Merge pull request #53 from hmic/patch-1

ADmad · web-flow · commit b49fbc951d38 · 2017-05-31T23:08:44.000+05:30
Fix #43
diff --git a/src/Auth/JwtAuthenticate.php b/src/Auth/JwtAuthenticate.php
@@ -186,7 +186,7 @@ public function getToken($request = null)
         }
 
         $header = $request->header($config['header']);
-        if ($header) {
+        if ($header && stripos($header, $config['prefix']) === 0) {
             return $this->_token = str_ireplace($config['prefix'] . ' ', '', $header);
         }
 
diff --git a/tests/TestCase/Auth/JwtAuthenticateTest.php b/tests/TestCase/Auth/JwtAuthenticateTest.php
@@ -72,6 +72,10 @@ public function testAuthenticateTokenParameter()
         $request = new Request('posts/index?tokenname=' . $this->token);
         $result = $this->auth->getUser($request, $this->response);
         $this->assertEquals($expected, $result);
+
+        $request = new Request('posts/index?wrongtoken=' . $this->token);
+        $result = $this->auth->getUser($request, $this->response);
+        $this->assertFalse($result);
     }
 
     /**
@@ -95,6 +99,10 @@ public function testAuthenticateTokenHeader()
         $result = $this->auth->getUser($request, $this->response);
         $this->assertEquals($expected, $result);
 
+        $request->env('HTTP_AUTHORIZATION', 'WrongBearer ' . $this->token);
+        $result = $this->auth->getUser($request, $this->response);
+        $this->assertFalse($result);
+
         $this->setExpectedException('UnexpectedValueException');
         $request->env('HTTP_AUTHORIZATION', 'Bearer foobar');
         $result = $this->auth->getUser($request, $this->response);
@@ -117,6 +125,10 @@ public function testAuthenticateNoHeaderWithParameterDisabled()
 
         $result = $this->auth->getUser($request, $this->response);
         $this->assertFalse($result);
+
+        $request = new Request('posts/index?token=' . $this->token);
+        $result = $this->auth->getUser($request, $this->response);
+        $this->assertFalse($result);
     }
 
     /**
@@ -126,18 +138,20 @@ public function testAuthenticateNoHeaderWithParameterDisabled()
      */
     public function testQueryDatasourceFalse()
     {
-        $request = new Request('posts/index');
-
         $expected = [
-            'id' => 99,
-            'username' => 'ADmad',
-            'group' => ['name' => 'admin'],
+                'id' => 99,
+                'username' => 'ADmad',
+                'group' => ['name' => 'admin'],
         ];
-        $request->env(
-            'HTTP_AUTHORIZATION',
-            'Bearer ' . JWT::encode($expected, Security::salt())
-        );
+        $token = JWT::encode($expected, Security::salt());
         $this->auth->config('queryDatasource', false);
+
+        $request = new Request('posts/index');
+        $request->env('HTTP_AUTHORIZATION', 'Bearer ' . $token);
+        $result = $this->auth->getUser($request, $this->response);
+        $this->assertEquals($expected, $result);
+
+        $request = new Request('posts/index?token=' . $token);
         $result = $this->auth->getUser($request, $this->response);
         $this->assertEquals($expected, $result);
     }
@@ -149,12 +163,16 @@ public function testQueryDatasourceFalse()
      */
     public function testWithValidTokenButNoUserInDb()
     {
-        $request = new Request('posts/index');
-
         $token = JWT::encode(['id' => 4], Security::salt());
+
+        $request = new Request('posts/index');
         $request->env('HTTP_AUTHORIZATION', 'Bearer ' . $token);
         $result = $this->auth->getUser($request, $this->response);
         $this->assertFalse($result);
+
+        $request = new Request('posts/index?token=' . $token);
+        $result = $this->auth->getUser($request, $this->response);
+        $this->assertFalse($result);
     }
 
     /**
@@ -270,9 +288,13 @@ public function testCustomKey()
 
         $payload = ['sub' => 100];
         $token = Jwt::encode($payload, $key);
-        $request = new Request();
+
+        $request = new Request('posts/index');
         $request->env('HTTP_AUTHORIZATION', 'Bearer ' . $token);
+        $result = $auth->getUser($request, $this->response);
+        $this->assertEquals($payload, $result);
 
+        $request = new Request('posts/index?token=' . $token);
         $result = $auth->getUser($request, $this->response);
         $this->assertEquals($payload, $result);
     }

Original file line number	Diff line number	Diff line change
`@@ -186,7 +186,7 @@ public function getToken($request = null)`
`186`	`186`	`}`
`187`	`187`
`188`	`188`	`$header = $request->header($config['header']);`
`189`		`- if ($header) {`
	`189`	`+ if ($header && stripos($header, $config['prefix']) === 0) {`
`190`	`190`	`return $this->_token = str_ireplace($config['prefix'] . ' ', '', $header);`
`191`	`191`	`}`
`192`	`192`