Skip to content
Snippets Groups Projects
Unverified Commit f95bc1a7 authored by Mateu Aguiló Bosch's avatar Mateu Aguiló Bosch
Browse files

Fix authentication for subrequests

parent 257cb98b
Branches
Tags
No related merge requests found
......@@ -293,6 +293,7 @@ class RequestTree {
(array) $request->server->getIterator(),
$content
);
// Set the sub-request headers.
foreach ($request->headers as $key => $val) {
$new_request->headers->set($key, $val);
}
......
......@@ -68,7 +68,7 @@ class FrontController extends ControllerBase {
// Handle the requests for the trees at this level and gather the
// responses.
$level_responses = array_map(function (Request $request) {
return $this->httpKernel->handle($request, HttpKernelInterface::SUB_REQUEST);
return $this->httpKernel->handle($request, HttpKernelInterface::MASTER_REQUEST);
}, $requests);
$responses = array_merge(
$responses,
......
......@@ -55,6 +55,7 @@ class JsonSubrequestDenormalizer implements DenormalizerInterface {
$request->setSession($master_request->getSession());
// Replace the headers by the ones in the subrequest.
$request->headers = new HeaderBag($data['headers']);
$this::fixBasicAuth($request);
// Add the content ID to the sub-request.
$content_id = empty($data['requestId'])
......@@ -116,4 +117,22 @@ class JsonSubrequestDenormalizer implements DenormalizerInterface {
}
}
/**
* Adds the decoded username and password headers for Basic Auth.
*
* @param \Symfony\Component\HttpFoundation\Request $request
* The request to fix.
*/
protected static function fixBasicAuth(Request $request) {
// The server will not set the PHP_AUTH_USER and PHP_AUTH_PW for the
// subrequests if needed.
if ($request->headers->has('Authorization')) {
$header = $request->headers->get('Authorization');
if (strpos($header, 'Basic ') === 0) {
list($user, $pass) = explode(':', base64_decode(substr($header, 6)));
$request->headers->set('PHP_AUTH_USER', $user);
$request->headers->set('PHP_AUTH_PW', $pass);
}
}
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment