**
+ * @see Zend_Auth_Adapter_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Exception.php';
+ throw new Zend_Auth_Adapter_Exception('Unsupported authentication scheme');
+ }
+
+ return $result;
+ }
+
+ /**
+ * Challenge Client
+ *
+ * Sets a 401 or 407 Unauthorized response code, and creates the
+ * appropriate Authenticate header(s) to prompt for credentials.
+ *
+ * @return Zend_Auth_Result Always returns a non-identity Auth result
+ */
+ protected function _challengeClient()
+ {
+ if ($this->_imaProxy) {
+ $statusCode = 407;
+ $headerName = 'Proxy-Authenticate';
+ } else {
+ $statusCode = 401;
+ $headerName = 'WWW-Authenticate';
+ }
+
+ $this->_response->setHttpResponseCode($statusCode);
+
+ // Send a challenge in each acceptable authentication scheme
+ if (in_array('basic', $this->_acceptSchemes)) {
+ $this->_response->setHeader($headerName, $this->_basicHeader());
+ }
+ if (in_array('digest', $this->_acceptSchemes)) {
+ $this->_response->setHeader($headerName, $this->_digestHeader());
+ }
+ return new Zend_Auth_Result(
+ Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID,
+ array(),
+ array('Invalid or absent credentials; challenging client')
+ );
+ }
+
+ /**
+ * Basic Header
+ *
+ * Generates a Proxy- or WWW-Authenticate header value in the Basic
+ * authentication scheme.
+ *
+ * @return string Authenticate header value
+ */
+ protected function _basicHeader()
+ {
+ return 'Basic realm="' . $this->_realm . '"';
+ }
+
+ /**
+ * Digest Header
+ *
+ * Generates a Proxy- or WWW-Authenticate header value in the Digest
+ * authentication scheme.
+ *
+ * @return string Authenticate header value
+ */
+ protected function _digestHeader()
+ {
+ $wwwauth = 'Digest realm="' . $this->_realm . '", '
+ . 'domain="' . $this->_domains . '", '
+ . 'nonce="' . $this->_calcNonce() . '", '
+ . ($this->_useOpaque ? 'opaque="' . $this->_calcOpaque() . '", ' : '')
+ . 'algorithm="' . $this->_algo . '", '
+ . 'qop="' . implode(',', $this->_supportedQops) . '"';
+
+ return $wwwauth;
+ }
+
+ /**
+ * Basic Authentication
+ *
+ * @param string $header Client's Authorization header
+ * @throws Zend_Auth_Adapter_Exception
+ * @return Zend_Auth_Result
+ */
+ protected function _basicAuth($header)
+ {
+ if (empty($header)) {
+ /**
+ * @see Zend_Auth_Adapter_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Exception.php';
+ throw new Zend_Auth_Adapter_Exception('The value of the client Authorization header is required');
+ }
+ if (empty($this->_basicResolver)) {
+ /**
+ * @see Zend_Auth_Adapter_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Exception.php';
+ throw new Zend_Auth_Adapter_Exception('A basicResolver object must be set before doing Basic '
+ . 'authentication');
+ }
+
+ // Decode the Authorization header
+ $auth = substr($header, strlen('Basic '));
+ $auth = base64_decode($auth);
+ if (!$auth) {
+ /**
+ * @see Zend_Auth_Adapter_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Exception.php';
+ throw new Zend_Auth_Adapter_Exception('Unable to base64_decode Authorization header value');
+ }
+
+ // See ZF-1253. Validate the credentials the same way the digest
+ // implementation does. If invalid credentials are detected,
+ // re-challenge the client.
+ if (!ctype_print($auth)) {
+ return $this->_challengeClient();
+ }
+ // Fix for ZF-1515: Now re-challenges on empty username or password
+ $creds = array_filter(explode(':', $auth));
+ if (count($creds) != 2) {
+ return $this->_challengeClient();
+ }
+
+ $password = $this->_basicResolver->resolve($creds[0], $this->_realm);
+ if ($password && $password == $creds[1]) {
+ $identity = array('username'=>$creds[0], 'realm'=>$this->_realm);
+ return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity);
+ } else {
+ return $this->_challengeClient();
+ }
+ }
+
+ /**
+ * Digest Authentication
+ *
+ * @param string $header Client's Authorization header
+ * @throws Zend_Auth_Adapter_Exception
+ * @return Zend_Auth_Result Valid auth result only on successful auth
+ */
+ protected function _digestAuth($header)
+ {
+ if (empty($header)) {
+ /**
+ * @see Zend_Auth_Adapter_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Exception.php';
+ throw new Zend_Auth_Adapter_Exception('The value of the client Authorization header is required');
+ }
+ if (empty($this->_digestResolver)) {
+ /**
+ * @see Zend_Auth_Adapter_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Exception.php';
+ throw new Zend_Auth_Adapter_Exception('A digestResolver object must be set before doing Digest authentication');
+ }
+
+ $data = $this->_parseDigestAuth($header);
+ if ($data === false) {
+ $this->_response->setHttpResponseCode(400);
+ return new Zend_Auth_Result(
+ Zend_Auth_Result::FAILURE_UNCATEGORIZED,
+ array(),
+ array('Invalid Authorization header format')
+ );
+ }
+
+ // See ZF-1052. This code was a bit too unforgiving of invalid
+ // usernames. Now, if the username is bad, we re-challenge the client.
+ if ('::invalid::' == $data['username']) {
+ return $this->_challengeClient();
+ }
+
+ // Verify that the client sent back the same nonce
+ if ($this->_calcNonce() != $data['nonce']) {
+ return $this->_challengeClient();
+ }
+ // The opaque value is also required to match, but of course IE doesn't
+ // play ball.
+ if (!$this->_ieNoOpaque && $this->_calcOpaque() != $data['opaque']) {
+ return $this->_challengeClient();
+ }
+
+ // Look up the user's password hash. If not found, deny access.
+ // This makes no assumptions about how the password hash was
+ // constructed beyond that it must have been built in such a way as
+ // to be recreatable with the current settings of this object.
+ $ha1 = $this->_digestResolver->resolve($data['username'], $data['realm']);
+ if ($ha1 === false) {
+ return $this->_challengeClient();
+ }
+
+ // If MD5-sess is used, a1 value is made of the user's password
+ // hash with the server and client nonce appended, separated by
+ // colons.
+ if ($this->_algo == 'MD5-sess') {
+ $ha1 = hash('md5', $ha1 . ':' . $data['nonce'] . ':' . $data['cnonce']);
+ }
+
+ // Calculate h(a2). The value of this hash depends on the qop
+ // option selected by the client and the supported hash functions
+ switch ($data['qop']) {
+ case 'auth':
+ $a2 = $this->_request->getMethod() . ':' . $data['uri'];
+ break;
+ case 'auth-int':
+ // Should be REQUEST_METHOD . ':' . uri . ':' . hash(entity-body),
+ // but this isn't supported yet, so fall through to default case
+ default:
+ /**
+ * @see Zend_Auth_Adapter_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Exception.php';
+ throw new Zend_Auth_Adapter_Exception('Client requested an unsupported qop option');
+ }
+ // Using hash() should make parameterizing the hash algorithm
+ // easier
+ $ha2 = hash('md5', $a2);
+
+
+ // Calculate the server's version of the request-digest. This must
+ // match $data['response']. See RFC 2617, section 3.2.2.1
+ $message = $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $ha2;
+ $digest = hash('md5', $ha1 . ':' . $message);
+
+ // If our digest matches the client's let them in, otherwise return
+ // a 401 code and exit to prevent access to the protected resource.
+ if ($digest == $data['response']) {
+ $identity = array('username'=>$data['username'], 'realm'=>$data['realm']);
+ return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity);
+ } else {
+ return $this->_challengeClient();
+ }
+ }
+
+ /**
+ * Calculate Nonce
+ *
+ * @return string The nonce value
+ */
+ protected function _calcNonce()
+ {
+ // Once subtle consequence of this timeout calculation is that it
+ // actually divides all of time into _nonceTimeout-sized sections, such
+ // that the value of timeout is the point in time of the next
+ // approaching "boundary" of a section. This allows the server to
+ // consistently generate the same timeout (and hence the same nonce
+ // value) across requests, but only as long as one of those
+ // "boundaries" is not crossed between requests. If that happens, the
+ // nonce will change on its own, and effectively log the user out. This
+ // would be surprising if the user just logged in.
