Authorization header should only be rebuild when Basic Auth scheme is used
This commit is contained in:
parent
27100ba4eb
commit
5d88255d4e
@ -56,8 +56,8 @@ class ServerBag extends ParameterBag
|
||||
$authorizationHeader = $this->parameters['REDIRECT_HTTP_AUTHORIZATION'];
|
||||
}
|
||||
|
||||
// Decode AUTHORIZATION header into PHP_AUTH_USER and PHP_AUTH_PW
|
||||
if (null !== $authorizationHeader) {
|
||||
// Decode AUTHORIZATION header into PHP_AUTH_USER and PHP_AUTH_PW when authorization header is basic
|
||||
if ((null !== $authorizationHeader) && (0 === stripos($authorizationHeader, 'basic'))) {
|
||||
$exploded = explode(':', base64_decode(substr($authorizationHeader, 6)));
|
||||
if (count($exploded) == 2) {
|
||||
list($headers['PHP_AUTH_USER'], $headers['PHP_AUTH_PW']) = $exploded;
|
||||
|
@ -88,4 +88,14 @@ class ServerBagTest extends \PHPUnit_Framework_TestCase
|
||||
'PHP_AUTH_PW' => ''
|
||||
), $bag->getHeaders());
|
||||
}
|
||||
|
||||
public function testOAuthBearerAuth()
|
||||
{
|
||||
$headerContent = 'Bearer L-yLEOr9zhmUYRkzN1jwwxwQ-PBNiKDc8dgfB4hTfvo';
|
||||
$bag = new ServerBag(array('HTTP_AUTHORIZATION' => $headerContent));
|
||||
|
||||
$this->assertEquals(array(
|
||||
'AUTHORIZATION' => $headerContent,
|
||||
), $bag->getHeaders());
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user