Merge pull request #28 from olssonm/realm-fixup

Realm fixup
olssonm · Jun 7, 2018 · f2e3c6e · f2e3c6e
2 parents 2a8d509 + fa253e2
commit f2e3c6e
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 22 deletions.
diff --git a/README.md b/README.md
@@ -160,7 +160,8 @@ Laravel always runs in the "testing" environment while running tests. Make sure
 A big thank you to the people who has contributed to this package, among others:
 
 **[kazuhei](https://github.com/kazuhei)** – for providing the awesome Japanese translation  
-**[freekmurze](https://github.com/freekmurze)** – for additional information on package/vendor installations
+**[freekmurze](https://github.com/freekmurze)** – for additional information on package/vendor installations  
+**[faiare](https://github.com/faiare)** – for pointing out and implementing the `realm`-attribute ([RFC7235](https://tools.ietf.org/html/rfc7235#section-2.2))
 
 
 ## License

diff --git a/composer.json b/composer.json
@@ -21,7 +21,7 @@
         "php" : "^7.0"
     },
     "require-dev": {
-        "phpunit/phpunit": "^6.5 || ^7.0",
+        "phpunit/phpunit": "^6.5 || 7.1",
         "orchestra/testbench": "~3.4.0|~3.5.0|~3.6.0"
     },
     "autoload": {

diff --git a/src/Http/Middleware/VeryBasicAuth.php b/src/Http/Middleware/VeryBasicAuth.php
@@ -13,27 +13,24 @@ class VeryBasicAuth
      */
     public function handle($request, Closure $next)
     {
-        // Load configuration
-        $config = config('very_basic_auth');
-
         // Check if middleware is in use in current environment
-        if(in_array('*', $config['envs']) || in_array(app()->environment(), $config['envs'])) {
-            if($request->getUser() != $config['user'] || $request->getPassword() != $config['password']) {
+        if(count(array_intersect(['*', app()->environment()], config('very_basic_auth.envs'))) > 0) {
 
-                if (!isset($config['realm'])) {
-                    $config['realm'] = 'Basic Auth';
-                }
+            // Check for credentials
+            if($request->getUser() != config('very_basic_auth.user') || $request->getPassword() != config('very_basic_auth.password')) {
 
-                $header = ['WWW-Authenticate' => 'Basic realm="' . $config['realm'] . '"'];
+                // Build header
+                $header = ['WWW-Authenticate' => sprintf('Basic realm="%s", charset="UTF-8"', config('very_basic_auth.realm', 'Basic Auth'))];
 
                 // If view is available
-                if (isset($config['error_view'])) {
-                    return response()->view($config['error_view'], [], 401)
+                $view = config('very_basic_auth.error_view');
+                if (isset($view)) {
+                    return response()->view($view, [], 401)
                         ->withHeaders($header);
                 }
 
                 // Else return default message
-                return response($config['error_message'], 401, $header);
+                return response(config('very_basic_auth.error_message'), 401, $header);
             }
         }
 

diff --git a/src/config.stub b/src/config.stub
@@ -18,7 +18,8 @@
         // Message to display if the user "opts out"/clicks "cancel"
         'error_message'     => 'You have to supply your credentials to access this resource.',
 
-        // Message to display in Auth Dialog.
+        // Message to display in the auth dialiog in some browsers (mainly Internet Explorer).
+        // Realm is also used to define a "space" that should share crentials.
         'realm'             => 'Basic Auth',
 
         // If you prefer to use a view with your error message you can uncomment "error_view".

diff --git a/tests/VeryBasicAuthTests.php b/tests/VeryBasicAuthTests.php
@@ -53,7 +53,7 @@ public function test_very_basic_auth_authenticate_no_credentials()
 
         $realm = config('very_basic_auth.realm', 'Basic Auth');
 
-		$this->assertEquals('Basic realm="' . $realm . '"', $result->headers->get('www-authenticate'));
+		$this->assertEquals('Basic realm="' . $realm . '", charset="UTF-8"', $result->headers->get('WWW-Authenticate'));
 		$this->assertEquals(401, $result->getStatusCode());
         $this->assertEquals(config('very_basic_auth.error_message'), $result->getContent());
 	}
@@ -78,7 +78,7 @@ public function test_very_basic_auth_authenticate_incorrect_credentials()
 
         $realm = config('very_basic_auth.realm', 'Basic Auth');
 
-        $this->assertEquals('Basic realm="' . $realm . '"', $result->headers->get('www-authenticate'));
+        $this->assertEquals('Basic realm="' . $realm . '", charset="UTF-8"', $result->headers->get('WWW-Authenticate'));
 		$this->assertEquals(401, $result->getStatusCode());
         $this->assertEquals(config('very_basic_auth.error_message'), $result->getContent());
 	}
@@ -103,7 +103,7 @@ public function test_very_basic_auth_authenticate_incorrect_password()
 
         $realm = config('very_basic_auth.realm', 'Basic Auth');
 
-        $this->assertEquals('Basic realm="' . $realm . '"', $result->headers->get('www-authenticate'));
+        $this->assertEquals('Basic realm="' . $realm . '", charset="UTF-8"', $result->headers->get('WWW-Authenticate'));
 		$this->assertEquals(401, $result->getStatusCode());
         $this->assertEquals(config('very_basic_auth.error_message'), $result->getContent());
 	}
@@ -128,7 +128,7 @@ public function test_very_basic_auth_authenticate_incorrect_user()
 
         $realm = config('very_basic_auth.realm', 'Basic Auth');
 
-        $this->assertEquals('Basic realm="' . $realm . '"', $result->headers->get('www-authenticate'));
+        $this->assertEquals('Basic realm="' . $realm . '", charset="UTF-8"', $result->headers->get('WWW-Authenticate'));
 		$this->assertEquals(401, $result->getStatusCode());
         $this->assertEquals(config('very_basic_auth.error_message'), $result->getContent());
 	}
@@ -178,7 +178,7 @@ public function test_very_basic_auth_view_incorrect_credentials()
 
         $realm = config('very_basic_auth.realm', 'Basic Auth');
 
-        $this->assertEquals('Basic realm="' . $realm . '"', $result->headers->get('www-authenticate'));
+        $this->assertEquals('Basic realm="' . $realm . '", charset="UTF-8"', $result->headers->get('WWW-Authenticate'));
 		$this->assertEquals(401, $result->getStatusCode());
         $this->assertContains('This is the default view for the l5-very-basic-auth-package', $result->getContent());
 	}
@@ -217,7 +217,7 @@ public function test_very_basic_auth_env_testing()
 
         $realm = config('very_basic_auth.realm', 'Basic Auth');
 
-        $this->assertEquals('Basic realm="' . $realm . '"', $result->headers->get('www-authenticate'));
+        $this->assertEquals('Basic realm="' . $realm . '", charset="UTF-8"', $result->headers->get('WWW-Authenticate'));
 		$this->assertEquals(401, $result->getStatusCode());
         $this->assertEquals(config('very_basic_auth.error_message'), $result->getContent());
 	}
@@ -238,7 +238,7 @@ public function test_very_basic_auth_env_wildcard()
 
         $realm = config('very_basic_auth.realm', 'Basic Auth');
 
-        $this->assertEquals('Basic realm="' . $realm . '"', $result->headers->get('www-authenticate'));
+        $this->assertEquals('Basic realm="' . $realm . '", charset="UTF-8"', $result->headers->get('WWW-Authenticate'));
 		$this->assertEquals(401, $result->getStatusCode());
         $this->assertEquals(config('very_basic_auth.error_message'), $result->getContent());
 	}