protected function _prepare_digest_auth()
{
// If whitelist is enabled it has the first chance to kick them out
if ($this->config->item('rest_ip_whitelist_enabled')) {
$this->_check_whitelist_auth();
}
// We need to test which server authentication variable to use,
// because the PHP ISAPI module in IIS acts different from CGI
$digest_string = $this->input->server('PHP_AUTH_DIGEST');
if ($digest_string === NULL) {
$digest_string = $this->input->server('HTTP_AUTHORIZATION');
}
$unique_id = uniqid();
// The $_SESSION['error_prompted'] variable is used to ask the password
// again if none given or if the user enters wrong auth information
if (empty($digest_string)) {
$this->_force_login($unique_id);
}
// We need to retrieve authentication data from the $digest_string variable
$matches = [];
preg_match_all('@(username|nonce|uri|nc|cnonce|qop|response)=[\'"]?([^\'",]+)@', $digest_string, $matches);
$digest = empty($matches[1]) || empty($matches[2]) ? [] : array_combine($matches[1], $matches[2]);
// For digest authentication the library function should return already stored md5(username:restrealm:password) for that username see rest.php::auth_library_function config
$username = $this->_check_login($digest['username'], TRUE);
if (array_key_exists('username', $digest) === FALSE || $username === FALSE) {
$this->_force_login($unique_id);
}
$md5 = md5(strtoupper($this->request->method) . ':' . $digest['uri']);
$valid_response = md5($username . ':' . $digest['nonce'] . ':' . $digest['nc'] . ':' . $digest['cnonce'] . ':' . $digest['qop'] . ':' . $md5);
// Check if the string don't compare (case-insensitive)
if (strcasecmp($digest['response'], $valid_response) !== 0) {
// Display an error response
$this->response([$this->config->item('rest_status_field_name') => FALSE, $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_invalid_credentials')], self::HTTP_UNAUTHORIZED);
}
}
