Download the PHP package fabiang/sasl without Composer
On this page you can find all versions of the php package fabiang/sasl. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Package sasl
Short Description Abstraction of various SASL mechanism responses.
License BSD-3-Clause
Homepage https://github.com/fabiang/sasl
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package sasl
fabiang/sasl
The PHP SASL Authentification Library.
Provides code to generate responses to common SASL mechanisms, including:
- Digest-MD5
- Cram-MD5
- Plain
- Anonymous
- Login (Pseudo mechanism)
- SCRAM
Full refactored version of the the original Auth_SASL2 Pear package.
Installation
The easiest way to install fabiang/sasl is by using Composer:
Usage
Use the factory method to create a authentication mechanism object:
Challenge-based authentication mechanisms implement the interface
Fabiang\Sasl\Authentication\ChallengeAuthenticationInterface.
For those mechanisms call the method again with the challenge:
Note: The challenge must be Base64 decoded.
SCRAM verification
To verify the data returned by the server for SCRAM you can call:
If the method returns false you should disconnect.
SCRAM downgrade protection
To enable downgrade protection for SCRAM, you'll need to pass the allowed authentication mechanisms and channel-binding types via options to the factory:
Note: Channel-binding is currently not supported due to limitations of PHP.
Required options
List of options required by authentication mechanisms.
For mechanisms that are challenge-based you'll need to call createResponse()
again and send the returned value to the server.
| Mechanism | Authcid | Secret | Authzid | Service | Hostname | Challenge |
|---|---|---|---|---|---|---|
| Anonymous | yes | no | no | no | no | no |
| Cram-MD5 | yes | yes | no | no | no | yes |
| Digest-MD5 | yes | yes | optional | yes | yes | yes |
| External | no | no | yes | no | no | no |
| Login | yes | yes | no | no | no | no |
| Plain | yes | yes | optional | no | no | no |
| SCRAM-* | yes | yes | optional | no | no | yes |
Unit tests
If you like this library and you want to contribute, make sure the unit tests and integration tests are running.
Run the unit tests:
Integration tests
The integration tests verify the authentication methods against an Ejabberd and Dovecot server.
To launch the servers you can use the provided Docker Compose file. Just install Docker and run:
Note: ejabberd takes up to twenty minutes to start.
Now you can run the integration tests:
License
BSD-3-Clause. See the LICENSE.md.
