testDrupalHTTPRequestBasicAuth() fails using php-fpm (or fastcgi, or nginx) because it makes the assumption that $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] will be there.
This test could be improved to require the workaround with htaccess (which is done *for* us with Symfony in D8).
But in this patch I just request removing the test.
Solving this fail is essential to getting the testbots to work on php-fpm, a stepping stone to allowing the testbots to run more than one version of php, #2135199: Provide php 5.4 testing on testbots for D8 code without breaking everything else
Comment | File | Size | Author |
---|---|---|---|
#12 | drupal.php54-php-fpm.12.patch | 2.27 KB | sun |
#5 | drupal.php54-php-fpm.patch | 1.67 KB | sun |
drupal.d7_remove_use_of_PHP_AUTH.patch | 1.09 KB | rfay | |
Comments
Comment #1
Dave ReidRather than removing, could we make the test a no-op if Apache PHP module isn't being used? That way non-testbot sites can still run this test?
Comment #2
webchickDid some digging. The origin of this test was in #296310: TestingParty08: drupal_http_request redirects need a test. The title implies that it was something we came up with for the Awesome Testing Party With Hungarian Pancakes in Szeged, and the participants seem to imply this was later re-purposed as a GHOP task. In other words, to some extent this was introduced as a way to create "valuable busy work," rather than because we were trying to solve some sort of problem.
drupal_http_request() is removed in D8 in favour of Guzzle, so I'm not completely opposed to blitzing the test. OTOH, the test itself does add value and is one of a suite of tests for this function making sure it works properly. Since Alex Pott cited drupal_http_request() in his "Core Complexity" talk in Prague as being the most complex function in all of Drupal, I do lean more towards keeping it around and simply fixing it for non-Apache environments. But rather than a crazy detailed workaround as in the OP (I don't feel this test is of that much value given D8's direction, personally), something more along the lines of #1.
Comment #3
rfayIt would also be possible to actually fix this in D7. It's not hard. But not sure it's worth it. @Dave Reid's approach is also fine.
Comment #4
sun#670454: Support HTTP Authorization in CGI environment made it into D8 and D7 already, and my backport for D6 is still ready.
By the looks of it, we just need to change the code to access the
$_SERVER['HTTP_AUTHORIZATION']
variable now.Comment #5
sunAttached patch changes the system_test.module page callback to extract and rebuild the HTTP Basic Authentication parameters by leveraging the
$_SERVER['HTTP_AUTHORIZATION']
variable that is guaranteed to exist in all environments now.Comment #6
sun@rfay: Alrighty, this patch passed against HEAD, so now it's time to check whether it also works on a php-fpm SAPI. :)
Comment #7
sunBumping this to critical, since Drupal 8 cannot bump its PHP version requirement before testbots are able to run on php-fpm.
Comment #8
rfayI won't be back to this until late February, but I updated #2135199: Provide php 5.4 testing on testbots for D8 code without breaking everything else with the status if anybody wants to pick it up from the testbot side.
Comment #9
dawehnerMaybe a reference to our .htaccess file would be great, as the .htacess file ensures that this variable is available.
Comment #10
twistor CreditAttribution: twistor commentedWell, that seemed simple enough. Sigh. Testing this locally with fpm, the HTTP_AUTHORIZATION variable isn't available. It's hiding as REDIRECT_HTTP_AUTHORIZATION. This seems to be undocumented behavior in Apache.
There's also REDIRECT_protossl
See http://stackoverflow.com/questions/2267976/apache-setenv-prepends-redire...
http://stackoverflow.com/questions/3050444/when-setting-environment-vari...
Comment #11
twistor CreditAttribution: twistor commentedSymfony does it like so:
https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Htt...
Comment #12
sunThanks for digging that out. Attached patch should work correctly. Also addressed @dawehner's concern.
Comment #13
twistor CreditAttribution: twistor commented#12 solves dawehner's problems, and fixes the problems I've addressed.
This is RTBC.
I have to note, though, that I'm seeing notices from DrupalHTTPRequestTestCase::testDrupalHTTPRequestRedirect(). Specifically, the 307 testing.
I've tested 5.3.28 and 5.4.24 mod_php/fpm and both are showing the same issue. When trying to perform a 307 redirect from fpm, the reason phrase isn't showing up which triggers #205969: drupal_http_request() assumes presence of Reason-Phrase in response Status-Line.
Comment #14
David_Rothstein CreditAttribution: David_Rothstein commentedCommitted to 7.x - thanks!
I fixed a couple small code comment issues on commit (replaced inline @see with "See", and got rid of the "/en/" in the php.net URL, due to #692366: Stop forcing language/mirror for PHP manual links).
I also wonder what would happen if neither $_SERVER['HTTP_AUTHORIZATION'] nor $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] is set (the Symfony code seems to handle this possibility) but I guess if it's a legit issue in practice we'll eventually hear about it.