Accueil Explorer Aide
S'inscrire Connexion
VendorSoftware
/
symfony
2
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

[Security] Fix http digest authentication entry point

Antoine Hérault il y a 14 ans
Parent
920a209bbc
commit
1dfb637858
2 fichiers modifiés avec 51 ajouts et 1 suppressions
Vue séparée Afficher les stats Diff
  1. 1 1
      src/Symfony/Component/Security/Http/EntryPoint/DigestAuthenticationEntryPoint.php
  2. 50 0
      tests/Symfony/Tests/Component/Security/Http/EntryPoint/DigestAuthenticationEntryPointTest.php

+ 1 - 1
src/Symfony/Component/Security/Http/EntryPoint/DigestAuthenticationEntryPoint.php
Voir le fichier 

@@ -57,7 +57,7 @@ class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterfac
 
 
         $response = new Response();
 
         $response->headers->set('WWW-Authenticate', $authenticateHeader);
 
-        $response->setStatusCode(401, $authException->getMessage());
 
+        $response->setStatusCode(401, $authException ? $authException->getMessage() : null);
 
 
         return $response;
 
     }

+ 50 - 0
tests/Symfony/Tests/Component/Security/Http/EntryPoint/DigestAuthenticationEntryPointTest.php
Voir le fichier 

@@ -0,0 +1,50 @@
 
+<?php
 
+
 
+namespace Symfony\Tests\Component\Security\Http\EntryPoint;
 
+
 
+use Symfony\Component\Security\Http\EntryPoint\DigestAuthenticationEntryPoint;
 
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
 
+use Symfony\Component\Security\Core\Exception\NonceExpiredException;
 
+
 
+class DigestAuthenticationEntryPointTest extends \PHPUnit_Framework_TestCase
 
+{
 
+    public function testStart()
 
+    {
 
+        $request = $this->getMock('Symfony\Component\HttpFoundation\Request');
 
+
 
+        $authenticationException = new AuthenticationException('TheAuthenticationExceptionMessage');
 
+
 
+        $entryPoint = new DigestAuthenticationEntryPoint('TheRealmName', 'TheKey');
 
+        $response = $entryPoint->start($request, $authenticationException);
 
+
 
+        $this->assertEquals(401, $response->getStatusCode());
 
+        $this->assertAttributeEquals('TheAuthenticationExceptionMessage', 'statusText', $response);
 
+        $this->assertRegExp('/^Digest realm="TheRealmName", qop="auth", nonce="[a-zA-Z0-9\/+]+={0,2}"$/', $response->headers->get('WWW-Authenticate'));
 
+    }
 
+
 
+    public function testStartWithNoException()
 
+    {
 
+        $request = $this->getMock('Symfony\Component\HttpFoundation\Request');
 
+
 
+        $entryPoint = new DigestAuthenticationEntryPoint('TheRealmName', 'TheKey');
 
+        $response = $entryPoint->start($request);
 
+
 
+        $this->assertEquals(401, $response->getStatusCode());
 
+        $this->assertAttributeEquals('Unauthorized', 'statusText', $response);
 
+        $this->assertRegExp('/^Digest realm="TheRealmName", qop="auth", nonce="[a-zA-Z0-9\/+]+={0,2}"$/', $response->headers->get('WWW-Authenticate'));
 
+    }
 
+
 
+    public function testStartWithNonceExpiredException()
 
+    {
 
+        $request = $this->getMock('Symfony\Component\HttpFoundation\Request');
 
+
 
+        $nonceExpiredException = new NonceExpiredException('TheNonceExpiredExceptionMessage');
 
+
 
+        $entryPoint = new DigestAuthenticationEntryPoint('TheRealmName', 'TheKey');
 
+        $response = $entryPoint->start($request, $nonceExpiredException);
 
+
 
+        $this->assertEquals(401, $response->getStatusCode());
 
+        $this->assertAttributeEquals('TheNonceExpiredExceptionMessage', 'statusText', $response);
 
+        $this->assertRegExp('/^Digest realm="TheRealmName", qop="auth", nonce="[a-zA-Z0-9\/+]+={0,2}", stale="true"$/', $response->headers->get('WWW-Authenticate'));
 
+    }
 
+}