public function testAtomAcceptHeaderSelectsFeedStrategy()
{
$request = new HttpRequest();
$request->headers()->addHeaderLine('Accept', 'application/atom+xml');
$this->event->setRequest($request);
$result = $this->strategy->selectRenderer($this->event);
$this->assertSame($this->renderer, $result);
}
public function testRequestCanSetHeaders()
{
$request = new Request();
$headers = new \Zend\Http\Headers();
$ret = $request->setHeaders($headers);
$this->assertInstanceOf('Zend\\Http\\Request', $ret);
$this->assertSame($headers, $request->headers());
}
public function testJavascriptAcceptHeaderSelectsJsonStrategyAndSetsJsonpCallback()
{
$request = new HttpRequest();
$request->headers()->addHeaderLine('Accept', 'application/javascript');
$request->setQuery(new Parameters(array('callback' => 'foo')));
$this->event->setRequest($request);
$result = $this->strategy->selectRenderer($this->event);
$this->assertSame($this->renderer, $result);
$this->assertTrue($result->hasJsonpCallback());
}
/**
* Parse Digest Authorization header
*
* @param string $header Client's Authorization: HTTP header
* @return array|false Data elements from header, or false if any part of
* the header is invalid
*/
protected function _parseDigestAuth($header)
{
$temp = null;
$data = array();
// See ZF-1052. Detect invalid usernames instead of just returning a
// 400 code.
$ret = preg_match('/username="******"]+)"/', $header, $temp);
if (!$ret || empty($temp[1])
|| !ctype_print($temp[1])
|| strpos($temp[1], ':') !== false) {
$data['username'] = '******';
} else {
$data['username'] = $temp[1];
}
$temp = null;
$ret = preg_match('/realm="([^"]+)"/', $header, $temp);
if (!$ret || empty($temp[1])) {
return false;
}
if (!ctype_print($temp[1]) || strpos($temp[1], ':') !== false) {
return false;
} else {
$data['realm'] = $temp[1];
}
$temp = null;
$ret = preg_match('/nonce="([^"]+)"/', $header, $temp);
if (!$ret || empty($temp[1])) {
return false;
}
if (!ctype_xdigit($temp[1])) {
return false;
} else {
$data['nonce'] = $temp[1];
}
$temp = null;
$ret = preg_match('/uri="([^"]+)"/', $header, $temp);
if (!$ret || empty($temp[1])) {
return false;
}
// Section 3.2.2.5 in RFC 2617 says the authenticating server must
// verify that the URI field in the Authorization header is for the
// same resource requested in the Request Line.
$rUri = $this->_request->uri();
$cUri = UriFactory::factory($temp[1]);
// Make sure the path portion of both URIs is the same
if ($rUri->getPath() != $cUri->getPath()) {
return false;
}
// Section 3.2.2.5 seems to suggest that the value of the URI
// Authorization field should be made into an absolute URI if the
// Request URI is absolute, but it's vague, and that's a bunch of
// code I don't want to write right now.
$data['uri'] = $temp[1];
$temp = null;
$ret = preg_match('/response="([^"]+)"/', $header, $temp);
if (!$ret || empty($temp[1])) {
return false;
}
if (32 != strlen($temp[1]) || !ctype_xdigit($temp[1])) {
return false;
} else {
$data['response'] = $temp[1];
}
$temp = null;
// The spec says this should default to MD5 if omitted. OK, so how does
// that square with the algo we send out in the WWW-Authenticate header,
// if it can easily be overridden by the client?
$ret = preg_match('/algorithm="?(' . $this->_algo . ')"?/', $header, $temp);
if ($ret && !empty($temp[1])
&& in_array($temp[1], $this->_supportedAlgos)) {
$data['algorithm'] = $temp[1];
} else {
$data['algorithm'] = 'MD5'; // = $this->_algo; ?
}
$temp = null;
// Not optional in this implementation
$ret = preg_match('/cnonce="([^"]+)"/', $header, $temp);
if (!$ret || empty($temp[1])) {
return false;
}
if (!ctype_print($temp[1])) {
return false;
} else {
$data['cnonce'] = $temp[1];
}
$temp = null;
// If the server sent an opaque value, the client must send it back
if ($this->_useOpaque) {
$ret = preg_match('/opaque="([^"]+)"/', $header, $temp);
if (!$ret || empty($temp[1])) {
// Big surprise: IE isn't RFC 2617-compliant.
