ArrayAuthenticator class error

Question

ArrayAuthenticator class error

ChanderTambia opened this issue 6 years ago · 7 comments

Hi i just found some errors in your code and debugged it

`namespace Slim\Middleware\HttpBasicAuthentication;

class ArrayAuthenticator implements AuthenticatorInterface
{

public $options;

public function __construct($options = null)
{

    /* Default options. */
    $this->options = [
        "users" => []
    ];
		
    if ($options) {
        $this->options = array_merge($this->options, (array)$options);
    }
		
}

public function __invoke(array $arguments)
{
    $user = $arguments["user"];
    $password = $arguments["password"];

    /* Unknown user. */
    if (!isset($this->options["users"]["user"])) {
        return false;
    }

    if (self::isHash($this->options["users"]["password"])) {
        /* Hashed password. */
        return password_verify($password, $this->options["users"]["password"]);
    } else {
        /* Cleartext password. */
        return $this->options["users"]["password"] === $password && $this->options["users"]["user"] === $user;
    }
}

public static function isHash($password)
{
    return preg_match('/^\$(2|2a|2y)\$\d{2}\$.*/', $password) && (strlen($password) >= 60);
}

}`

Answer 1 · 2018-06-04T08:19:36.000Z

What are the errors you found?

Answer 2 · 2018-06-04T08:30:46.000Z

it was incomplete and you were using values instead of keys to get array value if i am right. sorry if i am wrong i am a newbie here fresher developer :)

Answer 3 · 2018-06-04T08:41:39.000Z

I mean what error do you encounter? Other way to ask it is does PHP show you an error message? Also what does not work as you expect and how do you expect it to work?

Answer 4 · 2018-06-04T09:15:46.000Z

i was getting 'false' in return every time when authenticate. i was using Basic Authorization.

Answer 5 · 2018-06-04T09:25:21.000Z

Ok, for that copy paste here the code used for initialising the middleware. For example:

$app->add(new Tuupola\Middleware\HttpBasicAuthentication([
    "path" => "/admin",
    "realm" => "Protected",
    "users" => [
        "root" => "t00r",
        "somebody" => "passw0rd"
    ],
]));

Also copy paste an example of failing request and response done with curl (no screenshots, they are not helpful). For example:

$ curl "https://example.com/admin" \
    --include \
    --insecure \
    --user somebody:passw0rd

Answer 6 · 2018-06-19T19:24:35.000Z

@ChanderTambia I ran into your issue as well, no matter what I did the authentication kept returning false. However, in my debugging I found that the Authorization header was never passed to PHP, as such the code always rejected my login requests.

After some looking around I realized that since I'm using FastCGI I needed to configure my server to pass the headers along, this is also explained here:
https://github.com/tuupola/slim-basic-auth#usage-with-fastcgi

Any way, what I'm trying to say is, have you checked to ensure the header reaches the class upon execution? The current latest version works for me as soon as I fixed my configuration.

Answer 7 · 2018-08-14T08:48:30.000Z

Closing due no feedback.