diff --git a/src/Control/HTTPRequestBuilder.php b/src/Control/HTTPRequestBuilder.php index 378ea3b10..07c5753b4 100644 --- a/src/Control/HTTPRequestBuilder.php +++ b/src/Control/HTTPRequestBuilder.php @@ -99,19 +99,23 @@ class HTTPRequestBuilder $headers['Content-Length'] = $server['CONTENT_LENGTH']; } + // Enable HTTP Basic authentication workaround for PHP running in CGI mode with Apache + // Depending on server configuration the auth header may be in HTTP_AUTHORIZATION or + // REDIRECT_HTTP_AUTHORIZATION + $authHeader = null; + if (isset($headers['Authorization'])) { + $authHeader = $headers['Authorization']; + } elseif (isset($server['REDIRECT_HTTP_AUTHORIZATION'])) { + $authHeader = $server['REDIRECT_HTTP_AUTHORIZATION']; + } + // Ensure basic auth is available via headers if (isset($server['PHP_AUTH_USER']) && isset($server['PHP_AUTH_PW'])) { // Shift PHP_AUTH_* into headers so they are available via request $headers['PHP_AUTH_USER'] = $server['PHP_AUTH_USER']; $headers['PHP_AUTH_PW'] = $server['PHP_AUTH_PW']; - } elseif (!empty($headers['Authorization']) && preg_match('/Basic\s+(.*)$/i', $headers['Authorization'], $matches)) { - // Enable HTTP Basic authentication workaround for PHP running in CGI mode with Apache - // Depending on server configuration the auth header may be in HTTP_AUTHORIZATION or - // REDIRECT_HTTP_AUTHORIZATION - // - // The follow rewrite rule must be in the sites .htaccess file to enable this workaround - // RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] - list($name, $password) = explode(':', base64_decode($matches[1])); + } elseif ($authHeader && preg_match('/Basic\s+(?.*)$/i', $authHeader, $matches)) { + list($name, $password) = explode(':', base64_decode($matches['token'])); $headers['PHP_AUTH_USER'] = $name; $headers['PHP_AUTH_PW'] = $password; } diff --git a/tests/php/Control/HTTPRequestBuilderTest.php b/tests/php/Control/HTTPRequestBuilderTest.php index 4d5063c54..23a6c0821 100644 --- a/tests/php/Control/HTTPRequestBuilderTest.php +++ b/tests/php/Control/HTTPRequestBuilderTest.php @@ -52,7 +52,6 @@ class HTTPRequestBuilderTest extends SapphireTest ]; $this->assertEquals($headers, HTTPRequestBuilder::extractRequestHeaders($request)); - $request = [ 'PHP_AUTH_USER' => 'admin', 'PHP_AUTH_PW' => 'password', @@ -62,5 +61,29 @@ class HTTPRequestBuilderTest extends SapphireTest 'PHP_AUTH_PW' => 'password', ]; $this->assertEquals($headers, HTTPRequestBuilder::extractRequestHeaders($request)); + + $request = [ + 'REDIRECT_HTTP_AUTHORIZATION' => 'Basic YWRtaW46cGFzc3dvcmQ=', + ]; + $headers = [ + 'PHP_AUTH_USER' => 'admin', + 'PHP_AUTH_PW' => 'password', + ]; + $this->assertEquals($headers, HTTPRequestBuilder::extractRequestHeaders($request)); + + $request = [ + 'HTTP_AUTHORIZATION' => 'Basic YWRtaW46cGFzc3dvcmQ=', + 'REDIRECT_HTTP_AUTHORIZATION' => 'Basic dXNlcjphdXRo=', + ]; + $headers = [ + 'PHP_AUTH_USER' => 'admin', + 'PHP_AUTH_PW' => 'password', + 'Authorization' => 'Basic YWRtaW46cGFzc3dvcmQ=', + ]; + $this->assertEquals( + $headers, + HTTPRequestBuilder::extractRequestHeaders($request), + 'Prefer HTTP_AUTHORIZATION over REDIRECT_HTTP_AUTHORIZATION' + ); } }