Introduce the check concept.

Author: simensen

README.md

@@ -22,8 +22,10 @@ tasks:
 
  * If the `stack.authn.token` is set, it wraps the application in
    `WwwAuthenticateStackChallenge` and delegates.
- * If the there is an `authorization` header, it returns the result of then
-   **authenticate** callback.
+ * Checks the request by calling the **check** callback. The return value is a
+   boolean. If true, the **authenticate** callback is called and its return
+   value is returned. If false, we should not. The default check is to see if
+   there is an Authorization header.
  * If anonymous requests are received and anonymous requests are allowed, it
    wraps the application in `WwwAuthenticateStackChallenge` and delegates.
  * Otherwise, it returns the result of the **challenge** callback.
@@ -36,6 +38,18 @@ tasks:
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
 
+$check = function (
+    Request $request,
+    $type = HttpKernelInterface::MASTER_REQUEST,
+    $catch = true
+) {
+    // This is the default 'check' callback if a check callback is not defined.
+    // This is here merely for demonstration purposes; if authentication relies
+    // on the existence of an 'authorization' header a 'check' callback does not
+    // need to be defined.
+    return $request->headers->has('authorization');
+};
+
 $challenge = function (Response $response) {
     // Assumptions that can be made:
     // * 401 status code
@@ -69,6 +83,7 @@ $authenticate = function (HttpKernelInterface $app, $anonymous) {
 
 return (new Authentication($app, [
         'challenge' => $challenge,
+        'check' => $check,
         'authenticate' => $authenticate,
         'anonymous' => true, // default: false
     ]))

src/Dflydev/Stack/Authentication.php

@@ -10,6 +10,7 @@ class Authentication implements HttpKernelInterface
 {
     private $app;
     private $challenge;
+    private $check;
     private $authenticate;
     private $anonymous;
 
@@ -19,15 +20,29 @@ public function __construct(HttpKernelInterface $app, array $options = [])
 
         if (!isset($options['challenge'])) {
             $options['challenge'] = function (Response $response) {
+                // Default challenge is to not challenge.
                 return $response;
             };
         }
 
+        if (!isset($options['check'])) {
+            $options['check'] = function (
+                Request $request,
+                $type = HttpKernelInterface::MASTER_REQUEST,
+                $catch = true
+            ) {
+                // Default check is to see if the request has an authorization
+                // header.
+                return $request->headers->has('authorization');
+            };
+        }
+
         if (!isset($options['authenticate'])) {
             throw new \InvalidArgumentException("The 'authenticate' configuration is required");
         }
 
         $this->challenge = $options['challenge'];
+        $this->check = $options['check'];
         $this->authenticate = $options['authenticate'];
         $this->anonymous = $options['anonymous'];
     }
@@ -44,9 +59,9 @@ public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQ
                 ->handle($request, $type, $catch);
         }
 
-        if ($request->headers->has('authorization')) {
-            // If we have an authorization header we should try and authenticate
-            // the request.
+        if (call_user_func($this->check, $request, $type, $catch)) {
+            // Check the request to see if we should authenticate. If we should,
+            // we should call our authenticate callback and return its response.
             return call_user_func($this->authenticate, $this->app, $this->anonymous);
         }