public function testAtomAcceptHeaderSelectsFeedStrategy() { $request = new HttpRequest(); $request->headers()->addHeaderLine('Accept', 'application/atom+xml'); $this->event->setRequest($request); $result = $this->strategy->selectRenderer($this->event); $this->assertSame($this->renderer, $result); }
public function testRequestCanSetHeaders() { $request = new Request(); $headers = new \Zend\Http\Headers(); $ret = $request->setHeaders($headers); $this->assertInstanceOf('Zend\\Http\\Request', $ret); $this->assertSame($headers, $request->headers()); }
public function testJavascriptAcceptHeaderSelectsJsonStrategyAndSetsJsonpCallback() { $request = new HttpRequest(); $request->headers()->addHeaderLine('Accept', 'application/javascript'); $request->setQuery(new Parameters(array('callback' => 'foo'))); $this->event->setRequest($request); $result = $this->strategy->selectRenderer($this->event); $this->assertSame($this->renderer, $result); $this->assertTrue($result->hasJsonpCallback()); }
/** * Parse Digest Authorization header * * @param string $header Client's Authorization: HTTP header * @return array|false Data elements from header, or false if any part of * the header is invalid */ protected function _parseDigestAuth($header) { $temp = null; $data = array(); // See ZF-1052. Detect invalid usernames instead of just returning a // 400 code. $ret = preg_match('/username="******"]+)"/', $header, $temp); if (!$ret || empty($temp[1]) || !ctype_print($temp[1]) || strpos($temp[1], ':') !== false) { $data['username'] = '******'; } else { $data['username'] = $temp[1]; } $temp = null; $ret = preg_match('/realm="([^"]+)"/', $header, $temp); if (!$ret || empty($temp[1])) { return false; } if (!ctype_print($temp[1]) || strpos($temp[1], ':') !== false) { return false; } else { $data['realm'] = $temp[1]; } $temp = null; $ret = preg_match('/nonce="([^"]+)"/', $header, $temp); if (!$ret || empty($temp[1])) { return false; } if (!ctype_xdigit($temp[1])) { return false; } else { $data['nonce'] = $temp[1]; } $temp = null; $ret = preg_match('/uri="([^"]+)"/', $header, $temp); if (!$ret || empty($temp[1])) { return false; } // Section 3.2.2.5 in RFC 2617 says the authenticating server must // verify that the URI field in the Authorization header is for the // same resource requested in the Request Line. $rUri = $this->_request->uri(); $cUri = UriFactory::factory($temp[1]); // Make sure the path portion of both URIs is the same if ($rUri->getPath() != $cUri->getPath()) { return false; } // Section 3.2.2.5 seems to suggest that the value of the URI // Authorization field should be made into an absolute URI if the // Request URI is absolute, but it's vague, and that's a bunch of // code I don't want to write right now. $data['uri'] = $temp[1]; $temp = null; $ret = preg_match('/response="([^"]+)"/', $header, $temp); if (!$ret || empty($temp[1])) { return false; } if (32 != strlen($temp[1]) || !ctype_xdigit($temp[1])) { return false; } else { $data['response'] = $temp[1]; } $temp = null; // The spec says this should default to MD5 if omitted. OK, so how does // that square with the algo we send out in the WWW-Authenticate header, // if it can easily be overridden by the client? $ret = preg_match('/algorithm="?(' . $this->_algo . ')"?/', $header, $temp); if ($ret && !empty($temp[1]) && in_array($temp[1], $this->_supportedAlgos)) { $data['algorithm'] = $temp[1]; } else { $data['algorithm'] = 'MD5'; // = $this->_algo; ? } $temp = null; // Not optional in this implementation $ret = preg_match('/cnonce="([^"]+)"/', $header, $temp); if (!$ret || empty($temp[1])) { return false; } if (!ctype_print($temp[1])) { return false; } else { $data['cnonce'] = $temp[1]; } $temp = null; // If the server sent an opaque value, the client must send it back if ($this->_useOpaque) { $ret = preg_match('/opaque="([^"]+)"/', $header, $temp); if (!$ret || empty($temp[1])) { // Big surprise: IE isn't RFC 2617-compliant. $headers = $this->_request->headers(); if (!$headers->has('User-Agent')) { return false; } $userAgent = $headers->get('User-Agent')->getFieldValue(); if (false === strpos($userAgent, 'MSIE')) { return false; } $temp[1] = ''; $this->_ieNoOpaque = true; } // This implementation only sends MD5 hex strings in the opaque value if (!$this->_ieNoOpaque && (32 != strlen($temp[1]) || !ctype_xdigit($temp[1]))) { return false; } else { $data['opaque'] = $temp[1]; } $temp = null; } // Not optional in this implementation, but must be one of the supported // qop types $ret = preg_match('/qop="?(' . implode('|', $this->_supportedQops) . ')"?/', $header, $temp); if (!$ret || empty($temp[1])) { return false; } if (!in_array($temp[1], $this->_supportedQops)) { return false; } else { $data['qop'] = $temp[1]; } $temp = null; // Not optional in this implementation. The spec says this value // shouldn't be a quoted string, but apparently some implementations // quote it anyway. See ZF-1544. $ret = preg_match('/nc="?([0-9A-Fa-f]{8})"?/', $header, $temp); if (!$ret || empty($temp[1])) { return false; } if (8 != strlen($temp[1]) || !ctype_xdigit($temp[1])) { return false; } else { $data['nc'] = $temp[1]; } $temp = null; return $data; }
/** * Acts like a client sending the given Authenticate header value. * * @param string $clientHeader Authenticate header value * @param string $scheme Which authentication scheme to use * @return array Containing the result, response headers, and the status */ protected function _doAuth($clientHeader, $scheme) { // Set up stub request and response objects $request = new Request; $response = new Response; $response->setStatusCode(200); // Set stub method return values $request->setUri('http://localhost/'); $request->setMethod('GET'); $request->setServer(new Parameters(array('HTTP_USER_AGENT' => 'PHPUnit'))); $headers = $request->headers(); $headers->addHeaderLine('Authorization', $clientHeader); // Select an Authentication scheme switch ($scheme) { case 'basic': $use = $this->_basicConfig; break; case 'digest': $use = $this->_digestConfig; break; case 'both': default: $use = $this->_bothConfig; } // Create the HTTP Auth adapter $a = new HTTP($use); $a->setBasicResolver($this->_basicResolver); $a->setDigestResolver($this->_digestResolver); // Send the authentication request $a->setRequest($request); $a->setResponse($response); $result = $a->authenticate(); $return = array( 'result' => $result, 'status' => $response->getStatusCode(), 'headers' => $response->headers(), ); return $return; }
/** * HTTP POST METHOD (static) * * @param string $url * @param array $params * @param array $headers * @return Response|boolean */ public static function post($url, $params, $headers = array(), $body = null) { if (empty($url)) { return false; } $request = new Request(); $request->setUri($url); $request->setMethod(Request::METHOD_POST); if (!empty($params) && is_array($params)) { $request->post()->fromArray($params); } else { throw new Exception\InvalidArgumentException('The array of post parameters is empty'); } if (!isset($headers['Content-Type'])) { $headers['Content-Type'] = Client::ENC_URLENCODED; } if (!empty($headers) && is_array($headers)) { $request->headers()->addHeaders($headers); } if (!empty($body)) { $request->setBody($body); } return self::getStaticClient()->send($request); }
public function testRequestIsFlashRequest() { $request = new Request(); $this->assertFalse($request->isFlashRequest()); $request = new Request(); $request->headers()->addHeaderLine('USER_AGENT', 'FooBazBar'); $this->assertFalse($request->isFlashRequest()); $request = new Request(); $request->headers()->addHeaderLine('USER_AGENT', 'Shockwave Flash'); $this->assertTrue($request->isFlashRequest()); }
/** * Get the request object * * @return Request */ public function getRequest() { if (!$this->request instanceof Request) { $request = new HttpRequest(); $request->setQuery(new PhpEnvironment\GetContainer()) ->setPost(new PhpEnvironment\PostContainer()) ->setEnv(new Parameters($_ENV)) ->setServer(new Parameters($_SERVER)); if ($_COOKIE) { $request->headers()->addHeader(new Cookie($_COOKIE)); } if ($_FILES) { $request->setFile(new Parameters($_FILES)); } if (isset($_SERVER['REQUEST_METHOD'])) { $request->setMethod($_SERVER['REQUEST_METHOD']); } if (isset($_SERVER['REQUEST_URI'])) { $request->setUri($_SERVER['REQUEST_URI']); } $this->setRequest($request); } return $this->request; }