Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
D
drupal
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Locked Files
Custom Issue Tracker
Custom Issue Tracker
Labels
Merge Requests
222
Merge Requests
222
Requirements
Requirements
List
Security & Compliance
Security & Compliance
Dependency List
License Compliance
Analytics
Analytics
Code Review
Insights
Issue
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Commits
Open sidebar
project
drupal
Commits
fa29e0b5
Commit
fa29e0b5
authored
Mar 04, 2015
by
catch
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Issue
#2443571
by larowlan, Berdir: Port SA-
CONTRIB-2015
-052
parent
2bf5dc11
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
56 additions
and
0 deletions
+56
-0
core/modules/basic_auth/basic_auth.services.yml
core/modules/basic_auth/basic_auth.services.yml
+4
-0
core/modules/basic_auth/src/PageCache/DisallowBasicAuthRequests.php
...es/basic_auth/src/PageCache/DisallowBasicAuthRequests.php
+33
-0
core/modules/basic_auth/src/Tests/Authentication/BasicAuthTest.php
...les/basic_auth/src/Tests/Authentication/BasicAuthTest.php
+17
-0
core/modules/system/tests/modules/router_test_directory/router_test.routing.yml
...sts/modules/router_test_directory/router_test.routing.yml
+2
-0
No files found.
core/modules/basic_auth/basic_auth.services.yml
View file @
fa29e0b5
...
...
@@ -4,3 +4,7 @@ services:
arguments
:
[
'
@config.factory'
,
'
@user.auth'
,
'
@flood'
,
'
@entity.manager'
]
tags
:
-
{
name
:
authentication_provider
,
priority
:
100
}
basic_auth.page_cache_request_policy.disallow_basic_auth_requests
:
class
:
Drupal\basic_auth\PageCache\DisallowBasicAuthRequests
tags
:
-
{
name
:
page_cache_request_policy
}
core/modules/basic_auth/src/PageCache/DisallowBasicAuthRequests.php
0 → 100644
View file @
fa29e0b5
<?php
/**
* @file
* Contains \Drupal\basic_auth\PageCache\DisallowBasicAuthRequests.
*/
namespace
Drupal\basic_auth\PageCache
;
use
Drupal\Core\PageCache\RequestPolicyInterface
;
use
Symfony\Component\HttpFoundation\Request
;
/**
* Cache policy for pages served from basic auth.
*
* This policy disallows caching of requests that use basic_auth for security
* reasons. Otherwise responses for authenticated requests can get into the
* page cache and could be delivered to unprivileged users.
*/
class
DisallowBasicAuthRequests
implements
RequestPolicyInterface
{
/**
* {@inheritdoc}
*/
public
function
check
(
Request
$request
)
{
$username
=
$request
->
headers
->
get
(
'PHP_AUTH_USER'
);
$password
=
$request
->
headers
->
get
(
'PHP_AUTH_PW'
);
if
(
isset
(
$username
)
&&
isset
(
$password
))
{
return
self
::
DENY
;
}
}
}
core/modules/basic_auth/src/Tests/Authentication/BasicAuthTest.php
View file @
fa29e0b5
...
...
@@ -29,6 +29,12 @@ class BasicAuthTest extends WebTestBase {
* Test http basic authentication.
*/
public
function
testBasicAuth
()
{
// Enable page caching.
$config
=
$this
->
config
(
'system.performance'
);
$config
->
set
(
'cache.page.use_internal'
,
1
);
$config
->
set
(
'cache.page.max_age'
,
300
);
$config
->
save
();
$account
=
$this
->
drupalCreateUser
();
$url
=
Url
::
fromRoute
(
'router_test.11'
);
...
...
@@ -36,6 +42,8 @@ public function testBasicAuth() {
$this
->
assertText
(
$account
->
getUsername
(),
'Account name is displayed.'
);
$this
->
assertResponse
(
'200'
,
'HTTP response is OK'
);
$this
->
curlClose
();
$this
->
assertFalse
(
$this
->
drupalGetHeader
(
'X-Drupal-Cache'
));
$this
->
assertIdentical
(
strpos
(
$this
->
drupalGetHeader
(
'Cache-Control'
),
'public'
),
FALSE
,
'Cache-Control is not set to public'
);
$this
->
basicAuthGet
(
$url
,
$account
->
getUsername
(),
$this
->
randomMachineName
());
$this
->
assertNoText
(
$account
->
getUsername
(),
'Bad basic auth credentials do not authenticate the user.'
);
...
...
@@ -56,6 +64,15 @@ public function testBasicAuth() {
$this
->
assertNoLink
(
'Log out'
,
'User is not logged in'
);
$this
->
assertResponse
(
'403'
,
'No basic authentication for routes not explicitly defining authentication providers.'
);
$this
->
curlClose
();
// Ensure that pages already in the page cache aren't returned from page
// cache if basic auth credentials are provided.
$url
=
Url
::
fromRoute
(
'router_test.10'
);
$this
->
drupalGet
(
$url
);
$this
->
assertEqual
(
$this
->
drupalGetHeader
(
'X-Drupal-Cache'
),
'MISS'
);
$this
->
basicAuthGet
(
$url
,
$account
->
getUsername
(),
$account
->
pass_raw
);
$this
->
assertFalse
(
$this
->
drupalGetHeader
(
'X-Drupal-Cache'
));
$this
->
assertIdentical
(
strpos
(
$this
->
drupalGetHeader
(
'Cache-Control'
),
'public'
),
FALSE
,
'No page cache response when requesting a cached page with basic auth credentials.'
);
}
/**
...
...
core/modules/system/tests/modules/router_test_directory/router_test.routing.yml
View file @
fa29e0b5
...
...
@@ -48,6 +48,8 @@ router_test.8:
router_test.10
:
path
:
'
/router_test/test10'
options
:
_auth
:
[
'
basic_auth'
,
'
cookie'
]
defaults
:
_controller
:
'
\Drupal\router_test\TestContent::test1'
requirements
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment