Version bump

Added normalize headers to 2.1 needed by lucadegasperi/oauth2-server-laravel
Tagged 2.1.2.
2025-05-31 14:12:07 +05:30 · 2014-05-23 16:29:49 +01:00 · 2014-05-23 16:28:44 +01:00 · 2014-05-13 15:08:41 +01:00 · 2014-05-13 15:07:44 +01:00
4 changed files with 66 additions and 8 deletions
--- a/composer.json
+++ b/composer.json
@@ -1,7 +1,7 @@
 {
 	"name": "league/oauth2-server",
 	"description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.",
-	"version": "2.1.1",
+	"version": "2.1.3",
 	"homepage": "https://github.com/php-loep/oauth2-server",
 	"license": "MIT",
 	"require": {
@@ -45,4 +45,4 @@
 	"suggest": {
 		"zetacomponents/database": "Allows use of the build in PDO storage classes"
 	}
-}
+}
--- a/src/League/OAuth2/Server/Resource.php
+++ b/src/League/OAuth2/Server/Resource.php
@@ -183,7 +183,7 @@ class Resource

        $result = $this->storages['session']->validateAccessToken($accessToken);

-        if ( ! $result) {
+        if (! $result) {
            throw new Exception\InvalidAccessTokenException('Access token is not valid');
        }

@@ -225,7 +225,7 @@ class Resource
            return false;
        } elseif (is_array($scopes)) {
            foreach ($scopes as $scope) {
-                if ( ! in_array($scope, $this->sessionScopes)) {
+                if (! in_array($scope, $this->sessionScopes)) {
                    return false;
                }
            }
@@ -244,7 +244,15 @@ class Resource
     */
    protected function determineAccessToken($headersOnly = false)
    {
-        if ($header = $this->getRequest()->header('Authorization')) {
+        // Try to get it directly from a header
+        if (! $header = $this->getRequest()->header('Authorization')) {
+
+            // Failing that try getting it from a server variable
+            $header = $this->getRequest()->server('HTTP_AUTHORIZATION');
+        }
+
+        // One of them worked
+        if ($header) {
            // Check for special case, because cURL sometimes does an
            // internal second request and doubles the authorization header,
            // which always resulted in an error.
@@ -269,5 +277,4 @@ class Resource

        return $accessToken;
    }
-
 }
--- a/src/League/OAuth2/Server/Util/Request.php
+++ b/src/League/OAuth2/Server/Util/Request.php
@@ -39,6 +39,8 @@ class Request implements RequestInterface

        if (empty($headers)) {
            $this->headers = $this->readHeaders();
+        } else {
+            $this->headers = $this->normalizeHeaders($headers);
        }
    }

@@ -88,8 +90,8 @@ class Request implements RequestInterface
            }
        }

-        return $headers;
-   }
+        return $this->normalizeHeaders($headers);
+    }

    protected function getPropertyValue($property, $index = null, $default = null)
    {
@@ -106,4 +108,39 @@ class Request implements RequestInterface

        return $this->{$property}[$index];
    }
+
+    /**
+     * Takes all of the headers and normalizes them in a canonical form.
+     *
+     * @param  array  $headers The request headers.
+     * @return array           An arry of headers with the header name normalized
+     */
+    protected function normalizeHeaders(array $headers)
+    {
+        $normalized = array();
+        foreach ($headers as $key => $value) {
+            $normalized[ucfirst($this->normalizeKey($key))] = $value;
+        }
+
+        return $normalized;
+    }
+
+    /**
+     * Transform header name into canonical form
+     *
+     * Taken from the Slim codebase...
+     *
+     * @param  string $key
+     * @return string
+     */
+    protected function normalizeKey($key)
+    {
+        $key = strtolower($key);
+        $key = str_replace(array('-', '_'), ' ', $key);
+        $key = preg_replace('#^http #', '', $key);
+        $key = ucwords($key);
+        $key = str_replace(' ', '-', $key);
+
+        return $key;
+    }
 }
--- a/tests/util/RequestTest.php
+++ b/tests/util/RequestTest.php
@@ -59,6 +59,20 @@ class Request_test extends PHPUnit_Framework_TestCase
 		$this->assertEquals(array('Host' => 'foobar.com'), $this->request->header());
 	}

+    function test_canonical_header()
+    {
+        $request = new League\OAuth2\Server\Util\Request(
+            array('foo' => 'bar'),
+            array('foo' => 'bar'),
+            array('foo' => 'bar'),
+            array('foo' => 'bar'),
+            array('HTTP_HOST' => 'foobar.com'),
+            array('authorization' => 'Bearer ajdfkljadslfjasdlkj')
+        );
+
+        $this->assertEquals('Bearer ajdfkljadslfjasdlkj', $request->header('Authorization'));
+    }
+
 	/**
 	 * @expectedException InvalidArgumentException
 	 */
Author	SHA1	Message	Date
Alex Bilbie	a9b52ab56a	Version bump	2014-05-23 16:29:49 +01:00
freezy	e72179e6b4	Added normalize headers to 2.1 needed by lucadegasperi/oauth2-server-laravel	2014-05-23 16:28:44 +01:00
Phil Sturgeon	67509d1413	Tagged 2.1.2.	2014-05-13 15:08:41 +01:00
Phil Sturgeon	44f51bfc1c	Support Authorization header passed as ENV var Some hosts (at this point I only know of Fortrabbit) require Authorization headers to be passed as an environment variable, which PHP will then shove into . See more: http://fortrabbit.com/docs/essentials/quirks-and-constraints\#authorization-header	2014-05-13 15:07:44 +01:00