CakePHP 3 下的摘要认证

Posted

技术标签:

【中文标题】CakePHP 3 下的摘要认证【英文标题】:Digest Authentification under CakePHP 3 【发布时间】:2016-08-11 08:53:30 【问题描述】:

我正在尝试使用 Cakephp 3.1 下的 Authentification 组件创建摘要式身份验证,但遇到了问题。我正在使用下面的代码,并且在上一个弹出窗口中输入正确的用户名和密码后立即弹出 HTTP 身份验证弹出窗口。然后,如果我按取消,我有这个:Cake\Auth\BasicAuthenticate->unauthenticated。

有人可以告诉我我做错了什么吗?

AppController.php

$this->loadComponent('Auth', [
        'authorize' => 'Controller',
        'loginRedirect' => [
            'controller' => 'Users',
            'action' => 'index'
        ],
        'authenticate' => [
            'Digest' => [
                'fields' => ['username' => 'username', 'password' => 'digest_hash'],
                'userModel' => 'Users',
            ],
        ],
        'loginAction' => [
            'controller' => 'Users',
            'action' => 'login',
        ],
        'storage' => 'Memory',
        'unauthorizedRedirect' => false
    ]);

UserTable.php

public function beforeSave(Event $event)

    $entity = $event->data['entity'];

    // Make a password for digest auth.
    $entity->digest_hash = DigestAuthenticate::password(
        $entity->username,
        $entity->plain_password,
        env('SCRIPT_NAME')
    );
    return true;

在客户端部分

    public function digest()
    $http = new Client();
    $response = $http->get('http://localhost/project/api/v1/users/view/22', [], [
        'auth' => [
            'type' => 'digest',
            'username' => 'Digest',
            'password' => 'my_password',
        ]
    ]);

当我检查调试工具包环境时,我有这个:

PHP_AUTH_DIGEST     username="Digest", realm="localhost", nonce="57ac3609a5b79", uri="/project/api/v1/users/view/22", response="af0e1fe455aa7f1475df715ef5231b56", opaque="421aa90e079fa326b6494f812ad13e79", qop=auth, nc=00000001, cnonce="0bb461453700ebc1"

【问题讨论】:

【参考方案1】:

这可能为时已晚,但对某人仍有帮助!

使用$this->Auth->unauthorizedRedirect = false,。导致 AuthComponent 抛出 ForbiddenException 除非您提交有效的用户名和密码,否则不会重定向到另一个页面。

正确注册:

显然,正确注册/添加用户的摘要密码以使摘要身份验证成为可能非常重要。

正如documentation中提到的,我们可以通过在UsersTable.php中添加以下代码来添加摘要哈希密码:

  public function beforeSave(Event $event)
  
    $entity = $event->data['entity'];

    // Make a password for digest auth.
    $entity->digest_hash = DigestAuthenticate::password(
        $entity->username,
        $entity->plain_password,
        env('SERVER_NAME')
    );
    return true;
  

但是我们应该小心上面提到的变量/术语:

1. $entity->digest_hash (this should be equivalent to the field you have made to
   save password, eg. password_hash)

2. $entity->username (this should be equivalent to the field you have made to
   save username, eg. email)

3. $entity->plain_password (again this should be equivalent to the field you have made to
   save password, eg. password_hash)

4. env('SERVER_NAME') (this is third parameter for making digest password,
   "SERVER_NAME" is default value and we can left it this way.)

作为结论,如果我们有一个 email(用于用户名)和 password_hash(用于密码),那么上面的函数将是:

 public function beforeSave(Event $event)
 
  $entity = $event->data['entity'];

  // Make a password for digest auth.
  $entity->password_hash= DigestAuthenticate::password(
    $entity->email,
    $entity->password_hash,
    env('SERVER_NAME')
  );
  return true;
 

我之所以把注意力集中在上面的事情上,是因为它们有犯错的可能性。

【讨论】:

以上是关于CakePHP 3 下的摘要认证的主要内容,如果未能解决你的问题,请参考以下文章

常用的加密算法--摘要认证和签名认证的实现

摘要认证 PHP

摘要认证

详解摘要认证

前端学HTTP之摘要认证

HTTP - 摘要认证