Skip to content

Commit ddb4a21

Browse files
yoshzchalasr
yoshz
authored and
chalasr
committed
OAuth2Authenticator should only support Bearer authorizations
1 parent f371350 commit ddb4a21

File tree

4 files changed

+4
-5
lines changed

4 files changed

+4
-5
lines changed

src/Security/Authenticator/OAuth2Authenticator.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ public function __construct(
6464

6565
public function supports(Request $request): ?bool
6666
{
67-
return null;
67+
return 0 === strpos($request->headers->get('Authorization', ''), 'Bearer ');
6868
}
6969

7070
public function start(Request $request, AuthenticationException $authException = null): Response

tests/Acceptance/SecurityLayerTest.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -149,7 +149,7 @@ public function testInvalidRequest(): void
149149

150150
$response = $this->client->getResponse();
151151

152-
$this->assertSame(401, $response->getStatusCode());
153-
$this->assertSame('Bearer', $response->headers->get('WWW-Authenticate'));
152+
$this->assertSame(200, $response->getStatusCode());
153+
$this->assertSame('Hello, guest', $response->getContent());
154154
}
155155
}

tests/Fixtures/SecurityTestController.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ public function helloAction(): Response
2828
$user = $this->getUser();
2929

3030
return new Response(
31-
sprintf('Hello, %s', $user instanceof NullUser ? 'guest' : (method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername()))
31+
sprintf('Hello, %s', null === $user || $user instanceof NullUser ? 'guest' : (method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername()))
3232
);
3333
}
3434

tests/Integration/AuthorizationServerTest.php

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -312,7 +312,6 @@ public function testInvalidCredentialsPasswordGrant(): void
312312

313313
$response = $this->handleTokenRequest($request);
314314

315-
// Response assertions.
316315
$this->assertSame('invalid_grant', $response['error']);
317316
}
318317

0 commit comments

Comments
 (0)