Updated StrongAuth to now take Strong upon initialization if Strong already present.

Author: silentworks

Middleware/README.markdown

@@ -0,0 +1,58 @@
+# Slim Authentication and XSS Middlewares
+
+## CsrfGuard
+
+This is used to protect your website from CSRF attacks. 
+
+### How to use
+
+    use \Slim\Slim;
+    use \Slim\Extras\Middleware\CsrfGuard;
+
+	$app = new Slim();
+	$app->add(new CsrfGuard());
+
+In your view template add this to any web forms you have created.
+
+	<input type="hidden" name="<?php echo $csrf_key; ?>" value="<?php echo $csrf_token; ?>">
+
+## HttpBasic
+
+This will provide you with basic user Authentication based on username and password set.
+
+### How to use
+
+    use \Slim\Slim;
+    use \Slim\Extras\Middleware\HttpBasicAuth;
+
+	$app = new Slim();
+	$app->add(new HttpBasicAuth('theUsername', 'thePassword'));
+
+
+## Strong
+
+### How to use
+
+You will need to pass Strong a config with all your secured routes and any information that is needed
+for your Provider.
+
+Here is some sample code for using PDO provider and securing some routes using regex.
+
+    use \Slim\Slim;
+    use \Slim\Extras\Middleware\StrongAuth;
+
+    $app = new Slim();
+	$config = array(
+	    'provider' => 'PDO',
+	    'dsn' => 'mysql:host=localhost;dbname=slimdev',
+	    'dbuser' => 'serverside',
+	    'dbpass' => 'password',
+	    'auth.type' => 'form',
+	    'login.url' => '/',
+	    'security.urls' => array(
+	        array('path' => '/test'),
+	        array('path' => '/about/.+'),
+	    ),
+	);
+
+	$app->add(new StrongAuth($config));

Middleware/StrongAuth.php

@@ -11,6 +11,9 @@
  *
  * USAGE
  *
+ * use Slim\Slim;
+ * use Slim\Extras\Middleware\StrongAuth;
+ * 
  * $app = new Slim();
  * $app->add(new StrongAuth(array('provider' => 'PDO', 'dsn' => 'sqlite:memory')));
  *
@@ -39,11 +42,6 @@
 
 class StrongAuth extends \Slim\Middleware
 {
-    /**
-     * @var string
-     */
-    protected $realm;
-
     /**
      * @var string
      */
@@ -59,18 +57,20 @@ class StrongAuth extends \Slim\Middleware
      */
     protected $settings = array(
         'login.url' => '/',
-        'auth_type' => 'http',
+        'auth.type' => 'http',
     );
 
     /**
      * Constructor
      *
      * @param   array  $config   Configuration for Strong and Login Details
+     * @param   \Strong $strong
      * @return  void
      */
-    public function __construct(array $config = array())
+    public function __construct(array $config = array(), \Strong $strong = null)
     {
         $this->config = array_merge($this->settings, $config);
+        $this->auth = (!empty($strong)) ? $strong : \Strong::factory($this->config);
     }
 
     /**
@@ -80,29 +80,26 @@ public function __construct(array $config = array())
      */
     public function call()
     {
-        $app = $this->app;
-        $config = $this->config;
         $req = $this->app->request();
 
         // Authentication Initialised
-        $auth = Strong::factory($this->config);
-        switch ($this->config['auth_type']) {
+        switch ($this->config['auth.type']) {
             case 'form':
-                $this->formauth($auth, $req);
+                $this->formauth($this->auth, $req);
                 break;
             default:
-                $this->httpauth($auth, $req);
+                $this->httpauth($this->auth, $req);
                 break;
         }
     }
 
     /**
      * Form based authentication
      *
-     * @param Strong $auth
+     * @param \Strong $auth
      * @param object $req
      */
-    private function formauth(Strong $auth, $req)
+    private function formauth(\Strong $auth, $req)
     {
         $app = $this->app;
         $config = $this->config;
@@ -135,10 +132,10 @@ private function formauth(Strong $auth, $req)
      * the request has already authenticated, the next middleware is called. Otherwise,
      * a 401 Authentication Required response is returned to the client.
      *
-     * @param Strong $auth
+     * @param \Strong $auth
      * @param object $req
      */
-    private function httpauth(Strong $auth, $req)
+    private function httpauth(\Strong $auth, $req)
     {
         $res = $this->app->response();
         $authUser = $req->headers('PHP_AUTH_USER');
@@ -148,7 +145,7 @@ private function httpauth(Strong $auth, $req)
             $this->next->call();
         } else {
             $res->status(401);
-            $res->header('WWW-Authenticate', sprintf('Basic realm="%s"', $this->realm));
+            $res->header('WWW-Authenticate', sprintf('Basic realm="%s"', $this->config['realm']));
         }
     }
 }