Update Composer, update everything
This commit is contained in:
Oliver Davies
parent
ea3e94409f
commit
dda5c284b6
19527 changed files with 1135420 additions and 351004 deletions
|
|
@ -5,4 +5,4 @@ package: Web services
|
|||
version: VERSION
|
||||
core: 8.x
|
||||
dependencies:
|
||||
- user
|
||||
- drupal:user
|
||||
|
|
|
|||
|
|
@ -2,15 +2,16 @@
|
|||
|
||||
namespace Drupal\basic_auth\Authentication\Provider;
|
||||
|
||||
use Drupal\Component\Utility\SafeMarkup;
|
||||
use Drupal\Component\Render\FormattableMarkup;
|
||||
use Drupal\Core\Authentication\AuthenticationProviderInterface;
|
||||
use Drupal\Core\Authentication\AuthenticationProviderChallengeInterface;
|
||||
use Drupal\Core\Cache\CacheableMetadata;
|
||||
use Drupal\Core\Config\ConfigFactoryInterface;
|
||||
use Drupal\Core\Entity\EntityManagerInterface;
|
||||
use Drupal\Core\Flood\FloodInterface;
|
||||
use Drupal\Core\Http\Exception\CacheableUnauthorizedHttpException;
|
||||
use Drupal\user\UserAuthInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
|
||||
|
||||
/**
|
||||
* HTTP Basic authentication provider.
|
||||
|
|
@ -126,11 +127,35 @@ class BasicAuth implements AuthenticationProviderInterface, AuthenticationProvid
|
|||
* {@inheritdoc}
|
||||
*/
|
||||
public function challengeException(Request $request, \Exception $previous) {
|
||||
$site_name = $this->configFactory->get('system.site')->get('name');
|
||||
$challenge = SafeMarkup::format('Basic realm="@realm"', [
|
||||
$site_config = $this->configFactory->get('system.site');
|
||||
$site_name = $site_config->get('name');
|
||||
$challenge = new FormattableMarkup('Basic realm="@realm"', [
|
||||
'@realm' => !empty($site_name) ? $site_name : 'Access restricted',
|
||||
]);
|
||||
return new UnauthorizedHttpException((string) $challenge, 'No authentication credentials provided.', $previous);
|
||||
|
||||
// A 403 is converted to a 401 here, but it doesn't matter what the
|
||||
// cacheability was of the 403 exception: what matters here is that
|
||||
// authentication credentials are missing, i.e. that this request was made
|
||||
// as the anonymous user.
|
||||
// Therefore, all we must do, is make this response:
|
||||
// 1. vary by whether the current user has the 'anonymous' role or not. This
|
||||
// works fine because:
|
||||
// - Thanks to \Drupal\basic_auth\PageCache\DisallowBasicAuthRequests,
|
||||
// Page Cache never caches a response whose request has Basic Auth
|
||||
// credentials.
|
||||
// - Dynamic Page Cache will cache a different result for when the
|
||||
// request is unauthenticated (this 401) versus authenticated (some
|
||||
// other response)
|
||||
// 2. have the 'config:user.role.anonymous' cache tag, because the only
|
||||
// reason this 401 would no longer be a 401 is if permissions for the
|
||||
// 'anonymous' role change, causing that cache tag to be invalidated.
|
||||
// @see \Drupal\Core\EventSubscriber\AuthenticationSubscriber::onExceptionSendChallenge()
|
||||
// @see \Drupal\Core\EventSubscriber\ClientErrorResponseSubscriber()
|
||||
// @see \Drupal\Core\EventSubscriber\FinishResponseSubscriber::onAllResponds()
|
||||
$cacheability = CacheableMetadata::createFromObject($site_config)
|
||||
->addCacheTags(['config:user.role.anonymous'])
|
||||
->addCacheContexts(['user.roles:anonymous']);
|
||||
return new CacheableUnauthorizedHttpException($cacheability, (string) $challenge, 'No authentication credentials provided.', $previous);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
namespace Drupal\basic_auth\Tests;
|
||||
|
||||
@trigger_error(__FILE__ . ' is deprecated in Drupal 8.3.0 and will be removed before Drupal 9.0.0. Use \Drupal\Tests\basic_auth\Traits\BasicAuthTestTrait instead. See https://www.drupal.org/node/2862800.', E_USER_DEPRECATED);
|
||||
@trigger_error(__NAMESPACE__ . '\BasicAuthTestTrait is deprecated in Drupal 8.3.0 and will be removed before Drupal 9.0.0. Use \Drupal\Tests\basic_auth\Traits\BasicAuthTestTrait instead. See https://www.drupal.org/node/2862800.', E_USER_DEPRECATED);
|
||||
|
||||
/**
|
||||
* Provides common functionality for Basic Authentication test classes.
