Read basic auth credentials from Authorization header

Merge branch 'issue-9365' into 2.x

Refs #9365
This commit is contained in:
mark_story 2017-04-28 21:49:47 -04:00
commit 5e35064a0b
3 changed files with 29 additions and 2 deletions

View file

@ -6,6 +6,7 @@
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

View file

@ -84,6 +84,12 @@ class BasicAuthenticate extends BaseAuthenticate {
public function getUser(CakeRequest $request) {
$username = env('PHP_AUTH_USER');
$pass = env('PHP_AUTH_PW');
if (!strlen($username)) {
$httpAuthorization = $request->header('Authorization');
if (strlen($httpAuthorization) > 0 && strpos($httpAuthorization, 'Basic') !== false) {
list($username, $pass) = explode(':', base64_decode(substr($httpAuthorization, 6)));
}
}
if (!is_string($username) || $username === '' || !is_string($pass) || $pass === '') {
return false;

View file

@ -15,8 +15,6 @@
* @since CakePHP(tm) v 2.0
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('AuthComponent', 'Controller/Component');
App::uses('BasicAuthenticate', 'Controller/Component/Auth');
App::uses('AppModel', 'Model');
App::uses('CakeRequest', 'Network');
@ -197,6 +195,28 @@ class BasicAuthenticateTest extends CakeTestCase {
$this->assertEquals($expected, $result);
}
/**
* test authenticate success with header values
*
* @return void
*/
public function testAuthenticateSuccessFromHeaders() {
$_SERVER['HTTP_AUTHORIZATION'] = 'Basic ' . base64_encode('mariano:password');
unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
$request = new CakeRequest('posts/index', false);
$request->addParams(array('pass' => array(), 'named' => array()));
$result = $this->auth->authenticate($request, $this->response);
$expected = array(
'id' => 1,
'user' => 'mariano',
'created' => '2007-03-17 01:16:23',
'updated' => '2007-03-17 01:18:31'
);
$this->assertEquals($expected, $result);
}
/**
* test contain success
*