From 9b3d3cd2f2d0199689f0c0c1ed955d88e121bd50 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Jaussoin?=
 <timothee.jaussoin@belledonne-communications.com>
Date: Thu, 7 Nov 2024 11:06:55 +0100
Subject: [PATCH] Fix FLEXIAPI-239 Add missing WWW-Authenticate header bearer
 parameter if present

---
 .../app/Http/Middleware/AuthenticateJWT.php     |  7 ++++++-
 .../Feature/AccountJWTAuthenticationTest.php    | 17 ++++++++++++++++-
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/flexiapi/app/Http/Middleware/AuthenticateJWT.php b/flexiapi/app/Http/Middleware/AuthenticateJWT.php
index 4d1399d..571608f 100644
--- a/flexiapi/app/Http/Middleware/AuthenticateJWT.php
+++ b/flexiapi/app/Http/Middleware/AuthenticateJWT.php
@@ -117,10 +117,15 @@ class AuthenticateJWT
 
     private function generateUnauthorizedBearerResponse(string $error, string $description): Response
     {
+        $bearer = 'Bearer ' . config('app.account_authentication_bearer');
+        $bearer .= !empty(config('app.account_authentication_bearer'))
+            ? ', '
+            : '';
+
         $response = new Response();
         $response->header(
             'WWW-Authenticate',
-            'Bearer error="' . $error .'", error_description="'. $description . '"'
+            $bearer . 'error="' . $error . '", error_description="'. $description . '"'
         );
         $response->setStatusCode(401);
 
diff --git a/flexiapi/tests/Feature/AccountJWTAuthenticationTest.php b/flexiapi/tests/Feature/AccountJWTAuthenticationTest.php
index 0d83341..2a5051a 100644
--- a/flexiapi/tests/Feature/AccountJWTAuthenticationTest.php
+++ b/flexiapi/tests/Feature/AccountJWTAuthenticationTest.php
@@ -57,6 +57,8 @@ class AccountJWTAuthenticationTest extends TestCase
 
         $password = Password::factory()->create();
 
+        $bearer = 'authz_server="https://sso.test/", realm="sip.test.org"';
+
         config()->set('services.jwt.rsa_public_key_pem', $this->serverPublicKeyPem);
 
         $this->get($this->route)->assertStatus(400);
@@ -136,7 +138,20 @@ class AccountJWTAuthenticationTest extends TestCase
             ->get($this->accountRoute)
             ->assertStatus(401);
 
-       $this->assertStringContainsString('invalid_token', $response->headers->get('WWW-Authenticate'));
+        $this->assertStringContainsString('invalid_token', $response->headers->get('WWW-Authenticate'));
+
+        // ...with the bearer
+        config()->set('app.account_authentication_bearer', $bearer);
+
+        $response = $this->withHeaders([
+                'Authorization' => 'Bearer ' . $token->toString(),
+                'x-linphone-provisioning' => true,
+            ])
+            ->get($this->accountRoute)
+            ->assertStatus(401);
+
+        $this->assertStringContainsString($bearer . ', ', $response->headers->get('WWW-Authenticate'));
+        $this->assertStringContainsString('invalid_token', $response->headers->get('WWW-Authenticate'));
 
         // Wrong email
         $token = (new JwtFacade(null, $clock))->issue(