Commit f95bc1a7 authored by Mateu Aguiló Bosch's avatar Mateu Aguiló Bosch

Fix authentication for subrequests

parent 257cb98b
......@@ -293,6 +293,7 @@ class RequestTree {
(array) $request->server->getIterator(),
$content
);
// Set the sub-request headers.
foreach ($request->headers as $key => $val) {
$new_request->headers->set($key, $val);
}
......
......@@ -68,7 +68,7 @@ class FrontController extends ControllerBase {
// Handle the requests for the trees at this level and gather the
// responses.
$level_responses = array_map(function (Request $request) {
return $this->httpKernel->handle($request, HttpKernelInterface::SUB_REQUEST);
return $this->httpKernel->handle($request, HttpKernelInterface::MASTER_REQUEST);
}, $requests);
$responses = array_merge(
$responses,
......
......@@ -55,6 +55,7 @@ class JsonSubrequestDenormalizer implements DenormalizerInterface {
$request->setSession($master_request->getSession());
// Replace the headers by the ones in the subrequest.
$request->headers = new HeaderBag($data['headers']);
$this::fixBasicAuth($request);
// Add the content ID to the sub-request.
$content_id = empty($data['requestId'])
......@@ -116,4 +117,22 @@ class JsonSubrequestDenormalizer implements DenormalizerInterface {
}
}
/**
* Adds the decoded username and password headers for Basic Auth.
*
* @param \Symfony\Component\HttpFoundation\Request $request
* The request to fix.
*/
protected static function fixBasicAuth(Request $request) {
// The server will not set the PHP_AUTH_USER and PHP_AUTH_PW for the
// subrequests if needed.
if ($request->headers->has('Authorization')) {
$header = $request->headers->get('Authorization');
if (strpos($header, 'Basic ') === 0) {
list($user, $pass) = explode(':', base64_decode(substr($header, 6)));
$request->headers->set('PHP_AUTH_USER', $user);
$request->headers->set('PHP_AUTH_PW', $pass);
}
}
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment