Mirrors/yii2
2
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2026-03-10 01:07:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Moved HTTP_AUTHORIZATION header check to \yii\web\Request, added docs

Browse Source 
Closes #13564
This commit is contained in:
SilverFire - Dmitry Naumenko
2017-10-08 23:22:02 +03:00
parent 5a96697c0b
commit ea2c475ea7
5 changed files with 105 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
tests/framework/web/RequestTest.php
View File

@@ -541,4 +541,56 @@ class RequestTest extends TestCase
$request = new Request();
$this->assertEquals(null, $request->getOrigin());
}
public function httpAuthorizationHeadersProvider()
{
return [
['not a base64 at all', [base64_decode('not a base64 at all'), null]],
[base64_encode('user:'), ['user', null]],
[base64_encode('user'), ['user', null]],
[base64_encode('user:pw'), ['user', 'pw']],
[base64_encode('user:pw'), ['user', 'pw']],
[base64_encode('user:a:b'), ['user', 'a:b']],
[base64_encode(':a:b'), [null, 'a:b']],
[base64_encode(':'), [null, null]],
];
}
/**
* @dataProvider httpAuthorizationHeadersProvider
* @param string $secret
* @param array $expected
*/
public function testHttpAuthCredentialsFromHttpAuthorizationHeader($secret, $expected)
{
$request = new Request();
$request->getHeaders()->set('HTTP_AUTHORIZATION', 'Basic ' . $secret);
$this->assertSame($request->getAuthCredentials(), $expected);
$this->assertSame($request->getAuthUser(), $expected[0]);
$this->assertSame($request->getAuthPassword(), $expected[1]);
$request->getHeaders()->offsetUnset('HTTP_AUTHORIZATION');
$request->getHeaders()->set('REDIRECT_HTTP_AUTHORIZATION', 'Basic ' . $secret);
$this->assertSame($request->getAuthCredentials(), $expected);
$this->assertSame($request->getAuthUser(), $expected[0]);
$this->assertSame($request->getAuthPassword(), $expected[1]);
}
public function testHttpAuthCredentialsFromServerSuperglobal()
{
$original = $_SERVER;
list($user, $pw) = ['foo', 'bar'];
$_SERVER['PHP_AUTH_USER'] = $user;
$_SERVER['PHP_AUTH_PW'] = $pw;
$request = new Request();
$request->getHeaders()->set('HTTP_AUTHORIZATION', 'Basic ' . base64_encode('less-priority:than-PHP_AUTH_*'));
$this->assertSame($request->getAuthCredentials(), [$user, $pw]);
$this->assertSame($request->getAuthUser(), $user);
$this->assertSame($request->getAuthPassword(), $pw);
$_SERVER = $original;
}
}