-
Notifications
You must be signed in to change notification settings - Fork 11
Using other cert attributes
Birger Jarl edited this page Dec 19, 2017
·
4 revisions
By default, this middleware uses email field for authentication. You'll probably want to use other fields, like id or username. Then just extend this class and implement your own logic by overriding the getUserFromCert method.
Generating certificate
openssl req -new -utf8 -nameopt multiline,utf8 -newkey rsa:2048 -nodes -keyout client.key -out client.csr -subj '/pseudonym=test'
Actually, you can use any attribute (even your own).
The static getUserFromCert function accepts the Request object and must return the Authenticatable object (like App\User).
// app/Http/Middleware/X509UsernameAuth.php
use Ingria\LaravelX509Auth\Middleware\AuthenticateWithClientCertificate;
use Illuminate\Http\Request;
use App\User;
final class X509UsernameAuth extends AuthenticateWithClientCertificate
{
/**
* @param Request $request
* @return User
*/
protected static function getUserFromCert(Request $request)
{
$subject = $request->server('SSL_CLIENT_S_DN');
// In this example we're using the pseudonym attribute described in RFC.
preg_match('/pseudonym=(\w+)/i', $subject, $match);
if (empty($match) || count($match) < 2) {
return abort(400, 'Missing or invalid pseudonym attribute');
}
return User::where('username', '=', $match[1])->firstOrFail();
}
}Then, simply register the newly created class in your middleware stack.
// app/Http/Kernel.php
...
protected $routeMiddleware = [
// a whole bunch of middlewares...
'auth.x509' => \App\Http\Middleware\X509UsernameAuth::class,
];