Issues

ZF-9985: Zend_Amf authentication does not handle Zend_Amf_MessageHeaders as it should

Issue Type: Bug Created: 2010-06-14T07:33:19.000+0000 Last Updated: 2011-07-14T12:30:54.000+0000 Status: Open Fix version(s): Reporter: Jelle-Jan van Veelen (pelle) Assignee: Wade Arnold (wadearnold) Tags: - Zend_Amf

Related issues: Attachments:

Description

When using authentication in an AMF request, Zend_Amf_Server fails to recognise the appropriate headers.

In Zend_Amf_Server on line 496 it starts to handle the Authentication. First, it gets the AMF headers, and then checks if there is a array key called 'Credentials' (Zend_Amf_Constants::CREDENTIALS_HEADER). If there is, then it checks if there is a userid property:

<pre class="highlight">
$handleAuth = false;
if ($this->_auth) {
    $headers = $request->getAmfHeaders();
    if (isset($headers[Zend_Amf_Constants::CREDENTIALS_HEADER]) &&
        isset($headers[Zend_Amf_Constants::CREDENTIALS_HEADER]->userid)) {
        $handleAuth = true;
    }
}

But, there is no array key called Credentials, because all headers are simply pushed in the headers array (see Zend_Amf_Request line 121:

<pre class="highlight">
// Iterate through the AMF envelope header
while ($headerCount--) {
    $this->_headers[] = $this->readHeader();
}

When outputting the headers ($request->getAmfHeaders(), line 498, Zend_Amf_Server) this is what you get:

<pre class="highlight">
Array
(
    [0] => Zend_Amf_Value_MessageHeader Object
        (
            [name] => Credentials
            [mustRead] => 1
            [length] => 43
            [data] => stdClass Object
                (
                    [userid] => *snip*
                    [password] => *snip*
                )

        )
)

But according to the code, it looks like it expects something like this:

<pre class="highlight">
Array (
    [Credentials] => Object
        (
           [userid] => *snip*
           [password] => *snip*
        )
)

Proposed solution: Loop through the headers, and check if there is a Zend_Amf_Value_MessageHeader which has a $name property that is called 'Credentials', and then check if the Zend_Amf_Value_MessageHeader $data property has as $userid property.

The problem is in version 1.10.0 but I also checked the latest version (1.10.5), but it does not seem changed since 1.10.0.

Comments

Posted by Alireza Eliaderani (cubny) on 2011-07-09T12:34:57.000+0000

using 1.11.8 and still have this problem, any solution?

Posted by Kevin Schroeder (kschroeder) on 2011-07-14T12:30:54.000+0000

I believe you can find a solution at http://eschrade.com/page/…

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts