Mirrors/yii2
2
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2026-03-25 08:27:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix #18648: Fix yii\web\Request to properly handle HTTP Basic Auth headers

Browse Source
This commit is contained in:
olegbaturin
2021-07-01 17:06:38 +07:00
committed by GitHub
parent 9a9b722d52
commit e83a86fd30
4 changed files with 35 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
tests/framework/web/RequestTest.php
View File

@@ -991,18 +991,21 @@ class RequestTest extends TestCase
*/
public function testHttpAuthCredentialsFromHttpAuthorizationHeader($secret, $expected)
{
$original = $_SERVER;
$request = new Request();
$request->getHeaders()->set('HTTP_AUTHORIZATION', 'Basic ' . $secret);
$_SERVER['HTTP_AUTHORIZATION'] = 'Basic ' . $secret;
$this->assertSame($request->getAuthCredentials(), $expected);
$this->assertSame($request->getAuthUser(), $expected[0]);
$this->assertSame($request->getAuthPassword(), $expected[1]);
$request->getHeaders()->offsetUnset('HTTP_AUTHORIZATION');
$_SERVER = $original;
$request->getHeaders()->set('REDIRECT_HTTP_AUTHORIZATION', 'Basic ' . $secret);
$request = new Request();
$_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = 'Basic ' . $secret;
$this->assertSame($request->getAuthCredentials(), $expected);
$this->assertSame($request->getAuthUser(), $expected[0]);
$this->assertSame($request->getAuthPassword(), $expected[1]);
$_SERVER = $original;
}
public function testHttpAuthCredentialsFromServerSuperglobal()
@@ -1013,7 +1016,7 @@ class RequestTest extends TestCase
$_SERVER['PHP_AUTH_PW'] = $pw;
$request = new Request();
$request->getHeaders()->set('HTTP_AUTHORIZATION', 'Basic ' . base64_encode('less-priority:than-PHP_AUTH_*'));
$request->getHeaders()->set('Authorization', 'Basic ' . base64_encode('less-priority:than-PHP_AUTH_*'));
$this->assertSame($request->getAuthCredentials(), [$user, $pw]);
$this->assertSame($request->getAuthUser(), $user);