bulletphp
bulletphp copied to clipboard
vlucas
HTTP Basic Auth in Request Class
Support should be added for retrieving the HTTP auth username and password in the request class, maybe with $request->user() and $request->pass() or similar. This is because there can be a number of ways to do it depending on the server setup, and the variables PHP_AUTH_USER and PHP_AUTH_PW are not always set, sometimes requiring the user to manually parse the Authorization header, and well... that just sucks.
PHP Manual: http://php.net/manual/en/features.http-auth.php Same issue fixed in Symfony HttpFoundation: https://github.com/symfony/symfony/pull/3551/files
how are you going to send headers for requesting said user and pass? remember the realm needs to be changeable
The auth challenge might be left up to the user - this would just be to retrieve the supplied username and password from a provided Authorization header in the current request.
I imagine this as a part of a solution that would make it possible to declare conditions on a request, and then either fire up an engine that checks all conditions, or just executing the checks as they occur.
This could be useful for validating forms, file uploads, doing basic and digest auth, oauth token checks, etc.
One way is to write methods of Request that manipulate a description of things to check and then manually call a method ->check() that actually executes stuff. This is fairly simple, and with clever implementation it's easy to decouple the code for checks from the places where they're actually needed. This together with Bullets URL parsing mechanism would leave the code fairly clean and self-explanatory while imposing no overhead whatsoever on those not using the feature.
Yeah, I was initially thinking about implementing this as a call-time parsing, so if the $request->user() or $request->password() methods were called, THEN it would check for the Authorization header and do all the parsing - I would not front-load any of this since it's all just in the basic request data anyways.