bug #13633 [ServerBag] Handled bearer authorization header in REDIRECT_ form (Lance0312)

fabpot · fabpot · commit dd2fb850a779 · 2015-05-16T15:43:51.000+02:00
This PR was merged into the 2.3 branch. Discussion ---------- [ServerBag] Handled bearer authorization header in REDIRECT_ form | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | | License | MIT | Doc PR | Apache rewrite module renames client request header (`HTTP_`) by prepending `REDIRECT_` to it. http basic authentication and http digest authentication are properly processed in REDIRECT_ form, while bearer is processed in HTTP_ form, but dropped in REDIRECT_ form. Example: The following auth headers are handled in ServerBag, ``` HTTP_AUTHORIZATION => Basic aGVsbG86d29ybGQ= REDIREDCT_HTTP_AUTHOIZATION => Basic aGVsbG86d29ybGQ= HTTP_AUTHORIZATION => Digest blah REDIRECT_HTTP_AUTHORIZATION => Digest blah HTTP_AUTHORIZATION => Bearer mF_9.B5f-4.1JqM ``` while ``` REDIRECT_HTTP_AUTHORIZATION => Bearer mF_9.B5f-4.1JqM ``` is dropped. Commits ------- 7b2e2df Handled bearer authorization header in REDIRECT_ form
diff --git a/src/Symfony/Component/HttpFoundation/ServerBag.php b/src/Symfony/Component/HttpFoundation/ServerBag.php
@@ -75,6 +75,13 @@ public function getHeaders()
                     // In some circumstances PHP_AUTH_DIGEST needs to be set
                     $headers['PHP_AUTH_DIGEST'] = $authorizationHeader;
                     $this->parameters['PHP_AUTH_DIGEST'] = $authorizationHeader;
+                } elseif (0 === stripos($authorizationHeader, 'bearer ')) {
+                    /*
+                     * XXX: Since there is no PHP_AUTH_BEARER in PHP predefined variables,
+                     *      I'll just set $headers['AUTHORIZATION'] here.
+                     *      http://php.net/manual/en/reserved.variables.server.php
+                     */
+                    $headers['AUTHORIZATION'] = $authorizationHeader;
                 }
             }
         }
diff --git a/src/Symfony/Component/HttpFoundation/Tests/ServerBagTest.php b/src/Symfony/Component/HttpFoundation/Tests/ServerBagTest.php
@@ -141,4 +141,14 @@ public function testOAuthBearerAuth()
             'AUTHORIZATION' => $headerContent,
         ), $bag->getHeaders());
     }
+
+    public function testOAuthBearerAuthWithRedirect()
+    {
+        $headerContent = 'Bearer L-yLEOr9zhmUYRkzN1jwwxwQ-PBNiKDc8dgfB4hTfvo';
+        $bag = new ServerBag(array('REDIRECT_HTTP_AUTHORIZATION' => $headerContent));
+
+        $this->assertEquals(array(
+            'AUTHORIZATION' => $headerContent,
+        ), $bag->getHeaders());
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -75,6 +75,13 @@ public function getHeaders()`
`75`	`75`	`// In some circumstances PHP_AUTH_DIGEST needs to be set`
`76`	`76`	`$headers['PHP_AUTH_DIGEST'] = $authorizationHeader;`
`77`	`77`	`$this->parameters['PHP_AUTH_DIGEST'] = $authorizationHeader;`
	`78`	`+ } elseif (0 === stripos($authorizationHeader, 'bearer ')) {`
	`79`	`+ /*`
	`80`	`+ * XXX: Since there is no PHP_AUTH_BEARER in PHP predefined variables,`
	`81`	`+ * I'll just set $headers['AUTHORIZATION'] here.`
	`82`	`+ * http://php.net/manual/en/reserved.variables.server.php`
	`83`	`+ */`
	`84`	`+ $headers['AUTHORIZATION'] = $authorizationHeader;`
`78`	`85`	`}`
`79`	`86`	`}`
`80`	`87`	`}`