Closed ddinchev closed 2 years ago
I've changed my authenticator
to use composite auth (header and GET param):
public function behaviors()
{
return ArrayHelper::merge(parent::behaviors(), [
'authenticator' => [
'class' => CompositeAuth::class,
'authMethods' => [
['class' => HttpBearerAuth::class],
['class' => QueryParamAuth::class, 'tokenParam' => 'accessToken'],
]
],
'corsFilter' => [
'class' => Cors::class,
]
]);
}
Passing the accessToken
as GET
param works fine for both functional and acceptance tests. Passing the accessToken
as Bearer header works for acceptance tests and in production scenario. It only fails with the functional
tests.
I've hit this issue as well.
I'm closing this due to its age. If it is still relevant in current versions feel free to create a new issue.
What are you trying to achieve?
I want to write RESTful integration tests using Yii2 module (internal browser). I'm authorizing with
$I->amBearerAuthenticated('token')
but the header is not passed in Yii2's Connector module. The very same test passes when I use PHPBrowser. Examples below.The test successfully hits the yii\filters\auth\HttpHeaderAuth. But here the
$request->headers
collection is empty, so the auth fails with 401.I tried to debug the issue - the internal browser creates a
$_SERVER['HTTP_AUTHORIZATION']
key with valueBearer: sync-fixture-access-token
over here. However, I can not find how the$_SERVER
vars are decoded toyii\web\Request
headers ever after?I've provided output and config below.
Details
composer show
)