fix parsing of Authorization header
This commit is contained in:
parent
b96e7f9707
commit
cefe237c6f
|
@ -65,13 +65,13 @@ class ServerBag extends ParameterBag
|
|||
}
|
||||
|
||||
if (null !== $authorizationHeader) {
|
||||
if (0 === stripos($authorizationHeader, 'basic')) {
|
||||
if (0 === stripos($authorizationHeader, 'basic ')) {
|
||||
// Decode AUTHORIZATION header into PHP_AUTH_USER and PHP_AUTH_PW when authorization header is basic
|
||||
$exploded = explode(':', base64_decode(substr($authorizationHeader, 6)));
|
||||
$exploded = explode(':', base64_decode(substr($authorizationHeader, 6)), 2);
|
||||
if (count($exploded) == 2) {
|
||||
list($headers['PHP_AUTH_USER'], $headers['PHP_AUTH_PW']) = $exploded;
|
||||
}
|
||||
} elseif (empty($this->parameters['PHP_AUTH_DIGEST']) && (0 === stripos($authorizationHeader, 'digest'))) {
|
||||
} elseif (empty($this->parameters['PHP_AUTH_DIGEST']) && (0 === stripos($authorizationHeader, 'digest '))) {
|
||||
// In some circumstances PHP_AUTH_DIGEST needs to be set
|
||||
$headers['PHP_AUTH_DIGEST'] = $authorizationHeader;
|
||||
$this->parameters['PHP_AUTH_DIGEST'] = $authorizationHeader;
|
||||
|
|
|
@ -67,6 +67,15 @@ class ServerBagTest extends \PHPUnit_Framework_TestCase
|
|||
), $bag->getHeaders());
|
||||
}
|
||||
|
||||
public function testHttpBasicAuthWithPhpCgiBogus()
|
||||
{
|
||||
$bag = new ServerBag(array('HTTP_AUTHORIZATION' => 'Basic_'.base64_encode('foo:bar')));
|
||||
|
||||
$this->assertEquals(array(
|
||||
'AUTHORIZATION' => 'Basic_'.base64_encode('foo:bar'),
|
||||
), $bag->getHeaders());
|
||||
}
|
||||
|
||||
public function testHttpBasicAuthWithPhpCgiRedirect()
|
||||
{
|
||||
$bag = new ServerBag(array('REDIRECT_HTTP_AUTHORIZATION' => 'Basic '.base64_encode('foo:bar')));
|
||||
|
@ -100,6 +109,16 @@ class ServerBagTest extends \PHPUnit_Framework_TestCase
|
|||
), $bag->getHeaders());
|
||||
}
|
||||
|
||||
public function testHttpDigestAuthWithPhpCgiBogus()
|
||||
{
|
||||
$digest = 'Digest_username="foo", realm="acme", nonce="'.md5('secret').'", uri="/protected, qop="auth"';
|
||||
$bag = new ServerBag(array('HTTP_AUTHORIZATION' => $digest));
|
||||
|
||||
$this->assertEquals(array(
|
||||
'AUTHORIZATION' => $digest,
|
||||
), $bag->getHeaders());
|
||||
}
|
||||
|
||||
public function testHttpDigestAuthWithPhpCgiRedirect()
|
||||
{
|
||||
$digest = 'Digest username="foo", realm="acme", nonce="'.md5('secret').'", uri="/protected, qop="auth"';
|
||||
|
|
Reference in New Issue