mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-22 13:09:44 +05:30
Merge pull request #902 from Sephster/fix-745-without-tests
Only Add Authenticate Header if Present in Original Request. Fix #745
This commit is contained in:
commit
5a499bf03c
@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
### Fixed
|
||||
- No longer set a WWW-Authenticate header for invalid clients if the client did not send an Authorization header in the original request
|
||||
|
||||
## [7.1.0] - released 2018-04-22
|
||||
|
||||
### Changed
|
||||
|
@ -294,13 +294,9 @@ class OAuthServerException extends \Exception
|
||||
// include the "WWW-Authenticate" response header field
|
||||
// matching the authentication scheme used by the client.
|
||||
// @codeCoverageIgnoreStart
|
||||
if ($this->errorType === 'invalid_client') {
|
||||
$authScheme = 'Basic';
|
||||
if (array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false
|
||||
&& strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0
|
||||
) {
|
||||
$authScheme = 'Bearer';
|
||||
}
|
||||
if ($this->errorType === 'invalid_client' && array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false) {
|
||||
$authScheme = strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 ? 'Bearer' : 'Basic';
|
||||
|
||||
$headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"';
|
||||
}
|
||||
// @codeCoverageIgnoreEnd
|
||||
|
Loading…
Reference in New Issue
Block a user