getBasicAuth credential get
Hello,
regarding the following:
The Callback of array_filter is a boolean, so the result of explode won´t get transferred to current & current will return only e.g. REDIRECT_HTTP_AUTHORIZATION
.
Result is, that username and password always is empty. Is this a since PHP8 thing?
Comments (12)
-
reporter -
repo owner Shouldn’t
array_filter()
always return an array?Just to make sure, it isn’t an other problem: Did you make sure, these lines are included in your
.htaccess
?# Enable URL rewriting RewriteEngine On # This might be needed? RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
-
reporter Just to make sure, it isn’t an other problem: Did you make sure, these lines are included in your
.htaccess
?yes, it is in and with my part of code it works.
Shouldn’t
array_filter()
always return an array?indeed, but just the results of the true/false from Callback.
My ‘only’REDIRECT_HTTP_AUTHORIZATION
was wrong. it returns ['REDIRECT_HTTP_AUTHORIZATION
'] or something like that.
-
repo owner Ok – this is interesting. It seems as if the modified code break the authentication in our test-installation.
Could you post the exact header that you are sending? Maybe you could trace it with Postman or a other network tool. I would like to see, what the script is getting asREDIRECT_HTTP_AUTHORIZATION
-
repo owner Das
false
kommt vomcurrent()
… ich verstehe langsam. -
reporter But i DO NOT try to auth with e.g. fe_user. i try to make a auth with token / api secury key / salt on a differnt table.
Using thepublic function checkAccess($endpoint = []): bool
and
$credentials = \nn\t3::Request()->getBasicAuth();
-
repo owner I cleaned things up here a little – code was getting confusing
Could you check, if this works in your environment?// Replace this in \nn\t3::Request() public function getBasicAuth() { $username = ''; $password = ''; if (isset($_SERVER['PHP_AUTH_USER'])) { $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; } else { $check = ['HTTP_AUTHENTICATION', 'HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION']; foreach ($check as $key) { $value = $_SERVER[$key] ?? false; $isBasic = strpos(strtolower($value), 'basic') === 0; if ($value && $isBasic) { $decodedValue = base64_decode(substr($value, 6)); [$username, $password] = explode(':', $decodedValue) ?: ['', '']; break; } } } if (!$username && !$password) return []; return ['username'=>$username, 'password'=>$password]; }
-
repo owner (FYI: I deleted your headers above so nobody tries authenticating with your key)
-
reporter (FYI: I deleted your headers above so nobody tries authenticating with your key)
Thanks! But already anonymized it. But thats almost always a ERROR-40
-
reporter Could you check, if this works in your environment?
yes, works in my env
-
repo owner Perfect. Thanks!
It‘s in the next release.
-
repo owner - changed status to resolved
- Log in to comment
This could fix it: