Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/middlewares/http-authentication

PSR-15 middleware to implement Basic and Digest Http authentication
https://github.com/middlewares/http-authentication

basic-authentication digest-authentication http http-authentication middleware psr-15

Last synced: about 2 months ago
JSON representation

PSR-15 middleware to implement Basic and Digest Http authentication

Host: GitHub
URL: https://github.com/middlewares/http-authentication
Owner: middlewares
License: mit
Created: 2016-10-02T08:39:05.000Z (almost 8 years ago)
Default Branch: master
Last Pushed: 2024-01-12T17:45:35.000Z (8 months ago)
Last Synced: 2024-07-19T02:33:04.138Z (2 months ago)
Topics: basic-authentication, digest-authentication, http, http-authentication, middleware, psr-15
Language: PHP
Homepage:
Size: 50.8 KB
Stars: 36
Watchers: 3
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

awesome-psr15-middlewares - middlewares/http-authentication - HTTP [Basic](https://en.wikipedia.org/wiki/Basic_access_authentication) and [Digest](https://en.wikipedia.org/wiki/Digest_access_authentication) access authentication. (Packages / Security)

README

        # middlewares/http-authentication

[![Latest Version on Packagist][ico-version]][link-packagist]

[![Software License][ico-license]](LICENSE)

![Testing][ico-ga]

[![Total Downloads][ico-downloads]][link-downloads]

Middleware to implement [RFC 2617 Http Authentication](https://tools.ietf.org/html/rfc2617). Contains the following components:

* [BasicAuthentication](#basicauthentication)

* [DigestAuthentication](#digestauthentication)

## Requirements

* PHP >= 7.2

* A [PSR-7 http library](https://github.com/middlewares/awesome-psr15-middlewares#psr-7-implementations)

* A [PSR-15 middleware dispatcher](https://github.com/middlewares/awesome-psr15-middlewares#dispatcher)

## Installation

This package is installable and autoloadable via Composer as [middlewares/http-authentication](https://packagist.org/packages/middlewares/http-authentication).

```sh

composer require middlewares/http-authentication

```

## BasicAuthentication

The [Basic access authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is the simplest technique.

You have to provide an `Array` or `ArrayAccess` with the usernames and passwords of all available users. The keys are the usernames and the values the passwords.

```php

Dispatcher::run([

    new Middlewares\BasicAuthentication([

        'username1' => 'password1',

        'username2' => 'password2'

    ])

]);

```

Optionally, you can provide a `Psr\Http\Message\ResponseFactoryInterface` as the second argument, that will be used to create the error responses (`401`). If it's not defined, [Middleware\Utils\Factory](https://github.com/middlewares/utils#factory) will be used to detect it automatically.

```php

$responseFactory = new MyOwnResponseFactory();

$route = new Middlewares\BasicAuthentication($users, $responseFactory);

```

### realm

The realm value. By default is "Login".

### attribute

The attribute name used to save the username of the user. If it's not defined, it wont be saved. Example:

```php

Dispatcher::run([

    (new Middlewares\BasicAuthentication([

        'username1' => 'password1',

        'username2' => 'password2'

    ]))->attribute('username'),

    function ($request) {

        $username = $request->getAttribute('username');

        return new Response('Hello '.$username);

    }

]);

```

### verifyHash

This option verifies the password using [`password_verify`](https://www.php.net/manual/en/function.password-verify.php). Useful if you don't want to provide the passwords in plain text.

```php

$users = [

    'username' => password_hash('secret-password', PASSWORD_DEFAULT);

]

Dispatcher::run([

    (new Middlewares\BasicAuthentication($users))

        ->attribute('username')

        ->verifyHash(),

    function ($request) {

        $username = $request->getAttribute('username');

        return new Response('Hello '.$username);

    }

]);

```

## DigestAuthentication

The [Digest access authentication](https://en.wikipedia.org/wiki/Digest_access_authentication) is more secure than basic.

The constructor signature is the same than `BasicAuthentication`:

```php

$users = [

    'username1' => 'password1',

    'username2' => 'password2'

];

$responseFactory = new MyOwnResponseFactory();

Dispatcher::run([

    new Middlewares\DigestAuthentication($users, $responseFactory)

]);

```

### realm

The realm value. By default is "Login".

### attribute

The attribute name used to save the username of the user. If it's not defined, it wont be saved.

### nonce

To configure the nonce value. If its not defined, it's generated with [uniqid](http://php.net/uniqid)

---

Please see [CHANGELOG](CHANGELOG.md) for more information about recent changes and [CONTRIBUTING](CONTRIBUTING.md) for contributing details.

The MIT License (MIT). Please see [LICENSE](LICENSE) for more information.

[ico-version]: https://img.shields.io/packagist/v/middlewares/http-authentication.svg?style=flat-square

[ico-license]: https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square

[ico-ga]: https://github.com/middlewares/http-authentication/workflows/testing/badge.svg

[ico-downloads]: https://img.shields.io/packagist/dt/middlewares/http-authentication.svg?style=flat-square

[link-packagist]: https://packagist.org/packages/middlewares/http-authentication

[link-downloads]: https://packagist.org/packages/middlewares/http-authentication