Merge pull request #1574 from stoeps13/hosting-fix

This commit is contained in:
ArthurHoaro 2020-10-03 12:59:01 +02:00 committed by GitHub
commit ee07b7283f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 59 additions and 2 deletions

View file

@ -10,8 +10,12 @@ RewriteRule ^(.git|doxygen|vendor) - [F]
# fixes JWT token not correctly forwarded on some Apache/FastCGI setups
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
# Alternative (if the 2 lines above don't work)
# SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
# REST API
# Ionos Hosting needs RewriteBase /
# RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [QSA,L]

View file

@ -107,7 +107,9 @@ class ApiMiddleware
*/
protected function checkToken($request)
{
if (! $request->hasHeader('Authorization')) {
if (!$request->hasHeader('Authorization')
&& !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])
) {
throw new ApiAuthorizationException('JWT token not provided');
}
@ -115,7 +117,11 @@ class ApiMiddleware
throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration');
}
$authorization = $request->getHeaderLine('Authorization');
if (isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) {
$authorization = $this->container->environment['REDIRECT_HTTP_AUTHORIZATION'];
} else {
$authorization = $request->getHeaderLine('Authorization');
}
if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) {
throw new ApiAuthorizationException('Invalid JWT header');

View file

@ -66,6 +66,53 @@ class ApiMiddlewareTest extends \PHPUnit\Framework\TestCase
@unlink(self::$testDatastore);
}
/**
* Invoke the middleware with a valid token
*/
public function testInvokeMiddlewareWithValidToken(): void
{
$next = function (Request $request, Response $response): Response {
return $response;
};
$mw = new ApiMiddleware($this->container);
$env = Environment::mock([
'REQUEST_METHOD' => 'GET',
'REQUEST_URI' => '/echo',
'HTTP_AUTHORIZATION'=> 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'),
]);
$request = Request::createFromEnvironment($env);
$response = new Response();
/** @var Response $response */
$response = $mw($request, $response, $next);
$this->assertEquals(200, $response->getStatusCode());
}
/**
* Invoke the middleware with a valid token
* Using specific Apache CGI redirected authorization.
*/
public function testInvokeMiddlewareWithValidTokenFromRedirectedHeader(): void
{
$next = function (Request $request, Response $response): Response {
return $response;
};
$token = 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard');
$this->container->environment['REDIRECT_HTTP_AUTHORIZATION'] = $token;
$mw = new ApiMiddleware($this->container);
$env = Environment::mock([
'REQUEST_METHOD' => 'GET',
'REQUEST_URI' => '/echo',
]);
$request = Request::createFromEnvironment($env);
$response = new Response();
/** @var Response $response */
$response = $mw($request, $response, $next);
$this->assertEquals(200, $response->getStatusCode());
}
/**
* Invoke the middleware with the API disabled:
* should return a 401 error Unauthorized.