Skip to content

Commit 7ffd5bd

Browse files
splitbrainsplitbrain
committed
alternative token header support
The Authorization header is not always passed on to PHP, depending on the setup (See https://stackoverflow.com/q/34472303 for examples and workarounds). This patch adds support for an alternative X-DokuWiki-Token header that can be used when using token authentication and the standard Authorization header can not be used.
1 parent df2dbbd commit 7ffd5bd

File tree

2 files changed

+30
-8
lines changed

2 files changed

+30
-8
lines changed

_test/tests/inc/JWTTest.php

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,4 +79,14 @@ public function testLogin()
7979
$this->assertEquals('testuser', $_SERVER['REMOTE_USER']);
8080
unset($_SERVER['HTTP_AUTHORIZATION']);
8181
}
82+
83+
public function testLoginAlternativeHeader()
84+
{
85+
$_SERVER['HTTP_X-DOKUWIKI-TOKEN'] = JWT::fromUser('testuser')->getToken();
86+
87+
$this->assertArrayNotHasKey('REMOTE_USER', $_SERVER);
88+
auth_tokenlogin();
89+
$this->assertEquals('testuser', $_SERVER['REMOTE_USER']);
90+
unset($_SERVER['HTTP_X-DOKUWIKI-TOKEN']);
91+
}
8292
}

inc/auth.php

Lines changed: 20 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -185,18 +185,30 @@ function auth_tokenlogin()
185185
global $auth;
186186
if (!$auth) return false;
187187

188-
// see if header has token
189-
$header = '';
188+
// get the headers, either from Apache or from $_SERVER
190189
if (function_exists('getallheaders')) {
191-
// Authorization headers are not in $_SERVER for mod_php
192190
$headers = array_change_key_case(getallheaders());
193-
if (isset($headers['authorization'])) $header = $headers['authorization'];
194191
} else {
195-
$header = $INPUT->server->str('HTTP_AUTHORIZATION');
192+
$headers = [];
193+
foreach ($_SERVER as $key => $value) {
194+
if (substr($key, 0, 5) === 'HTTP_') {
195+
$headers[strtolower(substr($key, 5))] = $value;
196+
}
197+
}
198+
}
199+
200+
// check authorization header
201+
if (isset($headers['authorization'])) {
202+
[$type, $token] = sexplode(' ', $headers['authorization'], 2);
203+
if ($type !== 'Bearer') $token = ''; // not the token we want
196204
}
197-
if (!$header) return false;
198-
[$type, $token] = sexplode(' ', $header, 2);
199-
if ($type !== 'Bearer') return false;
205+
206+
// check x-dokuwiki-token header
207+
if (isset($headers['x-dokuwiki-token'])) {
208+
$token = $headers['x-dokuwiki-token'];
209+
}
210+
211+
if (empty($token)) return false;
200212

201213
// check token
202214
try {

0 commit comments

Comments
 (0)