Merge pull request #4 from packagist/t/auth-header

naderman · web-flow · commit d868141a2ea0 · 2018-04-30T12:17:06.000+02:00
Auth: switch to authorization header
diff --git a/src/Api/AbstractApi.php b/src/Api/AbstractApi.php
@@ -31,7 +31,10 @@ protected function get($path, array $parameters = [], array $headers = [])
         }
         $response = $this->client->getHttpClient()->get(
             $path,
-            array_merge($headers, ['Accept' => 'application/json'])
+            array_merge($headers, [
+                'Accept' => 'application/json',
+                'Content-Type' => 'application/json',
+            ])
         );
 
         return $this->responseMediator->getContent($response);
@@ -47,7 +50,10 @@ protected function post($path, array $parameters = [], array $headers = [])
     {
         $response = $this->client->getHttpClient()->post(
             $path,
-            array_merge($headers, ['Accept' => 'application/json']),
+            array_merge($headers, [
+                'Accept' => 'application/json',
+                'Content-Type' => 'application/json',
+            ]),
             $this->createJsonBody($parameters)
         );
 
@@ -64,7 +70,10 @@ protected function delete($path, array $parameters = [], array $headers = [])
     {
         $response = $this->client->getHttpClient()->delete(
             $path,
-            array_merge($headers, ['Accept' => 'application/json']),
+            array_merge($headers, [
+                'Accept' => 'application/json',
+                'Content-Type' => 'application/json',
+            ]),
             $this->createJsonBody($parameters)
         );
 
diff --git a/src/HttpClient/Plugin/RequestSignature.php b/src/HttpClient/Plugin/RequestSignature.php
@@ -27,23 +27,24 @@ public function __construct($token, $secret)
      */
     public function handleRequest(RequestInterface $request, callable $next, callable $first)
     {
-        $params = [];
-        $headers = [
-            'PRIVATE-PACKAGIST-API-TOKEN' => $params['key'] = $this->token,
-            'PRIVATE-PACKAGIST-API-TIMESTAMP' => $params['timestamp'] = $this->getTimestamp(),
-            'PRIVATE-PACKAGIST-API-NONCE' => $params['cnonce'] = $this->getNonce(),
+        $params = [
+            'key' => $this->token,
+            'timestamp' => $this->getTimestamp(),
+            'cnonce' => $this->getNonce(),
         ];
 
-        foreach ($headers as $header => $value) {
-            $request = $request->withHeader($header, $value);
-        }
-
         $content = $request->getBody()->getContents();
         if ($content) {
             $params['body'] = $content;
         }
 
-        $request = $request->withHeader('PRIVATE-PACKAGIST-API-SIGNATURE', $this->generateSignature($request, $params));
+        $request = $request->withHeader('Authorization', sprintf(
+            'PACKAGIST-HMAC-SHA256 Key=%s, Timestamp=%s, Cnonce=%s, Signature=%s',
+            $params['key'],
+            $params['timestamp'],
+            $params['cnonce'],
+            $this->generateSignature($request, $params)
+        ));
 
         return $next($request);
     }
diff --git a/tests/HttpClient/Plugin/RequestSignatureTest.php b/tests/HttpClient/Plugin/RequestSignatureTest.php
@@ -31,10 +31,7 @@ public function testPrefixRequestPath()
             'POST',
             '/packages/?foo=bar',
             [
-                'PRIVATE-PACKAGIST-API-TOKEN' => $this->token,
-                'PRIVATE-PACKAGIST-API-TIMESTAMP' => $this->timestamp,
-                'PRIVATE-PACKAGIST-API-NONCE' => $this->nonce,
-                'PRIVATE-PACKAGIST-API-SIGNATURE' => 'a6wxBLYrmz4Mwmv/TKBZR5WHFcSCRbsny2frobJMt24=',
+                'Authorization' => ["PACKAGIST-HMAC-SHA256 Key={$this->token}, Timestamp={$this->timestamp}, Cnonce={$this->nonce}, Signature=a6wxBLYrmz4Mwmv/TKBZR5WHFcSCRbsny2frobJMt24="],
             ],
             json_encode(['foo' => 'bar'])
         );
@@ -48,19 +45,10 @@ public function testPrefixRequestPath()
     public function testPrefixRequestPathSmoke()
     {
         $request = new Request('POST', '/packages/?foo=bar', [], json_encode(['foo' => 'bar']));
-        $expected = [
-            'PRIVATE-PACKAGIST-API-TOKEN',
-            'PRIVATE-PACKAGIST-API-TIMESTAMP',
-            'PRIVATE-PACKAGIST-API-NONCE',
-            'PRIVATE-PACKAGIST-API-SIGNATURE',
-        ];
 
         $plugin = new RequestSignature($this->token, $this->secret);
-        $plugin->handleRequest($request, function (Request $actual) use ($expected) {
-            $headers = $actual->getHeaders();
-            foreach ($expected as $header) {
-                $this->assertNotNull($headers[$header][0]);
-            }
+        $plugin->handleRequest($request, function (Request $actual) {
+            $this->assertNotNull($actual->getHeader('Authorization')[0]);
         }, function () {
         });
     }