+ $timeout = ceil(time() / $this->_nonceTimeout) * $this->_nonceTimeout;
+
+ $nonce = hash('md5', $timeout . ':' . $this->_request->getServer('HTTP_USER_AGENT') . ':' . __CLASS__);
+ return $nonce;
+ }
+
+ /**
+ * Calculate Opaque
+ *
+ * The opaque string can be anything; the client must return it exactly as
+ * it was sent. It may be useful to store data in this string in some
+ * applications. Ideally, a new value for this would be generated each time
+ * a WWW-Authenticate header is sent (in order to reduce predictability),
+ * but we would have to be able to create the same exact value across at
+ * least two separate requests from the same client.
+ *
+ * @return string The opaque value
+ */
+ protected function _calcOpaque()
+ {
+ return hash('md5', 'Opaque Data:' . __CLASS__);
+ }
+
+ /**
+ * Parse Digest Authorization header
+ *
+ * @param string $header Client's Authorization: HTTP header
+ * @return array|false Data elements from header, or false if any part of
+ * the header is invalid
+ */
+ protected function _parseDigestAuth($header)
+ {
+ $temp = null;
+ $data = array();
+
+ // See ZF-1052. Detect invalid usernames instead of just returning a
+ // 400 code.
+ $ret = preg_match('/username="([^"]+)"/', $header, $temp);
+ if (!$ret || empty($temp[1])
+ || !ctype_print($temp[1])
+ || strpos($temp[1], ':') !== false) {
+ $data['username'] = '::invalid::';
+ } else {
+ $data['username'] = $temp[1];
+ }
+ $temp = null;
+
+ $ret = preg_match('/realm="([^"]+)"/', $header, $temp);
+ if (!$ret || empty($temp[1])) {
+ return false;
+ }
+ if (!ctype_print($temp[1]) || strpos($temp[1], ':') !== false) {
+ return false;
+ } else {
+ $data['realm'] = $temp[1];
+ }
+ $temp = null;
+
+ $ret = preg_match('/nonce="([^"]+)"/', $header, $temp);
+ if (!$ret || empty($temp[1])) {
+ return false;
+ }
+ if (!ctype_xdigit($temp[1])) {
+ return false;
+ } else {
+ $data['nonce'] = $temp[1];
+ }
+ $temp = null;
+
+ $ret = preg_match('/uri="([^"]+)"/', $header, $temp);
+ if (!$ret || empty($temp[1])) {
+ return false;
+ }
+ // Section 3.2.2.5 in RFC 2617 says the authenticating server must
+ // verify that the URI field in the Authorization header is for the
+ // same resource requested in the Request Line.
+ $rUri = @parse_url($this->_request->getRequestUri());
+ $cUri = @parse_url($temp[1]);
+ if (false === $rUri || false === $cUri) {
+ return false;
+ } else {
+ // Make sure the path portion of both URIs is the same
+ if ($rUri['path'] != $cUri['path']) {
+ return false;
+ }
+ // Section 3.2.2.5 seems to suggest that the value of the URI
+ // Authorization field should be made into an absolute URI if the
+ // Request URI is absolute, but it's vague, and that's a bunch of
+ // code I don't want to write right now.
+ $data['uri'] = $temp[1];
+ }
+ $temp = null;
+
+ $ret = preg_match('/response="([^"]+)"/', $header, $temp);
+ if (!$ret || empty($temp[1])) {
+ return false;
+ }
+ if (32 != strlen($temp[1]) || !ctype_xdigit($temp[1])) {
+ return false;
+ } else {
+ $data['response'] = $temp[1];
+ }
+ $temp = null;
+
+ // The spec says this should default to MD5 if omitted. OK, so how does
+ // that square with the algo we send out in the WWW-Authenticate header,
+ // if it can easily be overridden by the client?
+ $ret = preg_match('/algorithm="?(' . $this->_algo . ')"?/', $header, $temp);
+ if ($ret && !empty($temp[1])
+ && in_array($temp[1], $this->_supportedAlgos)) {
+ $data['algorithm'] = $temp[1];
+ } else {
+ $data['algorithm'] = 'MD5'; // = $this->_algo; ?
+ }
+ $temp = null;
+
+ // Not optional in this implementation
+ $ret = preg_match('/cnonce="([^"]+)"/', $header, $temp);
+ if (!$ret || empty($temp[1])) {
+ return false;
+ }
+ if (!ctype_print($temp[1])) {
+ return false;
+ } else {
+ $data['cnonce'] = $temp[1];
+ }
+ $temp = null;
+
+ // If the server sent an opaque value, the client must send it back
+ if ($this->_useOpaque) {
+ $ret = preg_match('/opaque="([^"]+)"/', $header, $temp);
+ if (!$ret || empty($temp[1])) {
+
+ // Big surprise: IE isn't RFC 2617-compliant.
+ if (false !== strpos($this->_request->getHeader('User-Agent'), 'MSIE')) {
+ $temp[1] = '';
+ $this->_ieNoOpaque = true;
+ } else {
+ return false;
+ }
+ }
+ // This implementation only sends MD5 hex strings in the opaque value
+ if (!$this->_ieNoOpaque &&
+ (32 != strlen($temp[1]) || !ctype_xdigit($temp[1]))) {
+ return false;
+ } else {
+ $data['opaque'] = $temp[1];
+ }
+ $temp = null;
+ }
+
+ // Not optional in this implementation, but must be one of the supported
+ // qop types
+ $ret = preg_match('/qop="?(' . implode('|', $this->_supportedQops) . ')"?/', $header, $temp);
+ if (!$ret || empty($temp[1])) {
+ return false;
+ }
+ if (!in_array($temp[1], $this->_supportedQops)) {
+ return false;
+ } else {
+ $data['qop'] = $temp[1];
+ }
+ $temp = null;
+
+ // Not optional in this implementation. The spec says this value
+ // shouldn't be a quoted string, but apparently some implementations
+ // quote it anyway. See ZF-1544.
+ $ret = preg_match('/nc="?([0-9A-Fa-f]{8})"?/', $header, $temp);
+ if (!$ret || empty($temp[1])) {
+ return false;
+ }
+ if (8 != strlen($temp[1]) || !ctype_xdigit($temp[1])) {
+ return false;
+ } else {
+ $data['nc'] = $temp[1];
+ }
+ $temp = null;
+
+ return $data;
+ }
+}
diff --git a/libs/Zend/Auth/Adapter/Http/Resolver/Exception.php b/libs/Zend/Auth/Adapter/Http/Resolver/Exception.php
new file mode 100755
index 0000000000..d27250d670
--- /dev/null
+++ b/libs/Zend/Auth/Adapter/Http/Resolver/Exception.php
@@ -0,0 +1,41 @@
+<?php
+
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @subpackage Zend_Auth_Adapter_Http
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ * @version $Id: Exception.php 3842 2007-03-09 18:59:27Z darby $
+ */
+
+
+/**
+ * @see Zend_Auth_Exception
+ */
+require_once 'Zend/Auth/Exception.php';
+
+
+/**
+ * HTTP Auth Resolver Exception
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @subpackage Zend_Auth_Adapter_Http
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+class Zend_Auth_Adapter_Http_Resolver_Exception extends Zend_Auth_Exception
+{}
diff --git a/libs/Zend/Auth/Adapter/Http/Resolver/File.php b/libs/Zend/Auth/Adapter/Http/Resolver/File.php
new file mode 100755
index 0000000000..e68936111f
--- /dev/null
+++ b/libs/Zend/Auth/Adapter/Http/Resolver/File.php
@@ -0,0 +1,168 @@
+<?php
+
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @subpackage Zend_Auth_Adapter_Http
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ * @version $Id: File.php 3842 2007-03-09 18:59:27Z darby $
+ */
+
+
+/**
+ * @see Zend_Auth_Adapter_Http_Resolver_Interface
+ */
+require_once 'Zend/Auth/Adapter/Http/Resolver/Interface.php';
+
+
+/**
+ * HTTP Authentication File Resolver
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @subpackage Zend_Auth_Adapter_Http
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+class Zend_Auth_Adapter_Http_Resolver_File implements Zend_Auth_Adapter_Http_Resolver_Interface
+{
+ /**
+ * Path to credentials file
+ *
+ * @var string
+ */
+ protected $_file;
+
+ /**
+ * Constructor
+ *
+ * @param string $path Complete filename where the credentials are stored
+ * @return void
+ */
+ public function __construct($path = '')
+ {
+ if (!empty($path)) {
+ $this->setFile($path);
+ }
+ }
+
+ /**
+ * Set the path to the credentials file
+ *
+ * @param string $path
