Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lumen not picking up Authorization header #262

Closed
JessicaMulein opened this issue Sep 28, 2015 · 3 comments
Closed

Lumen not picking up Authorization header #262

JessicaMulein opened this issue Sep 28, 2015 · 3 comments

Comments

@JessicaMulein
Copy link

I'm using Lumen 5.1 behind Apache 2.4 over HTTPS.

$request->headers did not have the Authorization header in it. I found http://stackoverflow.com/questions/26256730/slimframework-request-headers-don%C2%B4t-read-authorization/26285310#26285310 which lead me to look at the apache request headers, which does have the header.

I ended up editing the classes locally to account for that, but was wondering if something more could be done on your end?

The following doesn't do any checking if that function even exists, and the whole finding the header thing should maybe be refactored out to a separate function just to find the auth header, but this worked for me. I also un-confused the input $header with the value of the header. The first $header = $this->request->headers->get($header); was losing the requested header when that one wasn't in the lumen headers.

    /**
     * Parse token from the authorization header.
     *
     * @param string $header
     * @param string $method
     *
     * @return false|string
     */
    protected function parseAuthHeader($header = 'authorization', $method = 'bearer')
    {
        $headerValue = $this->request->headers->get($header);

        if (!$headerValue) {
            $apacheHeaders = apache_request_headers();
            if (array_key_exists(ucfirst($header), $apacheHeaders)) {
                $headerValue = $apacheHeaders[ucfirst($header)];
            }
        }

        if (! starts_with(strtolower($headerValue), $method)) {
            return false;
        }

        return trim(str_ireplace($method, '', $headerValue));
    }

Laravel/Lumen seems uninterested in fixing/working around? laravel/framework#6482
@JessicaMulein
Copy link
Author

I just changed servers and even the above doesn't work with the new server that's substantially similar. I'm not sure what the responsible difference is.

@JessicaMulein
Copy link
Author

https://github.com/tymondesigns/jwt-auth/wiki/Authentication

Solved it for me. Just discovered your wiki.

@segunmicheal27
Copy link

if this is missing:
# Handle Authorization Header RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
in apache config file you will run in the same error

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JessicaMulein @segunmicheal27