$headers = $this->_request->headers();
if (!$headers->has('User-Agent')) {
return false;
}
$userAgent = $headers->get('User-Agent')->getFieldValue();
if (false === strpos($userAgent, 'MSIE')) {
return false;
}
$temp[1] = '';
$this->_ieNoOpaque = true;
}
// This implementation only sends MD5 hex strings in the opaque value
if (!$this->_ieNoOpaque &&
(32 != strlen($temp[1]) || !ctype_xdigit($temp[1]))) {
return false;
} else {
$data['opaque'] = $temp[1];
}
$temp = null;
}
// Not optional in this implementation, but must be one of the supported
// qop types
$ret = preg_match('/qop="?(' . implode('|', $this->_supportedQops) . ')"?/', $header, $temp);
if (!$ret || empty($temp[1])) {
return false;
}
if (!in_array($temp[1], $this->_supportedQops)) {
return false;
} else {
$data['qop'] = $temp[1];
}
$temp = null;
// Not optional in this implementation. The spec says this value
// shouldn't be a quoted string, but apparently some implementations
// quote it anyway. See ZF-1544.
$ret = preg_match('/nc="?([0-9A-Fa-f]{8})"?/', $header, $temp);
if (!$ret || empty($temp[1])) {
return false;
}
if (8 != strlen($temp[1]) || !ctype_xdigit($temp[1])) {
return false;
} else {
$data['nc'] = $temp[1];
}
$temp = null;
return $data;
}
/**
* Acts like a client sending the given Authenticate header value.
*
* @param string $clientHeader Authenticate header value
* @param string $scheme Which authentication scheme to use
* @return array Containing the result, response headers, and the status
*/
protected function _doAuth($clientHeader, $scheme)
{
// Set up stub request and response objects
$request = new Request;
$response = new Response;
$response->setStatusCode(200);
// Set stub method return values
$request->setUri('http://localhost/');
$request->setMethod('GET');
$request->setServer(new Parameters(array('HTTP_USER_AGENT' => 'PHPUnit')));
$headers = $request->headers();
$headers->addHeaderLine('Authorization', $clientHeader);
// Select an Authentication scheme
switch ($scheme) {
case 'basic':
$use = $this->_basicConfig;
break;
case 'digest':
$use = $this->_digestConfig;
break;
case 'both':
default:
$use = $this->_bothConfig;
}
// Create the HTTP Auth adapter
$a = new HTTP($use);
$a->setBasicResolver($this->_basicResolver);
$a->setDigestResolver($this->_digestResolver);
// Send the authentication request
$a->setRequest($request);
$a->setResponse($response);
$result = $a->authenticate();
$return = array(
'result' => $result,
'status' => $response->getStatusCode(),
'headers' => $response->headers(),
);
return $return;
}
/**
* HTTP POST METHOD (static)
*
* @param string $url
* @param array $params
* @param array $headers
* @return Response|boolean
*/
public static function post($url, $params, $headers = array(), $body = null)
{
if (empty($url)) {
return false;
}
$request = new Request();
$request->setUri($url);
$request->setMethod(Request::METHOD_POST);
if (!empty($params) && is_array($params)) {
$request->post()->fromArray($params);
} else {
throw new Exception\InvalidArgumentException('The array of post parameters is empty');
}
if (!isset($headers['Content-Type'])) {
$headers['Content-Type'] = Client::ENC_URLENCODED;
}
if (!empty($headers) && is_array($headers)) {
$request->headers()->addHeaders($headers);
}
if (!empty($body)) {
$request->setBody($body);
}
return self::getStaticClient()->send($request);
}
public function testRequestIsFlashRequest()
{
$request = new Request();
$this->assertFalse($request->isFlashRequest());
$request = new Request();
$request->headers()->addHeaderLine('USER_AGENT', 'FooBazBar');
$this->assertFalse($request->isFlashRequest());
$request = new Request();
$request->headers()->addHeaderLine('USER_AGENT', 'Shockwave Flash');
$this->assertTrue($request->isFlashRequest());
}
/**
* Get the request object
*
* @return Request
*/
public function getRequest()
{
if (!$this->request instanceof Request) {
$request = new HttpRequest();
$request->setQuery(new PhpEnvironment\GetContainer())
->setPost(new PhpEnvironment\PostContainer())
->setEnv(new Parameters($_ENV))
->setServer(new Parameters($_SERVER));
if ($_COOKIE) {
$request->headers()->addHeader(new Cookie($_COOKIE));
}
if ($_FILES) {
$request->setFile(new Parameters($_FILES));
}
if (isset($_SERVER['REQUEST_METHOD'])) {
$request->setMethod($_SERVER['REQUEST_METHOD']);
}
if (isset($_SERVER['REQUEST_URI'])) {
$request->setUri($_SERVER['REQUEST_URI']);
}
$this->setRequest($request);
}
return $this->request;
}
