mirror of
https://github.com/phpbb/phpbb.git
synced 2025-10-11 23:14:34 +02:00
[ticket/15085] Add HTTPS requirement for HTTP authentication on feeds
PHPBB-15085
This commit is contained in:
Marc Alexander
@@ -72,6 +72,12 @@ class http_auth_subscriber implements EventSubscriberInterface
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Only allow HTTP authentication in secure context (HTTPS)
|
||||||
|
if (!$request->isSecure())
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// Check if HTTP authentication is enabled
|
// Check if HTTP authentication is enabled
|
||||||
if (!$this->config['feed_http_auth'])
|
if (!$this->config['feed_http_auth'])
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -95,6 +95,39 @@ class http_auth_subscriber_test extends \phpbb_test_case
|
|||||||
$this->subscriber->on_kernel_request($event);
|
$this->subscriber->on_kernel_request($event);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function test_insecure_connection_skipped()
|
||||||
|
{
|
||||||
|
$request = $this->getMockBuilder('\Symfony\Component\HttpFoundation\Request')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
|
||||||
|
$request->attributes = $this->getMockBuilder('\Symfony\Component\HttpFoundation\ParameterBag')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
|
||||||
|
$request->attributes->expects($this->once())
|
||||||
|
->method('get')
|
||||||
|
->with('_route')
|
||||||
|
->willReturn('phpbb_feed_overall');
|
||||||
|
|
||||||
|
$request->expects($this->once())
|
||||||
|
->method('isSecure')
|
||||||
|
->willReturn(false);
|
||||||
|
|
||||||
|
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\GetResponseEvent')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
|
||||||
|
$event->expects($this->once())
|
||||||
|
->method('getRequest')
|
||||||
|
->willReturn($request);
|
||||||
|
|
||||||
|
$event->expects($this->never())
|
||||||
|
->method('setResponse');
|
||||||
|
|
||||||
|
$this->subscriber->on_kernel_request($event);
|
||||||
|
}
|
||||||
|
|
||||||
public function test_http_auth_disabled()
|
public function test_http_auth_disabled()
|
||||||
{
|
{
|
||||||
$this->config['feed_http_auth'] = 0;
|
$this->config['feed_http_auth'] = 0;
|
||||||
@@ -112,6 +145,10 @@ class http_auth_subscriber_test extends \phpbb_test_case
|
|||||||
->with('_route')
|
->with('_route')
|
||||||
->willReturn('phpbb_feed_overall');
|
->willReturn('phpbb_feed_overall');
|
||||||
|
|
||||||
|
$request->expects($this->once())
|
||||||
|
->method('isSecure')
|
||||||
|
->willReturn(true);
|
||||||
|
|
||||||
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\GetResponseEvent')
|
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\GetResponseEvent')
|
||||||
->disableOriginalConstructor()
|
->disableOriginalConstructor()
|
||||||
->getMock();
|
->getMock();
|
||||||
@@ -143,6 +180,10 @@ class http_auth_subscriber_test extends \phpbb_test_case
|
|||||||
->with('_route')
|
->with('_route')
|
||||||
->willReturn('phpbb_feed_overall');
|
->willReturn('phpbb_feed_overall');
|
||||||
|
|
||||||
|
$request->expects($this->once())
|
||||||
|
->method('isSecure')
|
||||||
|
->willReturn(true);
|
||||||
|
|
||||||
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\GetResponseEvent')
|
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\GetResponseEvent')
|
||||||
->disableOriginalConstructor()
|
->disableOriginalConstructor()
|
||||||
->getMock();
|
->getMock();
|
||||||
|
|||||||
Reference in New Issue
Block a user