From a3d4f583eda467012ac928056d2a84d05bbe520d Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Thu, 17 May 2018 13:06:03 +0100 Subject: [PATCH 1/6] Fix #745 --- src/Exception/OAuthServerException.php | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index 65fe861e..24179ce5 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -294,14 +294,8 @@ class OAuthServerException extends \Exception // include the "WWW-Authenticate" response header field // matching the authentication scheme used by the client. // @codeCoverageIgnoreStart - if ($this->errorType === 'invalid_client') { - $authScheme = 'Basic'; - if (array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false - && strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 - ) { - $authScheme = 'Bearer'; - } - $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"'; + if ($this->errorType === 'invalid_client' && array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false) { + $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"'; } // @codeCoverageIgnoreEnd return $headers; From 8a25e0a01b1367c748d024019ddd34d48861171e Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Thu, 17 May 2018 13:12:32 +0100 Subject: [PATCH 2/6] Update changelog --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bece8e44..dcac3bfd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [Unreleased] +### Fixed +- No longer set a WWW-Authenticate header for invalid clients if the client did not send an Authorization header in the original request + ## [7.1.0] - released 2018-04-22 ### Changed From 19d782d223710e604e3650666412b8b8be2cc2ba Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Thu, 17 May 2018 13:13:30 +0100 Subject: [PATCH 3/6] Fix alignment --- src/Exception/OAuthServerException.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index 24179ce5..9b798f76 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -295,7 +295,7 @@ class OAuthServerException extends \Exception // matching the authentication scheme used by the client. // @codeCoverageIgnoreStart if ($this->errorType === 'invalid_client' && array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false) { - $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"'; + $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"'; } // @codeCoverageIgnoreEnd return $headers; From 3ea0cdc9365d427fe863c94939a2dba952c9f158 Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Thu, 17 May 2018 13:19:32 +0100 Subject: [PATCH 4/6] Set authScheme --- src/Exception/OAuthServerException.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index 9b798f76..fe615262 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -295,6 +295,8 @@ class OAuthServerException extends \Exception // matching the authentication scheme used by the client. // @codeCoverageIgnoreStart if ($this->errorType === 'invalid_client' && array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false) { + $authScheme = strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 ? 'Bearer' : 'Basic'; + $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"'; } // @codeCoverageIgnoreEnd From 0242d0c9968e55cb8737470f55882a13f7f8c895 Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Thu, 17 May 2018 13:21:39 +0100 Subject: [PATCH 5/6] Remove spaces at end of line --- src/Exception/OAuthServerException.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index fe615262..14297e75 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -295,7 +295,7 @@ class OAuthServerException extends \Exception // matching the authentication scheme used by the client. // @codeCoverageIgnoreStart if ($this->errorType === 'invalid_client' && array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false) { - $authScheme = strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 ? 'Bearer' : 'Basic'; + $authScheme = strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 ? 'Bearer' : 'Basic'; $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"'; } From 2e3ee60a2ac5ba0a7eb5673884f1e156438ce6a1 Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Thu, 17 May 2018 13:27:30 +0100 Subject: [PATCH 6/6] Remove additional whitespace --- src/Exception/OAuthServerException.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index 14297e75..a62d961d 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -295,7 +295,7 @@ class OAuthServerException extends \Exception // matching the authentication scheme used by the client. // @codeCoverageIgnoreStart if ($this->errorType === 'invalid_client' && array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false) { - $authScheme = strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 ? 'Bearer' : 'Basic'; + $authScheme = strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 ? 'Bearer' : 'Basic'; $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"'; }