From 197705d8727de78bc92ff2699b4fb6b56fc66436 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Jaussoin?=
 <timothee.jaussoin@belledonne-communications.com>
Date: Mon, 28 Oct 2024 09:40:52 +0000
Subject: [PATCH] Fix FLEXIAPI-219 Allow complete Bearer value to be set in the
 setting to...

---
 flexiapi/.env.example                                  |  2 +-
 flexiapi/app/Http/Middleware/AuthenticateJWT.php       |  4 ++--
 flexiapi/config/app.php                                |  2 +-
 .../tests/Feature/AccountJWTAuthenticationTest.php     | 10 +++++-----
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/flexiapi/.env.example b/flexiapi/.env.example
index 2871038..da2e41d 100644
--- a/flexiapi/.env.example
+++ b/flexiapi/.env.example
@@ -52,7 +52,7 @@ ACCOUNT_EMAIL_UNIQUE=false # Emails are unique between all the accounts
 ACCOUNT_BLACKLISTED_USERNAMES=
 ACCOUNT_USERNAME_REGEX="^[a-z0-9+_.-]*$"
 ACCOUNT_DEFAULT_PASSWORD_ALGORITHM=SHA-256 # Can ONLY be MD5 or SHA-256 in capital, default to SHA-256
-ACCOUNT_AUTHENTICATION_BEARER_URL= # URL of the external service that can provide a trusted (eg. JWT token) for the authentication, takes priority and disable the DIGEST auth if set, see https://www.rfc-editor.org/rfc/rfc8898
+ACCOUNT_AUTHENTICATION_BEARER= # Bearer value (WWW-Authenticate: Bearer <value>) of the external service that can provide a trusted (eg. JWT token) for the authentication, takes priority and disable the DIGEST auth if set, see https://www.rfc-editor.org/rfc/rfc8898
 
 # Account provisioning
 ACCOUNT_PROVISIONING_RC_FILE=
diff --git a/flexiapi/app/Http/Middleware/AuthenticateJWT.php b/flexiapi/app/Http/Middleware/AuthenticateJWT.php
index 5c9e125..4a2f07e 100644
--- a/flexiapi/app/Http/Middleware/AuthenticateJWT.php
+++ b/flexiapi/app/Http/Middleware/AuthenticateJWT.php
@@ -99,12 +99,12 @@ class AuthenticateJWT
             return $next($request);
         }
 
-        if (!empty(config('app.account_authentication_bearer_url'))) {
+        if (!empty(config('app.account_authentication_bearer'))) {
             $response = new Response();
 
             $response->header(
                 'WWW-Authenticate',
-                'Bearer authz_server="' . config('app.account_authentication_bearer_url') . '"'
+                'Bearer ' . config('app.account_authentication_bearer')
             );
 
             $response->setStatusCode(401);
diff --git a/flexiapi/config/app.php b/flexiapi/config/app.php
index 647e8ad..5880265 100644
--- a/flexiapi/config/app.php
+++ b/flexiapi/config/app.php
@@ -35,7 +35,7 @@ return [
     'account_email_unique' => env('ACCOUNT_EMAIL_UNIQUE', false),
     'account_username_regex' => env('ACCOUNT_USERNAME_REGEX', '^[a-z0-9+_.-]*$'),
     'account_default_password_algorithm' => env('ACCOUNT_DEFAULT_PASSWORD_ALGORITHM', 'SHA-256'),
-    'account_authentication_bearer_url' => env('ACCOUNT_AUTHENTICATION_BEARER_URL', null),
+    'account_authentication_bearer' => env('ACCOUNT_AUTHENTICATION_BEARER', null),
 
     /**
      * Set a global realm for all the accounts, if not set, the account domain
diff --git a/flexiapi/tests/Feature/AccountJWTAuthenticationTest.php b/flexiapi/tests/Feature/AccountJWTAuthenticationTest.php
index db103fb..1f9b8cd 100644
--- a/flexiapi/tests/Feature/AccountJWTAuthenticationTest.php
+++ b/flexiapi/tests/Feature/AccountJWTAuthenticationTest.php
@@ -178,8 +178,8 @@ class AccountJWTAuthenticationTest extends TestCase
 
     public function testAuthBearerUrl()
     {
-        $server = 'https://auth_bearer.com/';
-        config()->set('app.account_authentication_bearer_url', $server);
+        $value = 'authz_server="https://auth_bearer.com/" realm="realm"';
+        config()->set('app.account_authentication_bearer', $value);
 
         $password = Password::factory()->create();
 
@@ -187,7 +187,7 @@ class AccountJWTAuthenticationTest extends TestCase
             ->assertStatus(401);
 
         $this->assertStringContainsString(
-            'Bearer authz_server="' . $server . '"',
+            'Bearer ' . $value,
             $response->headers->all()['www-authenticate'][0]
         );
 
@@ -198,7 +198,7 @@ class AccountJWTAuthenticationTest extends TestCase
             ->assertStatus(401);
 
         $this->assertStringContainsString(
-            'Bearer authz_server="' . $server . '"',
+            'Bearer ' . $value,
             $response->headers->all()['www-authenticate'][0]
         );
 
@@ -211,7 +211,7 @@ class AccountJWTAuthenticationTest extends TestCase
             ->assertStatus(401);
 
         $this->assertStringContainsString(
-            'Bearer authz_server="' . $server . '"',
+            'Bearer ' . $value,
             $response->headers->all()['www-authenticate'][0]
         );
     }