|
||||
|
|
|
|||
|
|
@ -2,11 +2,12 @@
|
|||
|
||||
namespace Drupal\Tests\basic_auth\Functional;
|
||||
|
||||
use Drupal\Component\Utility\SafeMarkup;
|
||||
use Drupal\Component\Render\FormattableMarkup;
|
||||
use Drupal\Core\Url;
|
||||
use Drupal\Tests\basic_auth\Traits\BasicAuthTestTrait;
|
||||
use Drupal\language\Entity\ConfigurableLanguage;
|
||||
use Drupal\Tests\BrowserTestBase;
|
||||
use Drupal\user\Entity\Role;
|
||||
|
||||
/**
|
||||
* Tests for BasicAuth authentication provider.
|
||||
|
|
@ -49,7 +50,7 @@ class BasicAuthTest extends BrowserTestBase {
|
|||
$this->mink->resetSessions();
|
||||
|
||||
$this->drupalGet($url);
|
||||
$this->assertEqual($this->drupalGetHeader('WWW-Authenticate'), SafeMarkup::format('Basic realm="@realm"', ['@realm' => \Drupal::config('system.site')->get('name')]));
|
||||
$this->assertEqual($this->drupalGetHeader('WWW-Authenticate'), new FormattableMarkup('Basic realm="@realm"', ['@realm' => \Drupal::config('system.site')->get('name')]));
|
||||
$this->assertResponse('401', 'Not authenticated on the route that allows only basic_auth. Prompt to authenticate received.');
|
||||
|
||||
$this->drupalGet('admin');
|
||||
|
|
@ -180,6 +181,47 @@ class BasicAuthTest extends BrowserTestBase {
|
|||
$this->assertText('Access denied', "A user friendly access denied message is displayed");
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests the cacheability of Basic Auth's 401 response.
|
||||
*
|
||||
* @see \Drupal\basic_auth\Authentication\Provider\BasicAuth::challengeException()
|
||||
*/
|
||||
public function testCacheabilityOf401Response() {
|
||||
$session = $this->getSession();
|
||||
$url = Url::fromRoute('router_test.11');
|
||||
|
||||
$assert_response_cacheability = function ($expected_page_cache_header_value, $expected_dynamic_page_cache_header_value) use ($session, $url) {
|
||||
$this->drupalGet($url);
|
||||
$this->assertSession()->statusCodeEquals(401);
|
||||
$this->assertSame($expected_page_cache_header_value, $session->getResponseHeader('X-Drupal-Cache'));
|
||||
$this->assertSame($expected_dynamic_page_cache_header_value, $session->getResponseHeader('X-Drupal-Dynamic-Cache'));
|
||||
};
|
||||
|
||||
// 1. First request: cold caches, both Page Cache and Dynamic Page Cache are
|
||||
// now primed.
|
||||
$assert_response_cacheability('MISS', 'MISS');
|
||||
// 2. Second request: Page Cache HIT, we don't even hit Dynamic Page Cache.
|
||||
// This is going to keep happening.
|
||||
$assert_response_cacheability('HIT', 'MISS');
|
||||
// 3. Third request: after clearing Page Cache, we now see that Dynamic Page
|
||||
// Cache is a HIT too.
|
||||
$this->container->get('cache.page')->deleteAll();
|
||||
$assert_response_cacheability('MISS', 'HIT');
|
||||
// 4. Fourth request: warm caches.
|
||||
$assert_response_cacheability('HIT', 'HIT');
|
||||
|
||||
// If the permissions of the 'anonymous' role change, it may no longer be
|
||||
// necessary to be authenticated to access this route. Therefore the cached
|
||||
// 401 responses should be invalidated.
|
||||
$this->grantPermissions(Role::load(Role::ANONYMOUS_ID), [$this->randomMachineName()]);
|
||||
$assert_response_cacheability('MISS', 'MISS');
|
||||
$assert_response_cacheability('HIT', 'MISS');
|
||||
// Idem for when the 'system.site' config changes.
|
||||
$this->config('system.site')->save();
|
||||
$assert_response_cacheability('MISS', 'MISS');
|
||||
$assert_response_cacheability('HIT', 'MISS');
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests if the controller is called before authentication.
|
||||
*
|
||||
|
|
|
|||
Reference in a new issue