Merge pull request #11469 from db-bogdan/issue11468

fixes #11468 sending user data on basic auth in API environment
cakephp · Nov 29, 2017 · abec95d · abec95d
2 parents 979eaee + e824346
commit abec95d
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 0 deletions.
diff --git a/lib/Cake/Controller/Component/AuthComponent.php b/lib/Cake/Controller/Component/AuthComponent.php
@@ -298,6 +298,7 @@ public function startup(Controller $controller) {
 		}
 
 		if ($this->_isAllowed($controller)) {
+			$this->_getUser();
 			return true;
 		}
 

diff --git a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
@@ -1818,4 +1818,38 @@ public function testStatelessFollowedByStatefulAuth() {
 
 		$this->assertEquals('/users/login', $this->Controller->testUrl);
 	}
+
+/**
+ * testStatelessAuthAllowedActionsRetrieveUser method
+ *
+ * @return void
+ */
+	public function testStatelessAuthAllowedActionsRetrieveUser() {
+		if (CakeSession::id()) {
+			session_destroy();
+			CakeSession::$id = null;
+		}
+		$_SESSION = null;
+
+		$_SERVER['PHP_AUTH_USER'] = 'mariano';
+		$_SERVER['PHP_AUTH_PW'] = 'cake';
+
+		AuthComponent::$sessionKey = false;
+		$this->Controller->Auth->authenticate = array(
+			'Basic' => array('userModel' => 'AuthUser')
+		);
+		$this->Controller->request['action'] = 'add';
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->allow();
+		$this->Controller->Auth->startup($this->Controller);
+
+		$expectedUser = array(
+			'id' => '1',
+			'username' => 'mariano',
+			'created' => '2007-03-17 01:16:23',
+			'updated' => '2007-03-17 01:18:31',
+		);
+
+		$this->assertEquals($expectedUser, $this->Controller->Auth->user());
+	}
 }