diff --git a/CHANGELOG.md b/CHANGELOG.md index af06df1d..7a845cfd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 3.2.2 (released 2014-07-23) + +* Fix Resource server Request HTTP header access (Issue #188) + ## 3.2 (released 2014-04-16) * Added the ability to change the algorithm that is used to generate the token strings (Issue #151) diff --git a/composer.json b/composer.json index 16b82ca0..731a55ae 100644 --- a/composer.json +++ b/composer.json @@ -1,6 +1,7 @@ { "name": "league/oauth2-server", "description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.", + "version": "3.2.2", "license": "MIT", "require": { "php": ">=5.4.0" diff --git a/src/League/OAuth2/Server/Resource.php b/src/League/OAuth2/Server/Resource.php index 158d9087..898a3801 100644 --- a/src/League/OAuth2/Server/Resource.php +++ b/src/League/OAuth2/Server/Resource.php @@ -163,9 +163,9 @@ class Resource // include the "WWW-Authenticate" response header field // matching the authentication scheme used by the client. // @codeCoverageIgnoreStart - if ($error === 'insufficient_scope') { + if ($error === 'invalid_token') { $authScheme = null; - $request = new Request(); + $request = Request::buildFromGlobals(); if ($request->server('PHP_AUTH_USER') !== null) { $authScheme = 'Basic'; } else { diff --git a/src/League/OAuth2/Server/Util/Request.php b/src/League/OAuth2/Server/Util/Request.php index b2f5752c..5e20923e 100644 --- a/src/League/OAuth2/Server/Util/Request.php +++ b/src/League/OAuth2/Server/Util/Request.php @@ -76,22 +76,25 @@ class Request implements RequestInterface protected function readHeaders() { - if (function_exists('getallheaders')) { + if (function_exists('apache_request_headers')) { // @codeCoverageIgnoreStart - $headers = getallheaders(); + $headers = apache_request_headers(); + } elseif (function_exists('http_get_request_headers')) { + $headers = http_get_request_headers(); } else { // @codeCoverageIgnoreEnd $headers = array(); foreach ($this->server() as $name => $value) { if (substr($name, 0, 5) == 'HTTP_') { - $name = str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5))))); + // HTTP_FOO_BAR becomes FOO-BAR + $name = str_replace(array('HTTP_', '_'), array('', '-'), $name); $headers[$name] = $value; } } } return $this->normalizeHeaders($headers); - } + } protected function getPropertyValue($property, $index = null, $default = null) { @@ -143,4 +146,4 @@ class Request implements RequestInterface return $key; } -} \ No newline at end of file +} diff --git a/tests/resource/ResourceServerTest.php b/tests/resource/ResourceServerTest.php index 326f3f03..29ccd268 100644 --- a/tests/resource/ResourceServerTest.php +++ b/tests/resource/ResourceServerTest.php @@ -38,8 +38,8 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase public function test_getExceptionHttpHeaders() { $this->assertEquals(array('HTTP/1.1 400 Bad Request'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_request')); - $this->assertEquals(array('HTTP/1.1 401 Unauthorized'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token')); - $this->assertContains('HTTP/1.1 403 Forbidden', League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope')); + $this->assertContains('HTTP/1.1 401 Unauthorized', League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token')); + $this->assertEquals(array('HTTP/1.1 403 Forbidden'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope')); } public function test_setRequest()