You are here

public function SecuresiteManager::digestAuth in Secure Site 8

Perform digest authentication.

File

src/SecuresiteManager.php, line 264
Contains \Drupal\securesite\SecuresiteManager.

Class

SecuresiteManager

Namespace

Drupal\securesite

Code

public function digestAuth($edit) {
  $request = $this->request;
  $realm = \Drupal::config('securesite.settings')
    ->get('securesite_realm');
  $header = $this
    ->_securesite_digest_validate($status, array(
    'data' => $_SERVER['PHP_AUTH_DIGEST'],
    'method' => $_SERVER['REQUEST_METHOD'],
    'uri' => request_uri(),
    'realm' => $realm,
  ));
  $account = $this->entityManager
    ->getStorage('user')
    ->loadByProperties(array(
    'name' => $edit['name'],
    'status' => 1,
  ));
  $account = reset($account);
  if (!$account) {

    // Not a registered user. See if we have guest user credentials.
    switch ($status) {
      case 1:
        $this->request->securesiteHeaders += array(
          'Status',
          '400 Bad Request',
        );
        $this
          ->showDialog($this
          ->getType());
        break;
      case 0:

        // Password is correct. Log user in.
        $this->request->securesiteHeaders += array(
          $header['name'] => $header['value'],
        );
        $edit['pass'] = \Drupal::config('securesite.settings')
          ->get('securesite_guest_pass');
      default:
        $this
          ->guestLogin($edit);
        break;
    }
  }
  else {
    switch ($status) {
      case 0:

        // Password is correct. Log user in.
        $this->request->securesiteHeaders += array(
          $header['name'] => $header['value'],
        );
        $this
          ->userLogin($edit, $account);
        break;
      case 2:

        // Password not stored. Request credentials using next most secure authentication method.
        $mechanism = $this
          ->getMechanism();
        $types = \Drupal::config('securesite.settings')
          ->get('securesite_type');
        rsort($types);
        foreach ($types as $type) {
          if ($type < $mechanism) {
            break;
          }
        }
        \Drupal::logger('user')
          ->notice('Secure log-in failed for %user.', array(
          '%user' => $edit['name'],
        ));
        drupal_set_message(t('Secure log-in failed. Please try again.'), 'error');
        $this
          ->showDialog($type);
        break;
      case 1:
        $this->request->securesiteHeaders += array(
          'Status',
          '400 Bad Request',
        );
        $this
          ->showDialog($this
          ->getType());
      default:

        // Authentication failed. Request credentials using most secure authentication method.
        \Drupal::logger('user')
          ->notice('Log-in attempt failed for %user.', array(
          '%user' => $edit['name'],
        ));
        drupal_set_message(t('Unrecognized user name and/or password.'), 'error');
        $this
          ->showDialog($this
          ->getType());
        break;
    }
  }
}