I don't know why but I had to implement iUseAuthentication
in my BasicAuthentication
class. (there's nothing in docs about it, probably because this is RC release and docs and samples are modified).
This way everything started working.
Also I modified htaccess like so:
Options -MultiViews
DirectoryIndex index.php
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^$ index.php [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [QSA,L]
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]
</IfModule>
<IfModule mod_php5.c>
php_flag display_errors Off
</IfModule>
Hope this helps someone :)
EDIT:
I've found my code and I'm posting it here, maybe someone will find it usefull.
<?php
use \Luracast\Restler\iAuthenticate;
use \Luracast\Restler\Resources;
class BasicAuthentication implements iAuthenticate
{
const REALM = 'Restricted API';
public static $requires = 'user';
public static $role = 'user';
public function __isAllowed()
{
//set http auth headers for apache+php-cgi work around
if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches))
{
list($name, $password) = explode(':', base64_decode($matches[1]));
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches))
{
list($name, $password) = explode(':', base64_decode($matches[1]));
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']))
{
$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
$roles = array('12345' => 'user', '67890' => 'admin');
if (!isset($pass) || !array_key_exists($pass, $roles))
{
return false;
}
static ::$role = $roles[$pass];
Resources::$accessControlFunction = 'BasicAuthentication::verifyAccess';
$x = static ::$requires == static ::$role || static ::$role == 'admin';
$file = 'a.txt';
$current = file_get_contents($file);
$current .= static ::$requires." ".static::$role . "\n";
file_put_contents($file, $current);
return $x;
}
header('WWW-Authenticate: Basic realm="' . self::REALM . '"');
throw new RestException(401, 'Basic Authentication Required');
}
/**
* @access private
*/
public static function verifyAccess(array $m)
{
$requires = isset($m['class']['BasicAuthentication']['properties']['requires']) ? $m['class']['BasicAuthentication']['properties']['requires'] : false;
$file = 'a.txt';
$current = file_get_contents($file);
$current .= $requires." - ".static::$role . "\n";
file_put_contents($file, $current);
return $requires ? static ::$role == 'admin' || static ::$role == $requires : true;
}
}
?>
and my sample API class:
<?php
class Api implements iUseAuthentication
{
private $_authenticated = false;
/**
* This method will be called first for filter classes and api classes so
* that they can respond accordingly for filer method call and api method
* calls
*
*
* @param bool $isAuthenticated passes true when the authentication is
* done, false otherwise
*
* @return mixed
*/
public function __setAuthenticationStatus($isAuthenticated = false)
{
$this->_authenticated = $isAuthenticated;
}
/**
* @access protected
* @class BasicAuthentication {@requires user}
*/
public function user()
{
return "protected api, only user and admin can access";
}
/**
* @access protected
* @class BasicAuthentication {@requires admin}
*/
public function admin()
{
return "protected api, only admin can access";
}
}
?>