+ * @throws Zend_Auth_Adapter_Http_Resolver_Exception
+ * @return Zend_Auth_Adapter_Http_Resolver_File Provides a fluent interface
+ */
+ public function setFile($path)
+ {
+ if (empty($path) || !is_readable($path)) {
+ /**
+ * @see Zend_Auth_Adapter_Http_Resolver_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php';
+ throw new Zend_Auth_Adapter_Http_Resolver_Exception('Path not readable: ' . $path);
+ }
+ $this->_file = $path;
+
+ return $this;
+ }
+
+ /**
+ * Returns the path to the credentials file
+ *
+ * @return string
+ */
+ public function getFile()
+ {
+ return $this->_file;
+ }
+
+ /**
+ * Resolve credentials
+ *
+ * Only the first matching username/realm combination in the file is
+ * returned. If the file contains credentials for Digest authentication,
+ * the returned string is the password hash, or h(a1) from RFC 2617. The
+ * returned string is the plain-text password for Basic authentication.
+ *
+ * The expected format of the file is:
+ * username:realm:sharedSecret
+ *
+ * That is, each line consists of the user's username, the applicable
+ * authentication realm, and the password or hash, each delimited by
+ * colons.
+ *
+ * @param string $username Username
+ * @param string $realm Authentication Realm
+ * @throws Zend_Auth_Adapter_Http_Resolver_Exception
+ * @return string|false User's shared secret, if the user is found in the
+ * realm, false otherwise.
+ */
+ public function resolve($username, $realm)
+ {
+ if (empty($username)) {
+ /**
+ * @see Zend_Auth_Adapter_Http_Resolver_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php';
+ throw new Zend_Auth_Adapter_Http_Resolver_Exception('Username is required');
+ } else if (!ctype_print($username) || strpos($username, ':') !== false) {
+ /**
+ * @see Zend_Auth_Adapter_Http_Resolver_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php';
+ throw new Zend_Auth_Adapter_Http_Resolver_Exception('Username must consist only of printable characters, '
+ . 'excluding the colon');
+ }
+ if (empty($realm)) {
+ /**
+ * @see Zend_Auth_Adapter_Http_Resolver_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php';
+ throw new Zend_Auth_Adapter_Http_Resolver_Exception('Realm is required');
+ } else if (!ctype_print($realm) || strpos($realm, ':') !== false) {
+ /**
+ * @see Zend_Auth_Adapter_Http_Resolver_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php';
+ throw new Zend_Auth_Adapter_Http_Resolver_Exception('Realm must consist only of printable characters, '
+ . 'excluding the colon.');
+ }
+
+ // Open file, read through looking for matching credentials
+ $fp = @fopen($this->_file, 'r');
+ if (!$fp) {
+ /**
+ * @see Zend_Auth_Adapter_Http_Resolver_Exception
+ */
+ require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php';
+ throw new Zend_Auth_Adapter_Http_Resolver_Exception('Unable to open password file: ' . $this->_file);
+ }
+
+ // No real validation is done on the contents of the password file. The
+ // assumption is that we trust the administrators to keep it secure.
+ while (($line = fgetcsv($fp, 512, ':')) !== false) {
+ if ($line[0] == $username && $line[1] == $realm) {
+ $password = $line[2];
+ fclose($fp);
+ return $password;
+ }
+ }
+
+ fclose($fp);
+ return false;
+ }
+}
diff --git a/libs/Zend/Auth/Adapter/Http/Resolver/Interface.php b/libs/Zend/Auth/Adapter/Http/Resolver/Interface.php
new file mode 100755
index 0000000000..e867ce52b1
--- /dev/null
+++ b/libs/Zend/Auth/Adapter/Http/Resolver/Interface.php
@@ -0,0 +1,48 @@
+<?php
+
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @subpackage Zend_Auth_Adapter_Http
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ * @version $Id: Interface.php 3842 2007-03-09 18:59:27Z darby $
+ */
+
+
+/**
+ * Auth HTTP Resolver Interface
+ *
+ * Defines an interace to resolve a username/realm combination into a shared
+ * secret usable by HTTP Authentication.
