/**
* {@inheritdoc}
*/
public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = TRUE)
{
$config = $this->configFactory->get('shield.settings');
$allow_cli = $config->get('allow_cli');
$user = $config->get('user');
$pass = $config->get('pass');
if (empty($user) || PHP_SAPI === 'cli' && $allow_cli) {
// If username is empty, then authentication is disabled,
// or if request is coming from a cli and it is allowed,
// then proceed with response without shield authentication.
return $this->httpKernel->handle($request, $type, $catch);
} else {
if ($request->server->has('PHP_AUTH_USER') && $request->server->has('PHP_AUTH_PW')) {
$input_user = $request->server->get('PHP_AUTH_USER');
$input_pass = $request->server->get('PHP_AUTH_PW');
} elseif ($request->server->has('HTTP_AUTHORIZATION')) {
list($input_user, $input_pass) = explode(':', base64_decode(substr($request->server->get('HTTP_AUTHORIZATION'), 6)), 2);
} elseif ($request->server->has('REDIRECT_HTTP_AUTHORIZATION')) {
list($input_user, $input_pass) = explode(':', base64_decode(substr($request->server->get('REDIRECT_HTTP_AUTHORIZATION'), 6)), 2);
}
if (isset($input_user) && $input_user === $user && Crypt::hashEquals($pass, $input_pass)) {
return $this->httpKernel->handle($request, $type, $catch);
}
}
$response = new Response();
$response->headers->add(['WWW-Authenticate' => 'Basic realm="' . strtr($config->get('print'), ['[user]' => $user, '[pass]' => $pass]) . '"']);
$response->setStatusCode(401);
return $response;
}