Fix FLEXIAPI-219 Allow complete Bearer value to be set in the setting to...

2026-01-17 10:08:05 +00:00 · 2024-10-28 09:40:52 +00:00 · 2024-10-28 09:40:52 +00:00 · 197705d872
commit 197705d872
parent 61bc04da02
4 changed files with 9 additions and 9 deletions
--- a/flexiapi/.env.example
+++ b/flexiapi/.env.example
@ -52,7 +52,7 @@ ACCOUNT_EMAIL_UNIQUE=false # Emails are unique between all the accounts
 ACCOUNT_BLACKLISTED_USERNAMES=
 ACCOUNT_USERNAME_REGEX="^[a-z0-9+_.-]*$"
 ACCOUNT_DEFAULT_PASSWORD_ALGORITHM=SHA-256 # Can ONLY be MD5 or SHA-256 in capital, default to SHA-256
-ACCOUNT_AUTHENTICATION_BEARER_URL= # URL of the external service that can provide a trusted (eg. JWT token) for the authentication, takes priority and disable the DIGEST auth if set, see https://www.rfc-editor.org/rfc/rfc8898
+ACCOUNT_AUTHENTICATION_BEARER= # Bearer value (WWW-Authenticate: Bearer <value>) of the external service that can provide a trusted (eg. JWT token) for the authentication, takes priority and disable the DIGEST auth if set, see https://www.rfc-editor.org/rfc/rfc8898
 # Account provisioning
 ACCOUNT_PROVISIONING_RC_FILE=
--- a/flexiapi/app/Http/Middleware/AuthenticateJWT.php
+++ b/flexiapi/app/Http/Middleware/AuthenticateJWT.php
@ -99,12 +99,12 @@ class AuthenticateJWT
            return $next($request);
        }
-        if (!empty(config('app.account_authentication_bearer_url'))) {
+        if (!empty(config('app.account_authentication_bearer'))) {
            $response = new Response();
            $response->header(
                'WWW-Authenticate',
-                'Bearer authz_server="' . config('app.account_authentication_bearer_url') . '"'
+                'Bearer ' . config('app.account_authentication_bearer')
            );
            $response->setStatusCode(401);
--- a/flexiapi/config/app.php
+++ b/flexiapi/config/app.php
@ -35,7 +35,7 @@ return [
    'account_email_unique' => env('ACCOUNT_EMAIL_UNIQUE', false),
    'account_username_regex' => env('ACCOUNT_USERNAME_REGEX', '^[a-z0-9+_.-]*$'),
    'account_default_password_algorithm' => env('ACCOUNT_DEFAULT_PASSWORD_ALGORITHM', 'SHA-256'),
-    'account_authentication_bearer_url' => env('ACCOUNT_AUTHENTICATION_BEARER_URL', null),
+    'account_authentication_bearer' => env('ACCOUNT_AUTHENTICATION_BEARER', null),
    /**
     * Set a global realm for all the accounts, if not set, the account domain
--- a/flexiapi/tests/Feature/AccountJWTAuthenticationTest.php
+++ b/flexiapi/tests/Feature/AccountJWTAuthenticationTest.php
@ -178,8 +178,8 @@ class AccountJWTAuthenticationTest extends TestCase
    public function testAuthBearerUrl()
    {
-        $server = 'https://auth_bearer.com/';
+        $value = 'authz_server="https://auth_bearer.com/" realm="realm"';
-        config()->set('app.account_authentication_bearer_url', $server);
+        config()->set('app.account_authentication_bearer', $value);
        $password = Password::factory()->create();
@ -187,7 +187,7 @@ class AccountJWTAuthenticationTest extends TestCase
            ->assertStatus(401);
        $this->assertStringContainsString(
-            'Bearer authz_server="' . $server . '"',
+            'Bearer ' . $value,
            $response->headers->all()['www-authenticate'][0]
        );
@ -198,7 +198,7 @@ class AccountJWTAuthenticationTest extends TestCase
            ->assertStatus(401);
        $this->assertStringContainsString(
-            'Bearer authz_server="' . $server . '"',
+            'Bearer ' . $value,
            $response->headers->all()['www-authenticate'][0]
        );
@ -211,7 +211,7 @@ class AccountJWTAuthenticationTest extends TestCase
            ->assertStatus(401);
        $this->assertStringContainsString(
-            'Bearer authz_server="' . $server . '"',
+            'Bearer ' . $value,
            $response->headers->all()['www-authenticate'][0]
        );
    }