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @subpackage Zend_Auth_Adapter_Http
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+interface Zend_Auth_Adapter_Http_Resolver_Interface
+{
+ /**
+ * Resolve username/realm to password/hash/etc.
+ *
+ * @param string $username Username
+ * @param string $realm Authentication Realm
+ * @return string|false User's shared secret, if the user is found in the
+ * realm, false otherwise.
+ */
+ public function resolve($username, $realm);
+}
diff --git a/libs/Zend/Auth/Adapter/Interface.php b/libs/Zend/Auth/Adapter/Interface.php
new file mode 100755
index 0000000000..2b6691be88
--- /dev/null
+++ b/libs/Zend/Auth/Adapter/Interface.php
@@ -0,0 +1,45 @@
+<?php
+
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ * @version $Id: Interface.php 3412 2007-02-14 22:22:35Z darby $
+ */
+
+
+/**
+ * @see Zend_Auth_Result
+ */
+require_once 'Zend/Auth/Result.php';
+
+
+/**
+ * @category Zend
+ * @package Zend_Auth
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+interface Zend_Auth_Adapter_Interface
+{
+ /**
+ * Performs an authentication attempt
+ *
+ * @throws Zend_Auth_Adapter_Exception If authentication cannot be performed
+ * @return Zend_Auth_Result
+ */
+ public function authenticate();
+}
diff --git a/libs/Zend/Auth/Exception.php b/libs/Zend/Auth/Exception.php
new file mode 100755
index 0000000000..9066f4d7c3
--- /dev/null
+++ b/libs/Zend/Auth/Exception.php
@@ -0,0 +1,37 @@
+<?php
+
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ * @version $Id: Exception.php 2794 2007-01-16 01:29:51Z bkarwin $
+ */
+
+
+/**
+ * Zend_Exception
+ */
+require_once 'Zend/Exception.php';
+
+
+/**
+ * @category Zend
+ * @package Zend_Auth
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+class Zend_Auth_Exception extends Zend_Exception
+{}
diff --git a/libs/Zend/Auth/Result.php b/libs/Zend/Auth/Result.php
new file mode 100755
index 0000000000..25ff374fa7
--- /dev/null
+++ b/libs/Zend/Auth/Result.php
@@ -0,0 +1,149 @@
+<?php
+
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ * @version $Id: Result.php 4194 2007-03-22 23:50:34Z darby $
+ */
+
+
+/**
+ * @category Zend
+ * @package Zend_Auth
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+class Zend_Auth_Result
+{
+ /**
+ * General Failure
+ */
+ const FAILURE = 0;
+
+ /**
+ * Failure due to identity not being found.
+ */
+ const FAILURE_IDENTITY_NOT_FOUND = -1;
+
+ /**
+ * Failure due to identity being ambiguous.
+ */
+ const FAILURE_IDENTITY_AMBIGUOUS = -2;
+
+ /**
+ * Failure due to invalid credential being supplied.
+ */
+ const FAILURE_CREDENTIAL_INVALID = -3;
+
+ /**
+ * Failure due to uncategorized reasons.
+ */
+ const FAILURE_UNCATEGORIZED = -4;
+
+ /**
+ * Authentication success.
+ */
+ const SUCCESS = 1;
+
+ /**
+ * Authentication result code
+ *
+ * @var int
+ */
+ protected $_code;
+
+ /**
+ * The identity used in the authentication attempt
+ *
+ * @var mixed
+ */
+ protected $_identity;
+
+ /**
+ * An array of string reasons why the authentication attempt was unsuccessful
+ *
+ * If authentication was successful, this should be an empty array.
+ *
+ * @var array
+ */
+ protected $_messages;
+
+ /**
+ * Sets the result code, identity, and failure messages
+ *
+ * @param int $code
+ * @param mixed $identity
+ * @param array $messages
+ * @return void
+ */
+ public function __construct($code, $identity, array $messages = array())
+ {
+ $code = (int) $code;
+
+ if ($code < self::FAILURE_UNCATEGORIZED) {
+ $code = self::FAILURE;
+ } elseif ($code > self::SUCCESS ) {
+ $code = 1;
+ }
+
+ $this->_code = $code;
+ $this->_identity = $identity;
+ $this->_messages = $messages;
+ }
+
+ /**
+ * Returns whether the result represents a successful authentication attempt
+ *
+ * @return boolean
+ */
+ public function isValid()
+ {
+ return ($this->_code > 0) ? true : false;
+ }
+
+ /**
+ * getCode() - Get the result code for this authentication attempt
+ *
+ * @return int
+ */
+ public function getCode()
+ {
+ return $this->_code;
+ }
+
+ /**
+ * Returns the identity used in the authentication attempt
+ *
+ * @return mixed
+ */
+ public function getIdentity()
+ {
+ return $this->_identity;
+ }
+
+ /**
+ * Returns an array of string reasons why the authentication attempt was unsuccessful
+ *
+ * If authentication was successful, this method returns an empty array.
+ *
+ * @return array
+ */
+ public function getMessages()
+ {
+ return $this->_messages;
+ }
+}
diff --git a/libs/Zend/Auth/Storage/Exception.php b/libs/Zend/Auth/Storage/Exception.php
new file mode 100755
index 0000000000..24dbad0e6c
--- /dev/null
+++ b/libs/Zend/Auth/Storage/Exception.php
@@ -0,0 +1,37 @@
+<?php
+
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ * @version $Id: Exception.php 3412 2007-02-14 22:22:35Z darby $
+ */
+
+
+/**
+ * Zend_Auth_Exception
+ */
+require_once 'Zend/Auth/Exception.php';
+
+
+/**
+ * @category Zend
+ * @package Zend_Auth
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+class Zend_Auth_Storage_Exception extends Zend_Auth_Exception
+{}
diff --git a/libs/Zend/Auth/Storage/Interface.php b/libs/Zend/Auth/Storage/Interface.php
new file mode 100755
index 0000000000..e5acd16051
--- /dev/null
+++ b/libs/Zend/Auth/Storage/Interface.php
@@ -0,0 +1,66 @@
+<?php
+
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ * @version $Id: Interface.php 3412 2007-02-14 22:22:35Z darby $
+ */
+
+
+/**
+ * @category Zend
+ * @package Zend_Auth
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+interface Zend_Auth_Storage_Interface
+{
+ /**
+ * Returns true if and only if storage is empty
+ *
+ * @throws Zend_Auth_Storage_Exception If it is impossible to determine whether storage is empty
+ * @return boolean
+ */
+ public function isEmpty();
+
+ /**
+ * Returns the contents of storage
+ *
+ * Behavior is undefined when storage is empty.
+ *
+ * @throws Zend_Auth_Storage_Exception If reading contents from storage is impossible
+ * @return mixed
+ */
+ public function read();
+
+ /**
+ * Writes $contents to storage
+ *
+ * @param mixed $contents
+ * @throws Zend_Auth_Storage_Exception If writing $contents to storage is impossible
+ * @return void
+ */
+ public function write($contents);
+
+ /**
+ * Clears contents from storage
+ *
+ * @throws Zend_Auth_Storage_Exception If clearing contents from storage is impossible
+ * @return void
+ */
+ public function clear();
+}
diff --git a/libs/Zend/Auth/Storage/NonPersistent.php b/libs/Zend/Auth/Storage/NonPersistent.php
new file mode 100755
index 0000000000..d36616b419
--- /dev/null
+++ b/libs/Zend/Auth/Storage/NonPersistent.php
@@ -0,0 +1,96 @@
+<?php
+
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ * @version $Id:$
+ */
+
+
+/**
+ * @see Zend_Auth_Storage_Interface
+ */
+require_once 'Zend/Auth/Storage/Interface.php';
+
+
+/**
+ * Non-Persistent Auth Storage
+ *
+ * Since HTTP Authentication happens again on each request, this will always be
+ * re-populated. So there's no need to use sessions, this simple value class
+ * will hold the data for rest of the current request.
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+class Zend_Auth_Storage_NonPersistent implements Zend_Auth_Storage_Interface
+{
+ /**
+ * Holds the actual auth data
+ */
+ protected $_data;
+
+
+ /**
+ * Returns true if and only if storage is empty
+ *
+ * @throws Zend_Auth_Storage_Exception If it is impossible to determine whether storage is empty
+ * @return boolean
+ */
+ public function isEmpty()
+ {
+ return empty($this->_data);
+ }
+
+ /**
+ * Returns the contents of storage
+ *
+ * Behavior is undefined when storage is empty.
+ *
+ * @throws Zend_Auth_Storage_Exception If reading contents from storage is impossible
+ * @return mixed
+ */
+ public function read()
+ {
+ return $this->_data;
+ }
+
+ /**
+ * Writes $contents to storage
+ *
+ * @param mixed $contents
+ * @throws Zend_Auth_Storage_Exception If writing $contents to storage is impossible
+ * @return void
+ */
+ public function write($contents)
+ {
+ $this->_data = $contents;
+ }
+
+ /**
+ * Clears contents from storage
+ *
+ * @throws Zend_Auth_Storage_Exception If clearing contents from storage is impossible
+ * @return void
+ */
+ public function clear()
+ {
+ $this->_data = null;
+ }
+}
diff --git a/libs/Zend/Auth/Storage/Session.php b/libs/Zend/Auth/Storage/Session.php
new file mode 100755
index 0000000000..2775e6fb6c
--- /dev/null
+++ b/libs/Zend/Auth/Storage/Session.php
@@ -0,0 +1,148 @@
+<?php
+
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category Zend
+ * @package Zend_Auth
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ * @version $Id: Session.php 3428 2007-02-15 14:02:05Z darby $
+ */
+
+
+/**
+ * @see Zend_Auth_Storage_Interface
+ */
+require_once 'Zend/Auth/Storage/Interface.php';
+
+
+/**
+ * @see Zend_Session
+ */
+require_once 'Zend/Session.php';
+
+
+/**
+ * @category Zend
+ * @package Zend_Auth
+ * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+class Zend_Auth_Storage_Session implements Zend_Auth_Storage_Interface
+{
+ /**
+ * Default session namespace
+ */
+ const NAMESPACE_DEFAULT = 'Zend_Auth';
+
+ /**
+ * Default session object member name
+ */
+ const MEMBER_DEFAULT = 'storage';
+
+ /**
+ * Object to proxy $_SESSION storage
+ *
+ * @var Zend_Session_Namespace
+ */
+ protected $_session;
+
+ /**
+ * Session namespace
+ *
+ * @var mixed
+ */
+ protected $_namespace;
+
+ /**
+ * Session object member
+ *
+ * @var mixed
+ */
+ protected $_member;
+
+ /**
+ * Sets session storage options and initializes session namespace object
+ *
+ * @param mixed $namespace
+ * @param mixed $member
+ */
+ public function __construct($namespace = self::NAMESPACE_DEFAULT, $member = self::MEMBER_DEFAULT)
+ {
+ $this->_namespace = $namespace;
+ $this->_member = $member;
+ $this->_session = new Zend_Session_Namespace($this->_namespace);
+ }
+
+ /**
+ * Returns the session namespace
+ *
+ * @return string
+ */
+ public function getNamespace()
+ {
+ return $this->_namespace;
+ }
+
+ /**
+ * Returns the name of the session object member
+ *
+ * @return string
+ */
+ public function getMember()
+ {
+ return $this->_member;
+ }
+
+ /**
+ * Defined by Zend_Auth_Storage_Interface
+ *
+ * @return boolean
+ */
+ public function isEmpty()
+ {
+ return !isset($this->_session->{$this->_member});
+ }
+
+ /**
+ * Defined by Zend_Auth_Storage_Interface
+ *
+ * @return mixed
+ */
+ public function read()
+ {
+ return $this->_session->{$this->_member};
+ }
+
+ /**
+ * Defined by Zend_Auth_Storage_Interface
+ *
+ * @param mixed $contents
+ * @return void
+ */
+ public function write($contents)
+ {
+ $this->_session->{$this->_member} = $contents;
+ }
+
+ /**
+ * Defined by Zend_Auth_Storage_Interface
+ *
+ * @return void
+ */
+ public function clear()
+ {
+ unset($this->_session->{$this->_member});
+ }
+}