Fix basic and bearer authentication (Closes #1341)

(cherry picked from commit 5f53c12)
directus · May 13, 2017 · 4213818 · 4213818
1 parent fcfc3e8
commit 4213818
Showing 1 changed file with 25 additions and 1 deletion.
diff --git a/api/core/Directus/Application/Environment.php b/api/core/Directus/Application/Environment.php
@@ -74,7 +74,31 @@ public static function getInstance($refresh = false)
             $instance['PATH_INFO'] = $requestUri;
         }
 
+        // ----------------------------------------------------------------------------
+        // Fix missing PHP_USER_AUTH
+        // ----------------------------------------------------------------------------
+        // Apache does not pass HTTP Basic authorization when running php in CGI Mode
+        // on .htaccess (api/.htaccess) we add a line where we can pass the authorization
+        // into HTTP_AUTHORIZATION if a redirect has been made the values will be stored
+        // in REDIRECT_HTTP_AUTHORIZATION instead
+        // ----------------------------------------------------------------------------
+        $httpAuth = null;
+        if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
+            $httpAuth = $_SERVER['HTTP_AUTHORIZATION'];
+        } else if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
+            $httpAuth = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
+            $instance['HTTP_AUTHORIZATION'] = $httpAuth;
+        }
+
+        if ($httpAuth && !isset($_SERVER['PHP_AUTH_USER']) && substr(strtolower($httpAuth), 0, 5) === 'basic') {
+            $parts = explode(':', base64_decode(substr($httpAuth, 6)));
+
+            if (count($parts) === 2) {
+                $instance['PHP_AUTH_USER'] = $parts[0];
+                $instance['PHP_AUTH_PW'] = $parts[1];
+            }
+        }
+
         return $instance;
     }
-
 }