public function SecuresiteManager::digestAuth in Secure Site 8
Perform digest authentication.
File
- src/
SecuresiteManager.php, line 264 - Contains \Drupal\securesite\SecuresiteManager.
Class
Namespace
Drupal\securesiteCode
public function digestAuth($edit) {
$request = $this->request;
$realm = \Drupal::config('securesite.settings')
->get('securesite_realm');
$header = $this
->_securesite_digest_validate($status, array(
'data' => $_SERVER['PHP_AUTH_DIGEST'],
'method' => $_SERVER['REQUEST_METHOD'],
'uri' => request_uri(),
'realm' => $realm,
));
$account = $this->entityManager
->getStorage('user')
->loadByProperties(array(
'name' => $edit['name'],
'status' => 1,
));
$account = reset($account);
if (!$account) {
// Not a registered user. See if we have guest user credentials.
switch ($status) {
case 1:
$this->request->securesiteHeaders += array(
'Status',
'400 Bad Request',
);
$this
->showDialog($this
->getType());
break;
case 0:
// Password is correct. Log user in.
$this->request->securesiteHeaders += array(
$header['name'] => $header['value'],
);
$edit['pass'] = \Drupal::config('securesite.settings')
->get('securesite_guest_pass');
default:
$this
->guestLogin($edit);
break;
}
}
else {
switch ($status) {
case 0:
// Password is correct. Log user in.
$this->request->securesiteHeaders += array(
$header['name'] => $header['value'],
);
$this
->userLogin($edit, $account);
break;
case 2:
// Password not stored. Request credentials using next most secure authentication method.
$mechanism = $this
->getMechanism();
$types = \Drupal::config('securesite.settings')
->get('securesite_type');
rsort($types);
foreach ($types as $type) {
if ($type < $mechanism) {
break;
}
}
\Drupal::logger('user')
->notice('Secure log-in failed for %user.', array(
'%user' => $edit['name'],
));
drupal_set_message(t('Secure log-in failed. Please try again.'), 'error');
$this
->showDialog($type);
break;
case 1:
$this->request->securesiteHeaders += array(
'Status',
'400 Bad Request',
);
$this
->showDialog($this
->getType());
default:
// Authentication failed. Request credentials using most secure authentication method.
\Drupal::logger('user')
->notice('Log-in attempt failed for %user.', array(
'%user' => $edit['name'],
));
drupal_set_message(t('Unrecognized user name and/or password.'), 'error');
$this
->showDialog($this
->getType());
break;
}
}
}