A collection of Stack middlewares designed to help authentication middleware implementors adhere to the STACK-2 Authentication conventions.
Through Composer as dflydev/stack-authentication.
The Authentication middleware takes care of setting up the handling of an inbound request by taking care of some STACK-2 Authentication housekeeping tasks:
- If the
stack.authn.token
is set, it wraps the application inWwwAuthenticateStackChallenge
and delegates. - Checks the request by calling the check callback. The return value is a boolean. If true, the authenticate callback is called and its return value is returned. If false, we should not. The default check is to see if there is an Authorization header.
- If anonymous requests are received and anonymous requests are allowed, it
wraps the application in
WwwAuthenticateStackChallenge
and delegates. - Otherwise, it returns the result of the challenge callback.
<?php
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\HttpKernelInterface;
$check = function (
Request $request,
$type = HttpKernelInterface::MASTER_REQUEST,
$catch = true
) {
// This is the default 'check' callback if a check callback is not defined.
// This is here merely for demonstration purposes; if authentication relies
// on the existence of an 'authorization' header a 'check' callback does not
// need to be defined.
return $request->headers->has('authorization');
};
$challenge = function (Response $response) {
// Assumptions that can be made:
// * 401 status code
// * WWW-Authenticate header with a value of "Stack"
//
// Expectations:
// * MAY set WWW-Authenticate header to another value
// * MAY return a brand new response (does not have to be
// the original response)
// * MUST return a response
return $response;
};
$authenticate = function (HttpKernelInterface $app, $anonymous) {
// Assumptions that can be made:
// * The $app can be delegated to at any time
// * The anonymous boolean indicates whether or not we
// SHOULD allow anonymous requests through or if we
// should challenge immediately.
// * Additional state, like $request, $type, and $catch
// should be passed via use statement if they are needed.
//
// Expectations:
// * SHOULD set 'stack.authn.token' attribute on the request
// when authentication is successful.
// * MAY delegate to the passed $app
// * MAY return a custom response of any status (for example
// returning a 302 or 400 status response is allowed)
// * MUST return a response
};
$app = new Authentication($app, [
'challenge' => $challenge,
'check' => $check,
'authenticate' => $authenticate,
'anonymous' => true, // default: false
]);
The WwwAuthenticateStackChallenge middleware takes care of setting up the handling of an outbound response by taking care of some STACK-2 Authentication housekeeping tasks:
- If the response has a 401 status code and has a WWW-Authenticate header with the value of Stack, it returns the result of the challenge callback.
- Otherwise the original response from the delegated app is returned.
<?php
use Symfony\Component\HttpFoundation\Response;
$challenge = function (Response $response) {
// Assumptions that can be made:
// * 401 status code
// * WWW-Authenticate header with a value of "Stack"
//
// Expectations:
// * MAY set WWW-Authenticate header to another value
// * MAY return a brand new response (does not have to be
// the original response)
// * MUST return a response
return $response;
};
return (new WwwAuthenticateStackChallenge($app, $challenge))
->handle($request, $type, $catch);
MIT, see LICENSE.
If you have questions or want to help out, join us in the #stackphp or #dflydev channels on irc.freenode.net.