Authentication.php

Go to the documentation of this file.

<?php
namespace Magento\Framework\HTTP;

class Authentication
{
    protected $request;

    protected $response;

    public function __construct(
        \Magento\Framework\App\RequestInterface $httpRequest,
        \Magento\Framework\App\ResponseInterface $httpResponse
    ) {
        $this->request = $httpRequest;
        $this->response = $httpResponse;
    }

    public function getCredentials()
    {
        $server = $this->request->getServerValue();
        $user = '';
        $pass = '';

        if (empty($server['HTTP_AUTHORIZATION'])) {
            foreach ($server as $k => $v) {
                if (substr($k, -18) === 'HTTP_AUTHORIZATION' && !empty($v)) {
                    $server['HTTP_AUTHORIZATION'] = $v;
                    break;
                }
            }
        }

        if (isset($server['PHP_AUTH_USER']) && isset($server['PHP_AUTH_PW'])) {
            $user = $server['PHP_AUTH_USER'];
            $pass = $server['PHP_AUTH_PW'];
        } elseif (!empty($server['HTTP_AUTHORIZATION'])) {
            $auth = $server['HTTP_AUTHORIZATION'];
            list($user, $pass) = explode(':', base64_decode(substr($auth, strpos($auth, " ") + 1)));
        } elseif (!empty($server['Authorization'])) {
            $auth = $server['Authorization'];
            list($user, $pass) = explode(':', base64_decode(substr($auth, strpos($auth, " ") + 1)));
        }

        return [$user, $pass];
    }

    public function setAuthenticationFailed($realm)
    {
        $this->response->setStatusHeader(401, '1.1', 'Unauthorized');
        $this->response->setHeader(
            'WWW-Authenticate',
            'Basic realm="' . $realm . '"'
        )->setBody(
            '<h1>401 Unauthorized</h1>'
        );
    }
}