diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix parsing of Authorization header

This commit is contained in:
Damien Tournoud 2014-08-22 18:41:26 +02:00 committed by Nicolas Grekas
parent b96e7f9707
commit cefe237c6f
2 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Symfony/Component/HttpFoundation/ServerBag.php
View File

@ -65,13 +65,13 @@ class ServerBag extends ParameterBag
}
if (null !== $authorizationHeader) {
if (0 === stripos($authorizationHeader, 'basic')) {
if (0 === stripos($authorizationHeader, 'basic ')) {
// Decode AUTHORIZATION header into PHP_AUTH_USER and PHP_AUTH_PW when authorization header is basic
$exploded = explode(':', base64_decode(substr($authorizationHeader, 6)));
$exploded = explode(':', base64_decode(substr($authorizationHeader, 6)), 2);
if (count($exploded) == 2) {
list($headers['PHP_AUTH_USER'], $headers['PHP_AUTH_PW']) = $exploded;
}
} elseif (empty($this->parameters['PHP_AUTH_DIGEST']) && (0 === stripos($authorizationHeader, 'digest'))) {
} elseif (empty($this->parameters['PHP_AUTH_DIGEST']) && (0 === stripos($authorizationHeader, 'digest '))) {
// In some circumstances PHP_AUTH_DIGEST needs to be set
$headers['PHP_AUTH_DIGEST'] = $authorizationHeader;
$this->parameters['PHP_AUTH_DIGEST'] = $authorizationHeader;

19
src/Symfony/Component/HttpFoundation/Tests/ServerBagTest.php
View File

@ -67,6 +67,15 @@ class ServerBagTest extends \PHPUnit_Framework_TestCase
), $bag->getHeaders());
}
public function testHttpBasicAuthWithPhpCgiBogus()
{
$bag = new ServerBag(array('HTTP_AUTHORIZATION' => 'Basic_'.base64_encode('foo:bar')));
$this->assertEquals(array(
'AUTHORIZATION' => 'Basic_'.base64_encode('foo:bar'),
), $bag->getHeaders());
}
public function testHttpBasicAuthWithPhpCgiRedirect()
{
$bag = new ServerBag(array('REDIRECT_HTTP_AUTHORIZATION' => 'Basic '.base64_encode('foo:bar')));
@ -100,6 +109,16 @@ class ServerBagTest extends \PHPUnit_Framework_TestCase
), $bag->getHeaders());
}
public function testHttpDigestAuthWithPhpCgiBogus()
{
$digest = 'Digest_username="foo", realm="acme", nonce="'.md5('secret').'", uri="/protected, qop="auth"';
$bag = new ServerBag(array('HTTP_AUTHORIZATION' => $digest));
$this->assertEquals(array(
'AUTHORIZATION' => $digest,
), $bag->getHeaders());
}
public function testHttpDigestAuthWithPhpCgiRedirect()
{
$digest = 'Digest username="foo", realm="acme", nonce="'.md5('secret').'", uri="/protected, qop="auth"';