mirrors/flexisip-account-manager
1
0
Fork 0
mirror of https://gitlab.linphone.org/BC/public/flexisip-account-manager.git synced 2026-01-17 10:08:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix FLEXIAPI-239 Add missing WWW-Authenticate header bearer parameter if present

Browse source
This commit is contained in:
Timothée Jaussoin 2024-11-07 11:06:55 +01:00
parent 8fd273f4c0
commit 9b3d3cd2f2
2 changed files with 22 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
flexiapi/app/Http/Middleware/AuthenticateJWT.php
View file

@ -117,10 +117,15 @@ class AuthenticateJWT
private function generateUnauthorizedBearerResponse(string $error, string $description): Response
{
$bearer = 'Bearer ' . config('app.account_authentication_bearer');
$bearer .= !empty(config('app.account_authentication_bearer'))
? ', '
: '';
$response = new Response();
$response->header(
'WWW-Authenticate',
'Bearer error="' . $error .'", error_description="'. $description . '"'
$bearer . 'error="' . $error . '", error_description="'. $description . '"'
);
$response->setStatusCode(401);

17
flexiapi/tests/Feature/AccountJWTAuthenticationTest.php
View file

@ -57,6 +57,8 @@ class AccountJWTAuthenticationTest extends TestCase
$password = Password::factory()->create();
$bearer = 'authz_server="https://sso.test/", realm="sip.test.org"';
config()->set('services.jwt.rsa_public_key_pem', $this->serverPublicKeyPem);
$this->get($this->route)->assertStatus(400);
@ -136,7 +138,20 @@ class AccountJWTAuthenticationTest extends TestCase
->get($this->accountRoute)
->assertStatus(401);
$this->assertStringContainsString('invalid_token', $response->headers->get('WWW-Authenticate'));
$this->assertStringContainsString('invalid_token', $response->headers->get('WWW-Authenticate'));
// ...with the bearer
config()->set('app.account_authentication_bearer', $bearer);
$response = $this->withHeaders([
'Authorization' => 'Bearer ' . $token->toString(),
'x-linphone-provisioning' => true,
])
->get($this->accountRoute)
->assertStatus(401);
$this->assertStringContainsString($bearer . ', ', $response->headers->get('WWW-Authenticate'));
$this->assertStringContainsString('invalid_token', $response->headers->get('WWW-Authenticate'));
// Wrong email
$token = (new JwtFacade(null, $clock))->issue(