php - 使用基本授权作为中间件 PSR-7 PSR-15

Question

TD;LR:我试图掌握中间件实现背后的理念。它似乎可以正常工作，但我该如何正确处理响应，以便它向浏览器显示基本授权登录提示？

--

我正在使用:

• equip/dispatch 用于 PSR-15 中间件调度器
• guzzlehttp/psr7 用于 PSR-7 ServerRequestInterface
• middlewares/http-authentication 示例基本授权中间件
• middlewares/response-time 额外的虚拟中间件(检查是否也在管道中执行)

运行下面的代码:

$middleware = [
    new \Middlewares\ResponseTime(),
    (new \Middlewares\BasicAuthentication([
        'username1' => 'password1',
        'username2' => 'password2'
    ]))->attribute('username')
];

// Default handler for end of collection
$default = function (\GuzzleHttp\Psr7\ServerRequest $request) {
    // Any implementation of PSR-7 ResponseInterface
    return new \GuzzleHttp\Psr7\Response();
};

$collection = new \Equip\Dispatch\MiddlewareCollection($middleware);

// Any implementation of PSR-7 ServerRequestInterface
$request = \GuzzleHttp\Psr7\ServerRequest::fromGlobals();
$response = $collection->dispatch($request, $default);

print_r($response);

返回以下内容:

GuzzleHttp\Psr7\Response Object
(
    [reasonPhrase:GuzzleHttp\Psr7\Response:private] => Unauthorized
    [statusCode:GuzzleHttp\Psr7\Response:private] => 401
    [headers:GuzzleHttp\Psr7\Response:private] => Array
        (
            [WWW-Authenticate] => Array
                (
                    [0] => Basic realm="Login"
                )

            [X-Response-Time] => Array
                (
                    [0] => 16.176ms
                )

        )

    [headerNames:GuzzleHttp\Psr7\Response:private] => Array
        (
            [www-authenticate] => WWW-Authenticate
            [x-response-time] => X-Response-Time
        )

    [protocol:GuzzleHttp\Psr7\Response:private] => 1.1
    [stream:GuzzleHttp\Psr7\Response:private] => 
)

看起来 middlewares/response-time 和 middlewares/http-authentication 执行得很好。但是，我的印象是 middlewares/http-authentication 会显示这样的实际登录提示:

但事实并非如此。我应该自己实现吗？如果是，我怎样才能正确地做到这一点？

Answer 1

请将领域更改为“我的领域”。

$middleware = [
    new \Middlewares\ResponseTime(),
    (new \Middlewares\BasicAuthentication([
        'username1' => 'password1',
        'username2' => 'password2'
    ]))->attribute('username')->realm('My realm')
];

GuzzleHttp 请求发生在后端，因此它不会像通常在浏览器中那样工作，例如提示输入用户名和密码。当您在不使用任何浏览器的情况下使用 Guzzle 时，您基本上是在模仿请求。因此，如果您需要提示，则必须在不使用 GuzzleHttp 的情况下实现此逻辑。

您仍然可以按照下面的方式使用 Guzzle 对其进行测试。

The below code will work.

$request = \GuzzleHttp\Psr7\ServerRequest::fromGlobals()->withHeader('Authorization', 'Basic '.base64_encode('username1:password1'));
$response = $collection->dispatch($request, $default);
echo $response->getStatusCode(); //200
echo $response->getReasonPhrase(); // OK

The below code will fail.

$request = \GuzzleHttp\Psr7\ServerRequest::fromGlobals()->withHeader('Authorization', 'Basic '.base64_encode(''IncorrectUser:IncorrectPassword''));
$response = $collection->dispatch($request, $default);
echo $response->getStatusCode(); //401
echo $response->getReasonPhrase(); // Unauthorized

实现 BasicAuthentication 的最佳方式是在中间件框架内。

Zend Expressive

   //Example using your library
   $app->pipe((new \Middlewares\BasicAuthentication([
                    'username1' => 'password1',
                    'username2' => 'password2'
                    ])
            )->attribute('username')->realm('My realm'));

    //Example using other library
    $app->pipe(new Tuupola\Middleware\HttpBasicAuthentication([
        "users" => [
            "root" => "t00r",
            "user" => "passw0rd"
        ]
    ]));

以上代码都按预期工作。例如在浏览器中提示输入用户名和密码，并允许用户在发送正确的凭据后查看内容。 Guzzle 给您带来了问题。

希望对您有所帮助。