From 275385d676c8c59ec2af9db4b6a29b8d1edf7404 Mon Sep 17 00:00:00 2001 From: mark_story Date: Fri, 28 Apr 2017 21:48:31 -0400 Subject: [PATCH] Add test covering basic auth reading from headers. In some FastCGI setups basic auth values will only be present in the header. Fallback to reading that value if the PHP_AUTH super globals are empty. Refs #9365 --- .../Component/Auth/BasicAuthenticate.php | 4 ++-- .../Component/Auth/BasicAuthenticateTest.php | 24 +++++++++++++++++-- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/lib/Cake/Controller/Component/Auth/BasicAuthenticate.php b/lib/Cake/Controller/Component/Auth/BasicAuthenticate.php index b7daa74f4..86f70c8ca 100644 --- a/lib/Cake/Controller/Component/Auth/BasicAuthenticate.php +++ b/lib/Cake/Controller/Component/Auth/BasicAuthenticate.php @@ -84,9 +84,9 @@ class BasicAuthenticate extends BaseAuthenticate { public function getUser(CakeRequest $request) { $username = env('PHP_AUTH_USER'); $pass = env('PHP_AUTH_PW'); - if (empty($username)) { + if (!strlen($username)) { $httpAuthorization = $request->header('Authorization'); - if ($httpAuthorization !== false && strlen($httpAuthorization) > 0 && strpos($httpAuthorization, 'Basic') !== false) { + if (strlen($httpAuthorization) > 0 && strpos($httpAuthorization, 'Basic') !== false) { list($username, $pass) = explode(':', base64_decode(substr($httpAuthorization, 6))); } } diff --git a/lib/Cake/Test/Case/Controller/Component/Auth/BasicAuthenticateTest.php b/lib/Cake/Test/Case/Controller/Component/Auth/BasicAuthenticateTest.php index df18703c4..af5086caf 100644 --- a/lib/Cake/Test/Case/Controller/Component/Auth/BasicAuthenticateTest.php +++ b/lib/Cake/Test/Case/Controller/Component/Auth/BasicAuthenticateTest.php @@ -15,8 +15,6 @@ * @since CakePHP(tm) v 2.0 * @license http://www.opensource.org/licenses/mit-license.php MIT License */ - -App::uses('AuthComponent', 'Controller/Component'); App::uses('BasicAuthenticate', 'Controller/Component/Auth'); App::uses('AppModel', 'Model'); App::uses('CakeRequest', 'Network'); @@ -197,6 +195,28 @@ class BasicAuthenticateTest extends CakeTestCase { $this->assertEquals($expected, $result); } +/** + * test authenticate success with header values + * + * @return void + */ + public function testAuthenticateSuccessFromHeaders() { + $_SERVER['HTTP_AUTHORIZATION'] = 'Basic ' . base64_encode('mariano:password'); + unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); + + $request = new CakeRequest('posts/index', false); + $request->addParams(array('pass' => array(), 'named' => array())); + + $result = $this->auth->authenticate($request, $this->response); + $expected = array( + 'id' => 1, + 'user' => 'mariano', + 'created' => '2007-03-17 01:16:23', + 'updated' => '2007-03-17 01:18:31' + ); + $this->assertEquals($expected, $result); + } + /** * test contain success *