The PHP SASL Authentification Library.
Provides code to generate responses to common SASL mechanisms, including:
- Digest-MD5
- Cram-MD5
- Plain
- Anonymous
- Login (Pseudo mechanism)
- SCRAM
Full refactored version of the the original Auth_SASL2 Pear package.
The easiest way to install fabiang/sasl is by using Composer:
curl -sS https://getcomposer.org/installer | php
php composer.phar require fabiang/sasl
Use the factory method to create a authentication mechanism object:
use Fabiang\Sasl\Sasl;
$factory = new Sasl;
$mechanism = $factory->factory('SCRAM-SHA-1', array(
'authcid' => 'username',
'secret' => 'password',
'authzid' => 'authzid', // optional. Username to proxy as
'service' => 'servicename', // optional. Name of the service
'hostname' => 'hostname', // optional. Hostname of the service
));
$response = $mechanism->createResponse();Challenge-based authentication mechanisms implement the interface
Fabiang\Sasl\Authentication\ChallengeAuthenticationInterface.
For those mechanisms call the method again with the challenge:
$response = $mechanism->createResponse($challenge);Note: The challenge must be Base64 decoded.
To verify the data returned by the server for SCRAM you can call:
$mechanism->verify($data);If the method returns false you should disconnect.
List of options required by authentication mechanisms.
For mechanisms that are challenge-based you'll need to call createResponse()
again and send the returned value to the server.
| Mechanism | Authcid | Secret | Authzid | Service | Hostname | Challenge |
|---|---|---|---|---|---|---|
| Anonymous | yes | no | no | no | no | no |
| CramMD5 | yes | yes | no | no | no | yes |
| DigestMD5 | yes | yes | optional | yes | yes | yes |
| External | no | no | yes | no | no | no |
| Login | yes | yes | no | no | no | no |
| Plain | yes | yes | optional | no | no | no |
| SCRAM-* | yes | yes | optional | no | no | yes |
If you like this library and you want to contribute, make sure the unit tests and integration tests are running. Composer will help you to install the right version of PHPUnit and Behat.
composer install --dev
After that run the unit tests:
./vendor/bin/phpunit -c tests
The integration tests verify the authentication methods against an Ejabberd and Dovecot serve 5C14 r. To launch the servers you can use the provided Vagrant box. Just install Vagrant and run:
vagrant up
After some minutes you'll have the runnig server instances inside of a virtual machine.
Now you can run the integration tests:
./vendor/bin/behat -c tests/behat.yml.dist
BSD-3-Clause. See the LICENSE.md.