Closed jfreak53 closed 5 years ago
tuupola
commented
5 years ago Look for differences in production server. First thing I would look is that does PHP see the Authentication header. You can do this by print_r($request) somewhere in the code. Another thing probably not related but path parameter does not need the *. You could use just 'path' => '/'.
jfreak53
commented
5 years ago Yeah, it's not seeing that header. I've already got those commands that work for others in my htaccess file though. What else can I try to make sure it is passing the auth headers? If I remove authentication it works.
tuupola
commented
5 years ago There is some info in the PHP bug 35752. You can also try tweaking the mod_fcgi configuration.
jfreak53
commented
5 years ago The PHP bug fix is what I've got in htaccess now but doesn't work. The fcgi fix I have in htaccess but haven't tried in apache directly. Will this make a difference?
tuupola
commented
5 years ago Depending on Apache settings some configuration options cannot be changed in .htaccess so that is worth the try. There also seems to be several different ways to do the mod_rewrite rule too. First one claims to work with fcgi.
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]You could also check if $_SERVER["REDIRECT_HTTP_AUTHORIZATION"] exists. If that is the case you can create an adhoc middleware before the Basic Auth middleware which takes the value of $_SERVER["REDIRECT_HTTP_AUTHORIZATION"] environment and injects it into the $request object as an Authorization header.
I've moved my working API code to a PHP 7.2 server and now it won't authenticate. The prod server is using FCGI, but I've tried the fixes and still, it is not working.
My Code
`$app = new Slim\App();
$app->add(new Slim\Middleware\HttpBasicAuthentication([ 'path' => '/*', 'realm' => 'Protected', 'users' => $systemUsers, 'secure' => false, 'error' => function ( $request, $response, $arguments ) { $data = []; $data['status'] = 'error'; $data['message'] = $arguments['message']; return $response->withJson($data); } ]));`
HTAccess File:
RewriteEngine on RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]Curl:
`HTTP/1.1 401 Unauthorized Date: Fri, 19 Apr 2019 12:40:14 GMT Server: Apache X-Powered-By: PHP/7.2.17 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Credentials: true Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache WWW-Authenticate: Basic realm="Protected" Set-Cookie: PHPSESSID=34c28a724ca00e69a03e8c75c70841f3; path=/ Content-Length: 52 Content-Type: application/json;charset=utf-8
{"status":"error","message":"Authentication failed"}`
I know the code works because it works on the local dev environment just fine.