From f34dd4a0cbd2d25e9d469248e7250ebf97c9a70a Mon Sep 17 00:00:00 2001 From: Woody Gilk Date: Fri, 11 Jul 2014 11:59:18 -0500 Subject: [PATCH 1/5] 401 status is for invalid_token, not insufficient_scope --- src/League/OAuth2/Server/Resource.php | 2 +- tests/resource/ResourceServerTest.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/League/OAuth2/Server/Resource.php b/src/League/OAuth2/Server/Resource.php index 158d9087..8eb7a91f 100644 --- a/src/League/OAuth2/Server/Resource.php +++ b/src/League/OAuth2/Server/Resource.php @@ -163,7 +163,7 @@ class Resource // include the "WWW-Authenticate" response header field // matching the authentication scheme used by the client. // @codeCoverageIgnoreStart - if ($error === 'insufficient_scope') { + if ($error === 'invalid_token') { $authScheme = null; $request = new Request(); if ($request->server('PHP_AUTH_USER') !== null) { diff --git a/tests/resource/ResourceServerTest.php b/tests/resource/ResourceServerTest.php index 326f3f03..29ccd268 100644 --- a/tests/resource/ResourceServerTest.php +++ b/tests/resource/ResourceServerTest.php @@ -38,8 +38,8 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase public function test_getExceptionHttpHeaders() { $this->assertEquals(array('HTTP/1.1 400 Bad Request'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_request')); - $this->assertEquals(array('HTTP/1.1 401 Unauthorized'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token')); - $this->assertContains('HTTP/1.1 403 Forbidden', League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope')); + $this->assertContains('HTTP/1.1 401 Unauthorized', League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token')); + $this->assertEquals(array('HTTP/1.1 403 Forbidden'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope')); } public function test_setRequest() From 31e03c2d36336121b5839fa43e9cdbf53d265282 Mon Sep 17 00:00:00 2001 From: Woody Gilk Date: Tue, 22 Jul 2014 14:23:56 -0700 Subject: [PATCH 2/5] Fix broken http header extraction in Util\Request --- src/League/OAuth2/Server/Util/Request.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/League/OAuth2/Server/Util/Request.php b/src/League/OAuth2/Server/Util/Request.php index b2f5752c..5e20923e 100644 --- a/src/League/OAuth2/Server/Util/Request.php +++ b/src/League/OAuth2/Server/Util/Request.php @@ -76,22 +76,25 @@ class Request implements RequestInterface protected function readHeaders() { - if (function_exists('getallheaders')) { + if (function_exists('apache_request_headers')) { // @codeCoverageIgnoreStart - $headers = getallheaders(); + $headers = apache_request_headers(); + } elseif (function_exists('http_get_request_headers')) { + $headers = http_get_request_headers(); } else { // @codeCoverageIgnoreEnd $headers = array(); foreach ($this->server() as $name => $value) { if (substr($name, 0, 5) == 'HTTP_') { - $name = str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5))))); + // HTTP_FOO_BAR becomes FOO-BAR + $name = str_replace(array('HTTP_', '_'), array('', '-'), $name); $headers[$name] = $value; } } } return $this->normalizeHeaders($headers); - } + } protected function getPropertyValue($property, $index = null, $default = null) { @@ -143,4 +146,4 @@ class Request implements RequestInterface return $key; } -} \ No newline at end of file +} From 49b776c4956e1e8bf6e21c905af3e378f6d80032 Mon Sep 17 00:00:00 2001 From: Robbie Mackay Date: Wed, 23 Jul 2014 09:51:34 +1200 Subject: [PATCH 3/5] In Resource::getExceptionHttpHeaders() use Request::BuildFromGlobals --- src/League/OAuth2/Server/Resource.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/League/OAuth2/Server/Resource.php b/src/League/OAuth2/Server/Resource.php index 8eb7a91f..898a3801 100644 --- a/src/League/OAuth2/Server/Resource.php +++ b/src/League/OAuth2/Server/Resource.php @@ -165,7 +165,7 @@ class Resource // @codeCoverageIgnoreStart if ($error === 'invalid_token') { $authScheme = null; - $request = new Request(); + $request = Request::buildFromGlobals(); if ($request->server('PHP_AUTH_USER') !== null) { $authScheme = 'Basic'; } else { From 5bdfc9908a0c6caca21eb3f7a704ac1fd467edd4 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 23 Jul 2014 16:08:33 +0100 Subject: [PATCH 4/5] Updated changelog --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index af06df1d..7a845cfd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 3.2.2 (released 2014-07-23) + +* Fix Resource server Request HTTP header access (Issue #188) + ## 3.2 (released 2014-04-16) * Added the ability to change the algorithm that is used to generate the token strings (Issue #151) From 45edac42161da7b6d29384a58ef881ea99550f5a Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 23 Jul 2014 16:08:50 +0100 Subject: [PATCH 5/5] Version bump --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index ae7a8170..731a55ae 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { "name": "league/oauth2-server", "description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.", - "version": "3.2", + "version": "3.2.2", "license": "MIT", "require": { "php": ">=5.4.0"