bug #17478 [HttpFoundation] Do not overwrite the Authorization header if it is already set (jakzal)

fabpot · fabpot · commit 9a90cde4ed72 · 2016-01-22T07:46:45.000+01:00
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes #17478). Discussion ---------- [HttpFoundation] Do not overwrite the Authorization header if it is already set | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #17345 | License | MIT | Doc PR | - Commits ------- 53ebfda [HttpFoundation] Do not overwrite the Authorization header if it is already set
diff --git a/src/Symfony/Component/HttpFoundation/ServerBag.php b/src/Symfony/Component/HttpFoundation/ServerBag.php
@@ -86,6 +86,10 @@ public function getHeaders()
             }
         }
 
+        if (isset($headers['AUTHORIZATION'])) {
+            return $headers;
+        }
+
         // PHP_AUTH_USER/PHP_AUTH_PW
         if (isset($headers['PHP_AUTH_USER'])) {
             $headers['AUTHORIZATION'] = 'Basic '.base64_encode($headers['PHP_AUTH_USER'].':'.$headers['PHP_AUTH_PW']);
diff --git a/src/Symfony/Component/HttpFoundation/Tests/ServerBagTest.php b/src/Symfony/Component/HttpFoundation/Tests/ServerBagTest.php
@@ -151,4 +151,19 @@ public function testOAuthBearerAuthWithRedirect()
             'AUTHORIZATION' => $headerContent,
         ), $bag->getHeaders());
     }
+
+    /**
+     * @see https://github.com/symfony/symfony/issues/17345
+     */
+    public function testItDoesNotOverwriteTheAuthorizationHeaderIfItIsAlreadySet()
+    {
+        $headerContent = 'Bearer L-yLEOr9zhmUYRkzN1jwwxwQ-PBNiKDc8dgfB4hTfvo';
+        $bag = new ServerBag(array('PHP_AUTH_USER' => 'foo', 'HTTP_AUTHORIZATION' => $headerContent));
+
+        $this->assertEquals(array(
+            'AUTHORIZATION' => $headerContent,
+            'PHP_AUTH_USER' => 'foo',
+            'PHP_AUTH_PW' => '',
+        ), $bag->getHeaders());
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -86,6 +86,10 @@ public function getHeaders()`
`86`	`86`	`}`
`87`	`87`	`}`
`88`	`88`
	`89`	`+ if (isset($headers['AUTHORIZATION'])) {`
	`90`	`+ return $headers;`
	`91`	`+ }`
	`92`	`+`
`89`	`93`	`// PHP_AUTH_USER/PHP_AUTH_PW`
`90`	`94`	`if (isset($headers['PHP_AUTH_USER'])) {`
`91`	`95`	`$headers['AUTHORIZATION'] = 'Basic '.base64_encode($headers['PHP_AUTH_USER'].':'.$headers['PHP_AUTH_PW']);`