1*a1a3b679SAndreas Boehler<?php 2*a1a3b679SAndreas Boehler 3*a1a3b679SAndreas Boehlernamespace Sabre\DAV\Auth\Backend; 4*a1a3b679SAndreas Boehler 5*a1a3b679SAndreas Boehleruse Sabre\HTTP\RequestInterface; 6*a1a3b679SAndreas Boehleruse Sabre\HTTP\ResponseInterface; 7*a1a3b679SAndreas Boehler 8*a1a3b679SAndreas Boehler/** 9*a1a3b679SAndreas Boehler * This is the base class for any authentication object. 10*a1a3b679SAndreas Boehler * 11*a1a3b679SAndreas Boehler * @copyright Copyright (C) 2007-2015 fruux GmbH (https://fruux.com/). 12*a1a3b679SAndreas Boehler * @author Evert Pot (http://evertpot.com/) 13*a1a3b679SAndreas Boehler * @license http://sabre.io/license/ Modified BSD License 14*a1a3b679SAndreas Boehler */ 15*a1a3b679SAndreas Boehlerinterface BackendInterface { 16*a1a3b679SAndreas Boehler 17*a1a3b679SAndreas Boehler /** 18*a1a3b679SAndreas Boehler * When this method is called, the backend must check if authentication was 19*a1a3b679SAndreas Boehler * successful. 20*a1a3b679SAndreas Boehler * 21*a1a3b679SAndreas Boehler * The returned value must be one of the following 22*a1a3b679SAndreas Boehler * 23*a1a3b679SAndreas Boehler * [true, "principals/username"] 24*a1a3b679SAndreas Boehler * [false, "reason for failure"] 25*a1a3b679SAndreas Boehler * 26*a1a3b679SAndreas Boehler * If authentication was successful, it's expected that the authentication 27*a1a3b679SAndreas Boehler * backend returns a so-called principal url. 28*a1a3b679SAndreas Boehler * 29*a1a3b679SAndreas Boehler * Examples of a principal url: 30*a1a3b679SAndreas Boehler * 31*a1a3b679SAndreas Boehler * principals/admin 32*a1a3b679SAndreas Boehler * principals/user1 33*a1a3b679SAndreas Boehler * principals/users/joe 34*a1a3b679SAndreas Boehler * principals/uid/123457 35*a1a3b679SAndreas Boehler * 36*a1a3b679SAndreas Boehler * If you don't use WebDAV ACL (RFC3744) we recommend that you simply 37*a1a3b679SAndreas Boehler * return a string such as: 38*a1a3b679SAndreas Boehler * 39*a1a3b679SAndreas Boehler * principals/users/[username] 40*a1a3b679SAndreas Boehler * 41*a1a3b679SAndreas Boehler * @param RequestInterface $request 42*a1a3b679SAndreas Boehler * @param ResponseInterface $response 43*a1a3b679SAndreas Boehler * @return array 44*a1a3b679SAndreas Boehler */ 45*a1a3b679SAndreas Boehler function check(RequestInterface $request, ResponseInterface $response); 46*a1a3b679SAndreas Boehler 47*a1a3b679SAndreas Boehler /** 48*a1a3b679SAndreas Boehler * This method is called when a user could not be authenticated, and 49*a1a3b679SAndreas Boehler * authentication was required for the current request. 50*a1a3b679SAndreas Boehler * 51*a1a3b679SAndreas Boehler * This gives you the opportunity to set authentication headers. The 401 52*a1a3b679SAndreas Boehler * status code will already be set. 53*a1a3b679SAndreas Boehler * 54*a1a3b679SAndreas Boehler * In this case of Basic Auth, this would for example mean that the 55*a1a3b679SAndreas Boehler * following header needs to be set: 56*a1a3b679SAndreas Boehler * 57*a1a3b679SAndreas Boehler * $response->addHeader('WWW-Authenticate', 'Basic realm=SabreDAV'); 58*a1a3b679SAndreas Boehler * 59*a1a3b679SAndreas Boehler * Keep in mind that in the case of multiple authentication backends, other 60*a1a3b679SAndreas Boehler * WWW-Authenticate headers may already have been set, and you'll want to 61*a1a3b679SAndreas Boehler * append your own WWW-Authenticate header instead of overwriting the 62*a1a3b679SAndreas Boehler * existing one. 63*a1a3b679SAndreas Boehler * 64*a1a3b679SAndreas Boehler * @param RequestInterface $request 65*a1a3b679SAndreas Boehler * @param ResponseInterface $response 66*a1a3b679SAndreas Boehler * @return void 67*a1a3b679SAndreas Boehler */ 68*a1a3b679SAndreas Boehler function challenge(RequestInterface $request, ResponseInterface $response); 69*a1a3b679SAndreas Boehler 70*a1a3b679SAndreas Boehler} 71