1<?php
2
3namespace Sabre\DAV\Auth\Backend;
4
5use Sabre\HTTP\RequestInterface;
6use Sabre\HTTP\ResponseInterface;
7
8/**
9 * Apache authenticator
10 *
11 * This authentication backend assumes that authentication has been
12 * configured in apache, rather than within SabreDAV.
13 *
14 * Make sure apache is properly configured for this to work.
15 *
16 * @copyright Copyright (C) 2007-2015 fruux GmbH (https://fruux.com/).
17 * @author Evert Pot (http://evertpot.com/)
18 * @license http://sabre.io/license/ Modified BSD License
19 */
20class Apache implements BackendInterface {
21
22    /**
23     * This is the prefix that will be used to generate principal urls.
24     *
25     * @var string
26     */
27    protected $principalPrefix = 'principals/';
28
29    /**
30     * When this method is called, the backend must check if authentication was
31     * successful.
32     *
33     * The returned value must be one of the following
34     *
35     * [true, "principals/username"]
36     * [false, "reason for failure"]
37     *
38     * If authentication was successful, it's expected that the authentication
39     * backend returns a so-called principal url.
40     *
41     * Examples of a principal url:
42     *
43     * principals/admin
44     * principals/user1
45     * principals/users/joe
46     * principals/uid/123457
47     *
48     * If you don't use WebDAV ACL (RFC3744) we recommend that you simply
49     * return a string such as:
50     *
51     * principals/users/[username]
52     *
53     * @param RequestInterface $request
54     * @param ResponseInterface $response
55     * @return array
56     */
57    function check(RequestInterface $request, ResponseInterface $response) {
58
59        $remoteUser = $request->getRawServerValue('REMOTE_USER');
60        if (is_null($remoteUser)) {
61            $remoteUser = $request->getRawServerValue('REDIRECT_REMOTE_USER');
62        }
63        if (is_null($remoteUser)) {
64            return [false, 'No REMOTE_USER property was found in the PHP $_SERVER super-global. This likely means your server is not configured correctly'];
65        }
66
67        return [true, $this->principalPrefix . $remoteUser];
68
69    }
70
71    /**
72     * This method is called when a user could not be authenticated, and
73     * authentication was required for the current request.
74     *
75     * This gives you the opportunity to set authentication headers. The 401
76     * status code will already be set.
77     *
78     * In this case of Basic Auth, this would for example mean that the
79     * following header needs to be set:
80     *
81     * $response->addHeader('WWW-Authenticate', 'Basic realm=SabreDAV');
82     *
83     * Keep in mind that in the case of multiple authentication backends, other
84     * WWW-Authenticate headers may already have been set, and you'll want to
85     * append your own WWW-Authenticate header instead of overwriting the
86     * existing one.
87     *
88     * @param RequestInterface $request
89     * @param ResponseInterface $response
90     * @return void
91     */
92    function challenge(RequestInterface $request, ResponseInterface $response) {
93
94    }
95
96}
97