Commit babaab6a authored by Laurent's avatar Laurent
Browse files

dev #72610 OAuth: add variable OAUTH_ACCEPT_HTTP to disable HTTPS check

parent c6493b77
Pipeline #3637 failed with stage
in 16 minutes and 52 seconds
- ticket #72610 : OAuth: ajouter la variable pour autoriser HTTP (OAUTH_ACCEPT_HTTP)
\ No newline at end of file
......@@ -22,7 +22,7 @@
class Api_UserController extends ZendAfi_Controller_Action {
public function loansAction() {
if (!$this->_request->isSecure())
if (!($this->_request->isSecure() || Class_AdminVar_OAuthAcceptHTTP::isEnabled()))
return $this->_error($this->_('Protocole HTTP obligatoire'));
if (!$authorization = $this->_request->getHeader('authorization'))
......
......@@ -286,6 +286,7 @@ class Class_AdminVarLoader extends Storm_Model_Loader {
protected function _getGlobalVars() {
return [
'FORCE_HTTPS' => Class_AdminVar_Meta::newOnOff($this->_('Forcer l\'accès au site par le protocole HTTPS. Nécessite l\'installation et la configuration appropriée du serveur Web')),
'OAUTH_ACCEPT_HTTP' => Class_AdminVar_Meta::newOnOff($this->_('Autoriser l\'accès aux API OAUTH via HTTP (non sécurisé - déconseillé)')),
'NB_AFFICH_AVIS_PAR_AUTEUR' => Class_AdminVar_Meta::newDefault($this->_('Nombre d\'avis maximum à afficher par utilisateur.')),
'CLEF_GOOGLE_MAP' => Class_AdminVar_Meta::newDefault($this->_('Clef d\'activation pour le plan d\'accès google map. <a target="_blank" href="http://code.google.com/apis/maps/signup.html">Obtenir la clé google map</a>')),
'REGISTER_OK' => Class_AdminVar_Meta::newEncodedData($this->_('Texte visible par l\'internaute après son inscription.')),
......
......@@ -176,7 +176,7 @@ class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_Mo
/** @test */
public function withoutHttpsShouldAnswerInvalidRequest() {
public function withoutHttpsShouldAnswerValidRequest() {
unset($_SERVER['HTTPS']);
$this->dispatch('/api/user/loans',
......@@ -188,6 +188,26 @@ class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_Mo
'message' => 'Protocole HTTP obligatoire'],
json_decode($this->_response->getBody(), true));
}
/** @test */
public function withoutHttpsAndOAUTHAcceptInsecureShouldAnswerLoans() {
unset($_SERVER['HTTPS']);
Class_AdminVar::set('OAUTH_ACCEPT_HTTP', 1);
$this->dispatch('/api/user/loans',
true,
["Authorization" => "Bearer nonos" ,
"Content-Type" => "application/json"]);
$loans = json_decode($this->_response->getBody(), true);
$this->assertEquals(['title' => 'Potter',
'author' => 'J.K.R',
'date_due' => '1974-01-01',
'loaned_by' => 'puppy',
'library' => 'Annecy'
],
$loans['loans'][0]);
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment