[HttpFoundation] Do not overwrite the Authorization header if it is already set

2016-01-21 15:41:38 +00:00 · 2016-01-21 15:41:38 +00:00 · 53ebfda33e
parent 385f23e238
commit 53ebfda33e
2 changed files with 19 additions and 0 deletions
--- a/src/Symfony/Component/HttpFoundation/ServerBag.php
+++ b/src/Symfony/Component/HttpFoundation/ServerBag.php
@ -86,6 +86,10 @@ class ServerBag extends ParameterBag
            }
        }

+        if (isset($headers['AUTHORIZATION'])) {
+            return $headers;
+        }
+
        // PHP_AUTH_USER/PHP_AUTH_PW
        if (isset($headers['PHP_AUTH_USER'])) {
            $headers['AUTHORIZATION'] = 'Basic '.base64_encode($headers['PHP_AUTH_USER'].':'.$headers['PHP_AUTH_PW']);
--- a/src/Symfony/Component/HttpFoundation/Tests/ServerBagTest.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/ServerBagTest.php
@ -151,4 +151,19 @@ class ServerBagTest extends \PHPUnit_Framework_TestCase
            'AUTHORIZATION' => $headerContent,
        ), $bag->getHeaders());
    }
+
+    /**
+     * @see https://github.com/symfony/symfony/issues/17345
+     */
+    public function testItDoesNotOverwriteTheAuthorizationHeaderIfItIsAlreadySet()
+    {
+        $headerContent = 'Bearer L-yLEOr9zhmUYRkzN1jwwxwQ-PBNiKDc8dgfB4hTfvo';
+        $bag = new ServerBag(array('PHP_AUTH_USER' => 'foo', 'HTTP_AUTHORIZATION' => $headerContent));
+
+        $this->assertEquals(array(
+            'AUTHORIZATION' => $headerContent,
+            'PHP_AUTH_USER' => 'foo',
+            'PHP_AUTH_PW' => '',
+        ), $bag->getHeaders());
+    }
 }