lithium\security\auth\adapter\Http::_digest()

protected method

Handler for HTTP Digest Authentication

Parameters

  • \lithium\action\Request $request

Returns

boolean|array

Source

	protected function _digest($request) {
		$username = $password = null;
		$auth = $this->_classes['auth'];
		$data = $auth::decode($request->env('PHP_AUTH_DIGEST'));
		$data['realm'] = $this->_config['realm'];
		$data['method'] = $request->method;
		$users = $this->_config['users'];

		if (!empty($data['username']) && !empty($users[$data['username']])) {
			$username = $data['username'];
			$password = $users[$data['username']];
		}
		$encoded = $auth::encode($username, $password, $data);

		if ($encoded['response'] !== $data['response']) {
			$nonce = uniqid();
			$opaque = md5($data['realm']);
			$message = "WWW-Authenticate: Digest realm=\"{$data['realm']}\",qop=\"auth\",";
			$message .= "nonce=\"{$nonce}\",opaque=\"{$opaque}\"";
			$this->_writeHeader($message);
			return false;
		}
		return compact('username', 'password');
	}