mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-22 13:09:44 +05:30
Merge pull request #902 from Sephster/fix-745-without-tests
Only Add Authenticate Header if Present in Original Request. Fix #745
This commit is contained in:
commit
5a499bf03c
@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|||||||
|
|
||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
- No longer set a WWW-Authenticate header for invalid clients if the client did not send an Authorization header in the original request
|
||||||
|
|
||||||
## [7.1.0] - released 2018-04-22
|
## [7.1.0] - released 2018-04-22
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
@ -294,13 +294,9 @@ class OAuthServerException extends \Exception
|
|||||||
// include the "WWW-Authenticate" response header field
|
// include the "WWW-Authenticate" response header field
|
||||||
// matching the authentication scheme used by the client.
|
// matching the authentication scheme used by the client.
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
if ($this->errorType === 'invalid_client') {
|
if ($this->errorType === 'invalid_client' && array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false) {
|
||||||
$authScheme = 'Basic';
|
$authScheme = strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 ? 'Bearer' : 'Basic';
|
||||||
if (array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false
|
|
||||||
&& strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0
|
|
||||||
) {
|
|
||||||
$authScheme = 'Bearer';
|
|
||||||
}
|
|
||||||
$headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"';
|
$headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"';
|
||||||
}
|
}
|
||||||
// @codeCoverageIgnoreEnd
|
// @codeCoverageIgnoreEnd
|
||||||
|
Loading…
Reference in New Issue
Block a user