Permalink
Browse files

[Security] removed the 401 error custom status message

  • Loading branch information...
1 parent b20dc08 commit 5512b0a91ae03413414d689184cb0f260807a291 @fabpot fabpot committed Oct 31, 2012
@@ -34,7 +34,7 @@ public function start(Request $request, AuthenticationException $authException =
{
$response = new Response();
$response->headers->set('WWW-Authenticate', sprintf('Basic realm="%s"', $this->realmName));
- $response->setStatusCode(401, $authException ? $authException->getMessage() : null);
+ $response->setStatusCode(401);
return $response;
}
@@ -57,7 +57,7 @@ public function start(Request $request, AuthenticationException $authException =
$response = new Response();
$response->headers->set('WWW-Authenticate', $authenticateHeader);
- $response->setStatusCode(401, $authException ? $authException->getMessage() : null);
+ $response->setStatusCode(401);
return $response;
}
@@ -34,7 +34,6 @@ public function testStart()
$this->assertEquals('Basic realm="TheRealmName"', $response->headers->get('WWW-Authenticate'));
$this->assertEquals(401, $response->getStatusCode());
- $this->assertAttributeEquals('The exception message', 'statusText', $response);
}
public function testStartWithoutAuthException()
@@ -47,6 +46,5 @@ public function testStartWithoutAuthException()
$this->assertEquals('Basic realm="TheRealmName"', $response->headers->get('WWW-Authenticate'));
$this->assertEquals(401, $response->getStatusCode());
- $this->assertAttributeEquals('Unauthorized', 'statusText', $response);
}
}
@@ -34,7 +34,6 @@ public function testStart()
$response = $entryPoint->start($request, $authenticationException);
$this->assertEquals(401, $response->getStatusCode());
- $this->assertAttributeEquals('TheAuthenticationExceptionMessage', 'statusText', $response);
$this->assertRegExp('/^Digest realm="TheRealmName", qop="auth", nonce="[a-zA-Z0-9\/+]+={0,2}"$/', $response->headers->get('WWW-Authenticate'));
}
@@ -46,7 +45,6 @@ public function testStartWithNoException()
$response = $entryPoint->start($request);
$this->assertEquals(401, $response->getStatusCode());
- $this->assertAttributeEquals('Unauthorized', 'statusText', $response);
$this->assertRegExp('/^Digest realm="TheRealmName", qop="auth", nonce="[a-zA-Z0-9\/+]+={0,2}"$/', $response->headers->get('WWW-Authenticate'));
}
@@ -60,7 +58,6 @@ public function testStartWithNonceExpiredException()
$response = $entryPoint->start($request, $nonceExpiredException);
$this->assertEquals(401, $response->getStatusCode());
- $this->assertAttributeEquals('TheNonceExpiredExceptionMessage', 'statusText', $response);
$this->assertRegExp('/^Digest realm="TheRealmName", qop="auth", nonce="[a-zA-Z0-9\/+]+={0,2}", stale="true"$/', $response->headers->get('WWW-Authenticate'));
}
}

0 comments on commit 5512b0a

Please sign in to comment.