Fixing broken http auth digest in some circumstances (php-fpm + apache).
This commit is contained in:
parent
535cf50c3a
commit
e75d2842cd
@ -63,11 +63,17 @@ class ServerBag extends ParameterBag
|
|||||||
$authorizationHeader = $this->parameters['REDIRECT_HTTP_AUTHORIZATION'];
|
$authorizationHeader = $this->parameters['REDIRECT_HTTP_AUTHORIZATION'];
|
||||||
}
|
}
|
||||||
|
|
||||||
// Decode AUTHORIZATION header into PHP_AUTH_USER and PHP_AUTH_PW when authorization header is basic
|
if ((null !== $authorizationHeader)) {
|
||||||
if ((null !== $authorizationHeader) && (0 === stripos($authorizationHeader, 'basic'))) {
|
if ((0 === stripos($authorizationHeader, 'basic'))) {
|
||||||
$exploded = explode(':', base64_decode(substr($authorizationHeader, 6)));
|
// Decode AUTHORIZATION header into PHP_AUTH_USER and PHP_AUTH_PW when authorization header is basic
|
||||||
if (count($exploded) == 2) {
|
$exploded = explode(':', base64_decode(substr($authorizationHeader, 6)));
|
||||||
list($headers['PHP_AUTH_USER'], $headers['PHP_AUTH_PW']) = $exploded;
|
if (count($exploded) == 2) {
|
||||||
|
list($headers['PHP_AUTH_USER'], $headers['PHP_AUTH_PW']) = $exploded;
|
||||||
|
}
|
||||||
|
} elseif (empty($this->parameters['PHP_AUTH_DIGEST']) && (0 === stripos($authorizationHeader, 'digest'))) {
|
||||||
|
// In some circumstances PHP_AUTH_DIGEST needs to be set
|
||||||
|
$headers['PHP_AUTH_DIGEST'] = $authorizationHeader;
|
||||||
|
$this->parameters['PHP_AUTH_DIGEST'] = $authorizationHeader;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -75,6 +81,8 @@ class ServerBag extends ParameterBag
|
|||||||
// PHP_AUTH_USER/PHP_AUTH_PW
|
// PHP_AUTH_USER/PHP_AUTH_PW
|
||||||
if (isset($headers['PHP_AUTH_USER'])) {
|
if (isset($headers['PHP_AUTH_USER'])) {
|
||||||
$headers['AUTHORIZATION'] = 'Basic '.base64_encode($headers['PHP_AUTH_USER'].':'.$headers['PHP_AUTH_PW']);
|
$headers['AUTHORIZATION'] = 'Basic '.base64_encode($headers['PHP_AUTH_USER'].':'.$headers['PHP_AUTH_PW']);
|
||||||
|
} elseif (isset($headers['PHP_AUTH_DIGEST'])) {
|
||||||
|
$headers['AUTHORIZATION'] = $headers['PHP_AUTH_DIGEST'];
|
||||||
}
|
}
|
||||||
|
|
||||||
return $headers;
|
return $headers;
|
||||||
|
@ -89,6 +89,28 @@ class ServerBagTest extends \PHPUnit_Framework_TestCase
|
|||||||
), $bag->getHeaders());
|
), $bag->getHeaders());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testHttpDigestAuthWithPhpCgi()
|
||||||
|
{
|
||||||
|
$digest = 'Digest username="foo", realm="acme", nonce="'.md5('secret').'", uri="/protected, qop="auth"';
|
||||||
|
$bag = new ServerBag(array('HTTP_AUTHORIZATION' => $digest));
|
||||||
|
|
||||||
|
$this->assertEquals(array(
|
||||||
|
'AUTHORIZATION' => $digest,
|
||||||
|
'PHP_AUTH_DIGEST' => $digest,
|
||||||
|
), $bag->getHeaders());
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testHttpDigestAuthWithPhpCgiRedirect()
|
||||||
|
{
|
||||||
|
$digest = 'Digest username="foo", realm="acme", nonce="'.md5('secret').'", uri="/protected, qop="auth"';
|
||||||
|
$bag = new ServerBag(array('REDIRECT_HTTP_AUTHORIZATION' => $digest));
|
||||||
|
|
||||||
|
$this->assertEquals(array(
|
||||||
|
'AUTHORIZATION' => $digest,
|
||||||
|
'PHP_AUTH_DIGEST' => $digest,
|
||||||
|
), $bag->getHeaders());
|
||||||
|
}
|
||||||
|
|
||||||
public function testOAuthBearerAuth()
|
public function testOAuthBearerAuth()
|
||||||
{
|
{
|
||||||
$headerContent = 'Bearer L-yLEOr9zhmUYRkzN1jwwxwQ-PBNiKDc8dgfB4hTfvo';
|
$headerContent = 'Bearer L-yLEOr9zhmUYRkzN1jwwxwQ-PBNiKDc8dgfB4hTfvo';
|
||||||
|
Reference in New Issue
Block a user