Skip to content
Permalink
Browse files

Add test covering basic auth reading from headers.

In some FastCGI setups basic auth values will only be present in the
header. Fallback to reading that value if the PHP_AUTH super globals are
empty.

Refs #9365
  • Loading branch information...
markstory committed Apr 29, 2017
1 parent 09a981b commit 275385d676c8c59ec2af9db4b6a29b8d1edf7404
@@ -84,9 +84,9 @@ public function authenticate(CakeRequest $request, CakeResponse $response) {
public function getUser(CakeRequest $request) {
$username = env('PHP_AUTH_USER');
$pass = env('PHP_AUTH_PW');
if (empty($username)) {
if (!strlen($username)) {
$httpAuthorization = $request->header('Authorization');
if ($httpAuthorization !== false && strlen($httpAuthorization) > 0 && strpos($httpAuthorization, 'Basic') !== false) {
if (strlen($httpAuthorization) > 0 && strpos($httpAuthorization, 'Basic') !== false) {
list($username, $pass) = explode(':', base64_decode(substr($httpAuthorization, 6)));
}
}
@@ -15,8 +15,6 @@
* @since CakePHP(tm) v 2.0
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('AuthComponent', 'Controller/Component');
App::uses('BasicAuthenticate', 'Controller/Component/Auth');
App::uses('AppModel', 'Model');
App::uses('CakeRequest', 'Network');
@@ -197,6 +195,28 @@ public function testAuthenticateSuccess() {
$this->assertEquals($expected, $result);
}
/**
* test authenticate success with header values
*
* @return void
*/
public function testAuthenticateSuccessFromHeaders() {
$_SERVER['HTTP_AUTHORIZATION'] = 'Basic ' . base64_encode('mariano:password');
unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
$request = new CakeRequest('posts/index', false);
$request->addParams(array('pass' => array(), 'named' => array()));
$result = $this->auth->authenticate($request, $this->response);
$expected = array(
'id' => 1,
'user' => 'mariano',
'created' => '2007-03-17 01:16:23',
'updated' => '2007-03-17 01:18:31'
);
$this->assertEquals($expected, $result);
}
/**
* test contain success
*

0 comments on commit 275385d

Please sign in to comment.
You can’t perform that action at this time.