Hello all,
My current server configuration dont send Basic credentials with
$_Server['PHP_AUTH_USER'] mechanism, then the
BasicAuthentificationListener can retrieve credentials.
Here is the workaround i found:
1) Add a rewrite rule in the .htaccess file:
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]
2) Modify the "handle()" function to retrive credentials from the
$_SERVER['REMOTE_USER'] variable:
instead of:
public function handle(Event $event)
{
$request = $event->get('request');
if (false === $username = $request->server->get('PHP_AUTH_USER',
false)) {
// var_dump($request);
return;
}
...
}
insert this part:
public function handle(Event $event)
{
$request = $event->get('request');
if(false === $request->server->get('PHP_AUTH_USER', false) &&
$request->server->get('REMOTE_USER', false)){
$decodedCredential =
base64_decode(substr($_SERVER["REMOTE_USER"],
6)) ;
$decodedCredential = explode(":", $decodedCredential);
if ( count($decodedCredential) == 2 ){
list($name, $password) = $decodedCredential;
$request->server->set('PHP_AUTH_USER', $name);
$request->server->set('PHP_AUTH_PWD',
$password);
}
}
if (false === $username = $request->server->get('PHP_AUTH_USER',
false)) {
// var_dump($request);
return;
}
This worked for me, hope this can help.
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
