File tree Expand file tree Collapse file tree 3 files changed +33
-10
lines changed
tests/TestCase/Authenticator Expand file tree Collapse file tree 3 files changed +33
-10
lines changed Original file line number Diff line number Diff line change @@ -51,15 +51,23 @@ Token based authentication
5151With token based authentication you need to simulate the
5252``Authorization `` header. After getting valid token setup the request::
5353
54- public function testGet()
55- {
56- $token = $this->getToken();
57- $this->configRequest([
58- 'headers' => ['Authorization' => 'Bearer ' . $token]
59- ]);
60- $this->get('/api/bookmarks');
61- $this->assertResponseOk();
62- }
54+ protected function getToken(): string
55+ {
56+ // Get a token for a known user
57+ $user = $this->fetchTable('Users')->get(1, contain: ['ApiTokens']);
58+
59+ return $user->api_tokens[0]->token;
60+ }
61+
62+ public function testGet()
63+ {
64+ $token = $this->getToken();
65+ $this->configRequest([
66+ 'headers' => ['Authorization' => 'Bearer ' . $token]
67+ ]);
68+ $this->get('/api/bookmarks');
69+ $this->assertResponseOk();
70+ }
6371
6472
6573Basic/Digest based authentication
Original file line number Diff line number Diff line change @@ -63,7 +63,12 @@ protected function getToken(ServerRequestInterface $request): ?string
6363 */
6464 protected function stripTokenPrefix (string $ token , string $ prefix ): string
6565 {
66- return trim (str_ireplace ($ prefix , '' , $ token ));
66+ $ prefixLength = mb_strlen ($ prefix );
67+ if (mb_substr (mb_strtolower ($ token ), 0 , $ prefixLength ) === mb_strtolower ($ prefix )) {
68+ $ token = mb_substr ($ token , $ prefixLength );
69+ }
70+
71+ return trim ($ token );
6772 }
6873
6974 /**
Original file line number Diff line number Diff line change @@ -150,6 +150,16 @@ public function testTokenPrefix()
150150 $ result = $ tokenAuth ->authenticate ($ requestWithHeaders );
151151 $ this ->assertInstanceOf (Result::class, $ result );
152152 $ this ->assertSame (Result::FAILURE_IDENTITY_NOT_FOUND , $ result ->getStatus ());
153+
154+ // should not remove prefix from token
155+ $ requestWithHeaders = $ this ->request ->withAddedHeader ('X-Dipper-Auth ' , 'mari mariano ' );
156+ $ tokenAuth = new TokenAuthenticator ($ this ->identifiers , [
157+ 'header ' => 'X-Dipper-Auth ' ,
158+ 'tokenPrefix ' => 'mari ' ,
159+ ]);
160+ $ result = $ tokenAuth ->authenticate ($ requestWithHeaders );
161+ $ this ->assertInstanceOf (Result::class, $ result );
162+ $ this ->assertSame (Result::SUCCESS , $ result ->getStatus ());
153163 }
154164
155165 /**
You can’t perform that action at this time.
0 commit comments