Skip to content

Commit

Permalink
[HttpClient] strengthen bearer validation
Browse files Browse the repository at this point in the history
  • Loading branch information
@nicolas-grekas
nicolas-grekas committed Mar 14, 2019
1 parent 8af6395 commit fabbac1
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 3 deletions.
4 changes: 2 additions & 2 deletions src/Symfony/Component/HttpClient/HttpClientTrait.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,8 +84,8 @@ private static function prepareRequest(?string $method, ?string $url, array $opt
throw new InvalidArgumentException(sprintf('Option "auth_basic" must be string or an array, %s given.', \gettype($options['auth_basic'])));
}

if (!\is_string($options['auth_bearer'] ?? '')) {
throw new InvalidArgumentException(sprintf('Option "auth_bearer" must be string, %s given.', \gettype($options['auth_bearer'])));
if (isset($options['auth_bearer']) && (!\is_string($options['auth_bearer']) || !preg_match('{^[-._~+/0-9a-zA-Z]++=*+$}', $options['auth_bearer']))) {
throw new InvalidArgumentException(sprintf('Option "auth_bearer" must be a base64-encoded string, %s given.', \is_string($options['auth_bearer']) ? 'invalid string' : \gettype($options['auth_bearer'])));
}

if (isset($options['auth_basic'], $options['auth_bearer'])) {
Expand Down
11 changes: 10 additions & 1 deletion src/Symfony/Component/HttpClient/Tests/HttpClientTraitTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,13 +174,22 @@ public function testAuthBearerOption()

/**
* @expectedException \Symfony\Component\HttpClient\Exception\InvalidArgumentException
* @expectedExceptionMessage Option "auth_bearer" must be string, object given.
* @expectedExceptionMessage Option "auth_bearer" must be a base64-encoded string, object given.
*/
public function testInvalidAuthBearerOption()
{
self::prepareRequest('POST', 'http://example.com', ['auth_bearer' => new \stdClass()], HttpClientInterface::OPTIONS_DEFAULTS);
}

/**
* @expectedException \Symfony\Component\HttpClient\Exception\InvalidArgumentException
* @expectedExceptionMessage Option "auth_bearer" must be a base64-encoded string, invalid string given.
*/
public function testInvalidAuthBearerValue()
{
self::prepareRequest('POST', 'http://example.com', ['auth_bearer' => "a\nb"], HttpClientInterface::OPTIONS_DEFAULTS);
}

/**
* @expectedException \Symfony\Component\HttpClient\Exception\InvalidArgumentException
* @expectedExceptionMessage Define either the "auth_basic" or the "auth_bearer" option, setting both is not supported.
Expand Down

0 comments on commit fabbac1

Please sign in to comment.