Skip to content

Commit 628c35d

Browse files
glaubinixglaubinix
committed
Auth: switch to authorization header
1 parent 04ca283 commit 628c35d

File tree

2 files changed

+14
-25
lines changed

2 files changed

+14
-25
lines changed

src/HttpClient/Plugin/RequestSignature.php

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -27,23 +27,24 @@ public function __construct($token, $secret)
2727
*/
2828
public function handleRequest(RequestInterface $request, callable $next, callable $first)
2929
{
30-
$params = [];
31-
$headers = [
32-
'PRIVATE-PACKAGIST-API-TOKEN' => $params['key'] = $this->token,
33-
'PRIVATE-PACKAGIST-API-TIMESTAMP' => $params['timestamp'] = $this->getTimestamp(),
34-
'PRIVATE-PACKAGIST-API-NONCE' => $params['cnonce'] = $this->getNonce(),
30+
$params = [
31+
'key' => $this->token,
32+
'timestamp' => $this->getTimestamp(),
33+
'cnonce' => $this->getNonce(),
3534
];
3635

37-
foreach ($headers as $header => $value) {
38-
$request = $request->withHeader($header, $value);
39-
}
40-
4136
$content = $request->getBody()->getContents();
4237
if ($content) {
4338
$params['body'] = $content;
4439
}
4540

46-
$request = $request->withHeader('PRIVATE-PACKAGIST-API-SIGNATURE', $this->generateSignature($request, $params));
41+
$request = $request->withHeader('Authorization', sprintf(
42+
'PACKAGIST-HMAC-SHA256 Key=%s, Timestamp=%s, Cnonce=%s, Signature=%s',
43+
$params['key'],
44+
$params['timestamp'],
45+
$params['cnonce'],
46+
$this->generateSignature($request, $params)
47+
));
4748

4849
return $next($request);
4950
}

tests/HttpClient/Plugin/RequestSignatureTest.php

Lines changed: 3 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -31,10 +31,7 @@ public function testPrefixRequestPath()
3131
'POST',
3232
'/packages/?foo=bar',
3333
[
34-
'PRIVATE-PACKAGIST-API-TOKEN' => $this->token,
35-
'PRIVATE-PACKAGIST-API-TIMESTAMP' => $this->timestamp,
36-
'PRIVATE-PACKAGIST-API-NONCE' => $this->nonce,
37-
'PRIVATE-PACKAGIST-API-SIGNATURE' => 'a6wxBLYrmz4Mwmv/TKBZR5WHFcSCRbsny2frobJMt24=',
34+
'Authorization' => ["PACKAGIST-HMAC-SHA256 Key={$this->token}, Timestamp={$this->timestamp}, Cnonce={$this->nonce}, Signature=a6wxBLYrmz4Mwmv/TKBZR5WHFcSCRbsny2frobJMt24="],
3835
],
3936
json_encode(['foo' => 'bar'])
4037
);
@@ -48,19 +45,10 @@ public function testPrefixRequestPath()
4845
public function testPrefixRequestPathSmoke()
4946
{
5047
$request = new Request('POST', '/packages/?foo=bar', [], json_encode(['foo' => 'bar']));
51-
$expected = [
52-
'PRIVATE-PACKAGIST-API-TOKEN',
53-
'PRIVATE-PACKAGIST-API-TIMESTAMP',
54-
'PRIVATE-PACKAGIST-API-NONCE',
55-
'PRIVATE-PACKAGIST-API-SIGNATURE',
56-
];
5748

5849
$plugin = new RequestSignature($this->token, $this->secret);
59-
$plugin->handleRequest($request, function (Request $actual) use ($expected) {
60-
$headers = $actual->getHeaders();
61-
foreach ($expected as $header) {
62-
$this->assertNotNull($headers[$header][0]);
63-
}
50+
$plugin->handleRequest($request, function (Request $actual) {
51+
$this->assertNotNull($actual->getHeader('Authorization')[0]);
6452
}, function () {
6553
});
6654
}

0 commit comments

Comments
 (0)