# fixes JWT token not correctly forwarded on some Apache/FastCGI setups
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
+# Alternative (if the 2 lines above don't work)
+# SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
# REST API
+# Ionos Hosting needs RewriteBase /
+# RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [QSA,L]
*/
protected function checkToken($request)
{
- if (! $request->hasHeader('Authorization')) {
+ if (!$request->hasHeader('Authorization')
+ && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])
+ ) {
throw new ApiAuthorizationException('JWT token not provided');
}
throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration');
}
- $authorization = $request->getHeaderLine('Authorization');
+ if (isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) {
+ $authorization = $this->container->environment['REDIRECT_HTTP_AUTHORIZATION'];
+ } else {
+ $authorization = $request->getHeaderLine('Authorization');
+ }
if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) {
throw new ApiAuthorizationException('Invalid JWT header');
@unlink(self::$testDatastore);
}
+ /**
+ * Invoke the middleware with a valid token
+ */
+ public function testInvokeMiddlewareWithValidToken(): void
+ {
+ $next = function (Request $request, Response $response): Response {
+ return $response;
+ };
+ $mw = new ApiMiddleware($this->container);
+ $env = Environment::mock([
+ 'REQUEST_METHOD' => 'GET',
+ 'REQUEST_URI' => '/echo',
+ 'HTTP_AUTHORIZATION'=> 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard'),
+ ]);
+ $request = Request::createFromEnvironment($env);
+ $response = new Response();
+ /** @var Response $response */
+ $response = $mw($request, $response, $next);
+
+ $this->assertEquals(200, $response->getStatusCode());
+ }
+
+ /**
+ * Invoke the middleware with a valid token
+ * Using specific Apache CGI redirected authorization.
+ */
+ public function testInvokeMiddlewareWithValidTokenFromRedirectedHeader(): void
+ {
+ $next = function (Request $request, Response $response): Response {
+ return $response;
+ };
+
+ $token = 'Bearer ' . ApiUtilsTest::generateValidJwtToken('NapoleonWasALizard');
+ $this->container->environment['REDIRECT_HTTP_AUTHORIZATION'] = $token;
+ $mw = new ApiMiddleware($this->container);
+ $env = Environment::mock([
+ 'REQUEST_METHOD' => 'GET',
+ 'REQUEST_URI' => '/echo',
+ ]);
+ $request = Request::createFromEnvironment($env);
+ $response = new Response();
+ /** @var Response $response */
+ $response = $mw($request, $response, $next);
+
+ $this->assertEquals(200, $response->getStatusCode());
+ }
+
/**
* Invoke the middleware with the API disabled:
* should return a 401 error Unauthorized.