Merge pull request #1574 from stoeps13/hosting-fix
This commit is contained in:
commit
ee07b7283f
3 changed files with 59 additions and 2 deletions
|
@ -10,8 +10,12 @@ RewriteRule ^(.git|doxygen|vendor) - [F]
|
||||||
# fixes JWT token not correctly forwarded on some Apache/FastCGI setups
|
# fixes JWT token not correctly forwarded on some Apache/FastCGI setups
|
||||||
RewriteCond %{HTTP:Authorization} ^(.*)
|
RewriteCond %{HTTP:Authorization} ^(.*)
|
||||||
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
|
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
|
||||||
|
# Alternative (if the 2 lines above don't work)
|
||||||
|
# SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
|
||||||
|
|
||||||
# REST API
|
# REST API
|
||||||
|
# Ionos Hosting needs RewriteBase /
|
||||||
|
# RewriteBase /
|
||||||
RewriteCond %{REQUEST_FILENAME} !-f
|
RewriteCond %{REQUEST_FILENAME} !-f
|
||||||
RewriteCond %{REQUEST_FILENAME} !-d
|
RewriteCond %{REQUEST_FILENAME} !-d
|
||||||
RewriteRule ^ index.php [QSA,L]
|
RewriteRule ^ index.php [QSA,L]
|
||||||
|
|
|
@ -107,7 +107,9 @@ protected function checkRequest($request)
|
||||||
*/
|
*/
|
||||||
protected function checkToken($request)
|
protected function checkToken($request)
|
||||||
{
|
{
|
||||||
if (! $request->hasHeader('Authorization')) {
|
if (!$request->hasHeader('Authorization')
|
||||||
|
&& !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])
|
||||||
|
) {
|
||||||
throw new ApiAuthorizationException('JWT token not provided');
|
throw new ApiAuthorizationException('JWT token not provided');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -115,7 +117,11 @@ protected function checkToken($request)
|
||||||
throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration');
|
throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration');
|
||||||
}
|
}
|
||||||
|
|
||||||
$authorization = $request->getHeaderLine('Authorization');
|
if (isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) {
|
||||||
|
$authorization = $this->container->environment['REDIRECT_HTTP_AUTHORIZATION'];
|
||||||
|
} else {
|
||||||
|
$authorization = $request->getHeaderLine('Authorization');
|
||||||
|
}
|
||||||
|
|
||||||
if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) {
|
if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) {
|
||||||
throw new ApiAuthorizationException('Invalid JWT header');
|
throw new ApiAuthorizationException('Invalid JWT header');
|
||||||
|
|
|
@ -66,6 +66,53 @@ protected function tearDown(): void
|
||||||
@unlink(self::$testDatastore);
|
@unlink(self::$testDatastore);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Invoke the middleware with a valid token
|
||||||
|
*/
|
||||||
|
public function testInvokeMiddlewareWithValidToken(): void
|
||||||
|
{
|
||||||
|
$next = function (Request $request, Response $response): Response {
|
||||||
|
return $response;
|
||||||
|
};
|
||||||
|
$mw = new ApiMiddleware($this->container);
|
||||||
|
$env = Environment::mock([
|
||||||
|
'REQUEST_METHOD' => 'GET',
|
||||||
|
'REQUEST_URI' => '/echo',
|
||||||
|
'HTTP_AUTHORIZATION'=> 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'),
|
||||||
|
]);
|
||||||
|
$request = Request::createFromEnvironment($env);
|
||||||
|
$response = new Response();
|
||||||
|
/** @var Response $response */
|
||||||
|
$response = $mw($request, $response, $next);
|
||||||
|
|
||||||
|
$this->assertEquals(200, $response->getStatusCode());
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Invoke the middleware with a valid token
|
||||||
|
* Using specific Apache CGI redirected authorization.
|
||||||
|
*/
|
||||||
|
public function testInvokeMiddlewareWithValidTokenFromRedirectedHeader(): void
|
||||||
|
{
|
||||||
|
$next = function (Request $request, Response $response): Response {
|
||||||
|
return $response;
|
||||||
|
};
|
||||||
|
|
||||||
|
$token = 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard');
|
||||||
|
$this->container->environment['REDIRECT_HTTP_AUTHORIZATION'] = $token;
|
||||||
|
$mw = new ApiMiddleware($this->container);
|
||||||
|
$env = Environment::mock([
|
||||||
|
'REQUEST_METHOD' => 'GET',
|
||||||
|
'REQUEST_URI' => '/echo',
|
||||||
|
]);
|
||||||
|
$request = Request::createFromEnvironment($env);
|
||||||
|
$response = new Response();
|
||||||
|
/** @var Response $response */
|
||||||
|
$response = $mw($request, $response, $next);
|
||||||
|
|
||||||
|
$this->assertEquals(200, $response->getStatusCode());
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Invoke the middleware with the API disabled:
|
* Invoke the middleware with the API disabled:
|
||||||
* should return a 401 error Unauthorized.
|
* should return a 401 error Unauthorized.
|
||||||
|
|
Loading…
Reference in a new issue