Snippets
Create an account or login to be able to add, comment and rate snippets.

Navigation

How to add HTTP Auth to symfony

Here is a little hack to use http auth when credentials or auth is insufficient:

public function executeSecure()
  {
    if (!$this->getUser()->hasAttribute("secure_referer"))
        $this->getUser()->setAttribute("secure_referer", $this->getRequest()->getReferer());
 
    if (!isset($_SERVER['PHP_AUTH_USER']))
    {
      header('WWW-Authenticate: Basic realm="Member Area"');
      header('HTTP/1.0 401 Unauthorized');
 
      return sfView::NONE;
    }
    else
    {   
        if ($this->getUser()->tryLogin($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']))
        {
            return $this->redirect($this->getUser()->getAttribute("secure_referer"));
        }
        else
        {
          header('WWW-Authenticate: Basic realm="Member Area"');
          header('HTTP/1.0 401 Unauthorized');
 
          return sfView::NONE;
        }
    }
  }

No template is needed, as everytime you access it will redirect to the referer. Then change in app/yourapp/config/settings.yml the secure_module and secure_action to match this module.

You will need a myUser::tryLogin function that returns a boolean saying "auth is ok" or "bad auth"

And then you're done :p

[from my Wiki Post ab out that]

by Romain Dorgueil on 2006-05-25, tagged authentication  credentials  http  user 

Comments on this snippet

gravatar icon
#1 Olivier Verdier on 2006-05-28 at 10:52

One should never forget the DRY principle. Beside you should take advantage of the symfony methods. Here is a better version of that snippet:

public function executeSecure()
  {
    if (!$this->getUser()->hasAttribute("secure_referer"))
        $this->getUser()->setAttribute("secure_referer", $this->getRequest()->getReferer());
 
    echo $this->getUser()->getAttribute('secure_referer');
 
    if (isset($_SERVER['PHP_AUTH_USER']))
    {
        if ($this->getUser()->tryLogin($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']))
        {
           $this->redirect($this->getUser()->getAttribute("secure_referer"));
        }
    }
 
        $this->getResponse()->setHttpHeader('WWW-Authenticate',  'Basic realm="Member Area"');
        $this->getResponse()->setStatusCode('401');
        $this->sendHttpHeaders();
        return sfView::NONE;
  }
gravatar icon
#2 Romain Dorgueil on 2006-05-31 at 10:52

Yeah thanks, you can erase the echo line too, it was only for debugging purposes :p

gravatar icon
#3 scott meves on 2006-06-02 at 08:09

My browser goes into a redirect loop when using this. When I type in the URL for a secure page directly and login through HTTP_AUTH, because $_SERVER['PHP_AUTH_USER']) is set, it redirects me to the referring page. The referring page is secure, so symfony routes the request through the secure module again, and because $_SERVER['PHP_AUTH_USER']) is still set, it redirects me to the referring page again, and so on. Any suggestions?

gravatar icon
#4 scott meves on 2006-06-05 at 03:14

In my version of symfony this line doesn't work:

$this->sendHttpHeaders();

Instead I have to do this:

$this->getResponse()->sendHttpHeaders();
gravatar icon
#5 Olivier Verdier on 2006-06-10 at 12:06

I don't think that $this->sendHttpHeaders() has ever been possible in any version. ;-) Just one more mistake of mine. Thanks Scott.

(unfortunately i can't seem to be able to edit my own comments... :-( )

gravatar icon
#6 Giorgio Cefaro on 2006-06-13 at 05:27

This could be comfortable, but I have a big doubt: What about logout? I think it cannot be safely implemented cause it's not fully server guaranteed. If the browser keeps in its cache PHP_AUTH_USER and PHP_AUTH_PW, even after logout someone can still navigate back with the browser having it automagically feed cached AUTH parameters with correct data!

gravatar icon
#7 Giorgio Cefaro on 2006-06-13 at 05:29

please read: [..] with the browser having it automagically feed AUTH parameters with correct cache data!

You need to create an account or log in to post a comment or rate this snippet.