ServerBagTest.php 5.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170
  1. <?php
  2. /*
  3. * This file is part of the Symfony package.
  4. *
  5. * (c) Fabien Potencier <fabien@symfony.com>
  6. *
  7. * For the full copyright and license information, please view the LICENSE
  8. * file that was distributed with this source code.
  9. */
  10. namespace Symfony\Component\HttpFoundation\Tests;
  11. use PHPUnit\Framework\TestCase;
  12. use Symfony\Component\HttpFoundation\ServerBag;
  13. /**
  14. * ServerBagTest.
  15. *
  16. * @author Bulat Shakirzyanov <mallluhuct@gmail.com>
  17. */
  18. class ServerBagTest extends TestCase
  19. {
  20. public function testShouldExtractHeadersFromServerArray()
  21. {
  22. $server = [
  23. 'SOME_SERVER_VARIABLE' => 'value',
  24. 'SOME_SERVER_VARIABLE2' => 'value',
  25. 'ROOT' => 'value',
  26. 'HTTP_CONTENT_TYPE' => 'text/html',
  27. 'HTTP_CONTENT_LENGTH' => '0',
  28. 'HTTP_ETAG' => 'asdf',
  29. 'PHP_AUTH_USER' => 'foo',
  30. 'PHP_AUTH_PW' => 'bar',
  31. ];
  32. $bag = new ServerBag($server);
  33. $this->assertEquals([
  34. 'CONTENT_TYPE' => 'text/html',
  35. 'CONTENT_LENGTH' => '0',
  36. 'ETAG' => 'asdf',
  37. 'AUTHORIZATION' => 'Basic '.base64_encode('foo:bar'),
  38. 'PHP_AUTH_USER' => 'foo',
  39. 'PHP_AUTH_PW' => 'bar',
  40. ], $bag->getHeaders());
  41. }
  42. public function testHttpPasswordIsOptional()
  43. {
  44. $bag = new ServerBag(['PHP_AUTH_USER' => 'foo']);
  45. $this->assertEquals([
  46. 'AUTHORIZATION' => 'Basic '.base64_encode('foo:'),
  47. 'PHP_AUTH_USER' => 'foo',
  48. 'PHP_AUTH_PW' => '',
  49. ], $bag->getHeaders());
  50. }
  51. public function testHttpBasicAuthWithPhpCgi()
  52. {
  53. $bag = new ServerBag(['HTTP_AUTHORIZATION' => 'Basic '.base64_encode('foo:bar')]);
  54. $this->assertEquals([
  55. 'AUTHORIZATION' => 'Basic '.base64_encode('foo:bar'),
  56. 'PHP_AUTH_USER' => 'foo',
  57. 'PHP_AUTH_PW' => 'bar',
  58. ], $bag->getHeaders());
  59. }
  60. public function testHttpBasicAuthWithPhpCgiBogus()
  61. {
  62. $bag = new ServerBag(['HTTP_AUTHORIZATION' => 'Basic_'.base64_encode('foo:bar')]);
  63. // Username and passwords should not be set as the header is bogus
  64. $headers = $bag->getHeaders();
  65. $this->assertArrayNotHasKey('PHP_AUTH_USER', $headers);
  66. $this->assertArrayNotHasKey('PHP_AUTH_PW', $headers);
  67. }
  68. public function testHttpBasicAuthWithPhpCgiRedirect()
  69. {
  70. $bag = new ServerBag(['REDIRECT_HTTP_AUTHORIZATION' => 'Basic '.base64_encode('username:pass:word')]);
  71. $this->assertEquals([
  72. 'AUTHORIZATION' => 'Basic '.base64_encode('username:pass:word'),
  73. 'PHP_AUTH_USER' => 'username',
  74. 'PHP_AUTH_PW' => 'pass:word',
  75. ], $bag->getHeaders());
  76. }
  77. public function testHttpBasicAuthWithPhpCgiEmptyPassword()
  78. {
  79. $bag = new ServerBag(['HTTP_AUTHORIZATION' => 'Basic '.base64_encode('foo:')]);
  80. $this->assertEquals([
  81. 'AUTHORIZATION' => 'Basic '.base64_encode('foo:'),
  82. 'PHP_AUTH_USER' => 'foo',
  83. 'PHP_AUTH_PW' => '',
  84. ], $bag->getHeaders());
  85. }
  86. public function testHttpDigestAuthWithPhpCgi()
  87. {
  88. $digest = 'Digest username="foo", realm="acme", nonce="'.md5('secret').'", uri="/protected, qop="auth"';
  89. $bag = new ServerBag(['HTTP_AUTHORIZATION' => $digest]);
  90. $this->assertEquals([
  91. 'AUTHORIZATION' => $digest,
  92. 'PHP_AUTH_DIGEST' => $digest,
  93. ], $bag->getHeaders());
  94. }
  95. public function testHttpDigestAuthWithPhpCgiBogus()
  96. {
  97. $digest = 'Digest_username="foo", realm="acme", nonce="'.md5('secret').'", uri="/protected, qop="auth"';
  98. $bag = new ServerBag(['HTTP_AUTHORIZATION' => $digest]);
  99. // Username and passwords should not be set as the header is bogus
  100. $headers = $bag->getHeaders();
  101. $this->assertArrayNotHasKey('PHP_AUTH_USER', $headers);
  102. $this->assertArrayNotHasKey('PHP_AUTH_PW', $headers);
  103. }
  104. public function testHttpDigestAuthWithPhpCgiRedirect()
  105. {
  106. $digest = 'Digest username="foo", realm="acme", nonce="'.md5('secret').'", uri="/protected, qop="auth"';
  107. $bag = new ServerBag(['REDIRECT_HTTP_AUTHORIZATION' => $digest]);
  108. $this->assertEquals([
  109. 'AUTHORIZATION' => $digest,
  110. 'PHP_AUTH_DIGEST' => $digest,
  111. ], $bag->getHeaders());
  112. }
  113. public function testOAuthBearerAuth()
  114. {
  115. $headerContent = 'Bearer L-yLEOr9zhmUYRkzN1jwwxwQ-PBNiKDc8dgfB4hTfvo';
  116. $bag = new ServerBag(['HTTP_AUTHORIZATION' => $headerContent]);
  117. $this->assertEquals([
  118. 'AUTHORIZATION' => $headerContent,
  119. ], $bag->getHeaders());
  120. }
  121. public function testOAuthBearerAuthWithRedirect()
  122. {
  123. $headerContent = 'Bearer L-yLEOr9zhmUYRkzN1jwwxwQ-PBNiKDc8dgfB4hTfvo';
  124. $bag = new ServerBag(['REDIRECT_HTTP_AUTHORIZATION' => $headerContent]);
  125. $this->assertEquals([
  126. 'AUTHORIZATION' => $headerContent,
  127. ], $bag->getHeaders());
  128. }
  129. /**
  130. * @see https://github.com/symfony/symfony/issues/17345
  131. */
  132. public function testItDoesNotOverwriteTheAuthorizationHeaderIfItIsAlreadySet()
  133. {
  134. $headerContent = 'Bearer L-yLEOr9zhmUYRkzN1jwwxwQ-PBNiKDc8dgfB4hTfvo';
  135. $bag = new ServerBag(['PHP_AUTH_USER' => 'foo', 'HTTP_AUTHORIZATION' => $headerContent]);
  136. $this->assertEquals([
  137. 'AUTHORIZATION' => $headerContent,
  138. 'PHP_AUTH_USER' => 'foo',
  139. 'PHP_AUTH_PW' => '',
  140. ], $bag->getHeaders());
  141. }
  142. }