diff --git a/app/webroot/.htaccess b/app/webroot/.htaccess index e3543be40..bb4c43955 100644 --- a/app/webroot/.htaccess +++ b/app/webroot/.htaccess @@ -6,6 +6,7 @@ RewriteEngine On + RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] diff --git a/lib/Cake/Controller/Component/Auth/BasicAuthenticate.php b/lib/Cake/Controller/Component/Auth/BasicAuthenticate.php index 02144b171..86f70c8ca 100644 --- a/lib/Cake/Controller/Component/Auth/BasicAuthenticate.php +++ b/lib/Cake/Controller/Component/Auth/BasicAuthenticate.php @@ -84,6 +84,12 @@ class BasicAuthenticate extends BaseAuthenticate { public function getUser(CakeRequest $request) { $username = env('PHP_AUTH_USER'); $pass = env('PHP_AUTH_PW'); + if (!strlen($username)) { + $httpAuthorization = $request->header('Authorization'); + if (strlen($httpAuthorization) > 0 && strpos($httpAuthorization, 'Basic') !== false) { + list($username, $pass) = explode(':', base64_decode(substr($httpAuthorization, 6))); + } + } if (!is_string($username) || $username === '' || !is_string($pass) || $pass === '') { return false; diff --git a/lib/Cake/Test/Case/Controller/Component/Auth/BasicAuthenticateTest.php b/lib/Cake/Test/Case/Controller/Component/Auth/BasicAuthenticateTest.php index df18703c4..af5086caf 100644 --- a/lib/Cake/Test/Case/Controller/Component/Auth/BasicAuthenticateTest.php +++ b/lib/Cake/Test/Case/Controller/Component/Auth/BasicAuthenticateTest.php @@ -15,8 +15,6 @@ * @since CakePHP(tm) v 2.0 * @license http://www.opensource.org/licenses/mit-license.php MIT License */ - -App::uses('AuthComponent', 'Controller/Component'); App::uses('BasicAuthenticate', 'Controller/Component/Auth'); App::uses('AppModel', 'Model'); App::uses('CakeRequest', 'Network'); @@ -197,6 +195,28 @@ class BasicAuthenticateTest extends CakeTestCase { $this->assertEquals($expected, $result); } +/** + * test authenticate success with header values + * + * @return void + */ + public function testAuthenticateSuccessFromHeaders() { + $_SERVER['HTTP_AUTHORIZATION'] = 'Basic ' . base64_encode('mariano:password'); + unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); + + $request = new CakeRequest('posts/index', false); + $request->addParams(array('pass' => array(), 'named' => array())); + + $result = $this->auth->authenticate($request, $this->response); + $expected = array( + 'id' => 1, + 'user' => 'mariano', + 'created' => '2007-03-17 01:16:23', + 'updated' => '2007-03-17 01:18:31' + ); + $this->assertEquals($expected, $result); + } + /** * test contain success *