Sheerwater\HMACRestfulAuthenticator\HMACRestfulAuthenticator
Synopsis
class HMACRestfulAuthenticator
{
- // members
- private static string $api_name = 'Api';
- // methods
- public static void setApiName()
- public static string getApiName()
- public static string getHeaderPrefix()
- public static void authenticate()
- private static bool validateRequestTime()
- private static array getCanonicalHeaders()
- private static bool validateContentIntegrity()
- private static string implodeHeaders()
- private static bool validateSignedRequest()
Members
private
- $api_name
—
string
The API name is used in various places in the HMAC authenticator:
Methods
private
- getCanonicalHeaders() — Filters all headers for ones starting with 'X-Api-'. All keys are converted to lowercase. You can change 'Api' by setting the HMACRestfulAuthenticator::$apiName config.
- implodeHeaders() — This is a simple associative array implode function, with sensible defaults for HTTP headers
- validateContentIntegrity() — Validates the content of the request body against a user-provided MD5 hash
- validateRequestTime() — Validates a user-/request-provided date against specification RFC 2616. This avoids the client using values that are invalid but still work with strtotime, such as 'now' or '-1 minute'. Also checks that the time is within 15 minutes of server time.
- validateSignedRequest() — Rebuilds a string-to-sign from the request parameters, and compares it against the user-provided hash
public
- authenticate()
- getApiName() — Gets the {@link $api_name} that's used in the Authorization and API-specific headers
- getHeaderPrefix() — A helper function for generating the prefix for API-specific headers
- setApiName() — Allows you to set the {@link $api_name} for use in the Authorization and API-specific headers. Usually you'd set it via a config yml file however, as described at {@link $api_name}.