From 01643fd75e415bc463d63e86bb27afccf5477745 Mon Sep 17 00:00:00 2001
From: Florent Morselli <florent.morselli@spomky-labs.com>
Date: Thu, 18 Apr 2024 19:31:08 +0200
Subject: [PATCH] Add test for AccessTokenHeaderRegex and adjust regex

A new test was added to AccessTokenAuthenticatorTest to ensure that the regular expression in HeaderAccessTokenExtractor works correctly. The regular expression was tweaked to support a wider range of tokens, especially those ending with an equals sign.
---
 AccessToken/HeaderAccessTokenExtractor.php    |  2 +-
 .../AccessTokenAuthenticatorTest.php          | 28 +++++++++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/AccessToken/HeaderAccessTokenExtractor.php b/AccessToken/HeaderAccessTokenExtractor.php
index 487b87c2..0903d178 100644
--- a/AccessToken/HeaderAccessTokenExtractor.php
+++ b/AccessToken/HeaderAccessTokenExtractor.php
@@ -29,7 +29,7 @@ public function __construct(
         private readonly string $tokenType = 'Bearer'
     ) {
         $this->regex = sprintf(
-            '/^%s([a-zA-Z0-9\-_\+~\/\.]+)$/',
+            '/^%s([a-zA-Z0-9\-_\+~\/\.]+=*)$/',
             '' === $this->tokenType ? '' : preg_quote($this->tokenType).'\s+'
         );
     }
diff --git a/Tests/Authenticator/AccessTokenAuthenticatorTest.php b/Tests/Authenticator/AccessTokenAuthenticatorTest.php
index 4f010000..5ee4869b 100644
--- a/Tests/Authenticator/AccessTokenAuthenticatorTest.php
+++ b/Tests/Authenticator/AccessTokenAuthenticatorTest.php
@@ -18,6 +18,7 @@
 use Symfony\Component\Security\Core\User\InMemoryUserProvider;
 use Symfony\Component\Security\Http\AccessToken\AccessTokenExtractorInterface;
 use Symfony\Component\Security\Http\AccessToken\AccessTokenHandlerInterface;
+use Symfony\Component\Security\Http\AccessToken\HeaderAccessTokenExtractor;
 use Symfony\Component\Security\Http\Authenticator\AccessTokenAuthenticator;
 use Symfony\Component\Security\Http\Authenticator\FallbackUserLoader;
 use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
@@ -159,4 +160,31 @@ public function testAuthenticateWithFallbackUserLoader()
 
         $this->assertEquals('test', $passport->getUser()->getUserIdentifier());
     }
+
+    /**
+     * @dataProvider provideAccessTokenHeaderRegex
+     */
+    public function testAccessTokenHeaderRegex(string $input, ?string $expectedToken)
+    {
+        // Given
+        $extractor = new HeaderAccessTokenExtractor();
+        $request = Request::create('/test', 'GET', [], [], [], ['HTTP_AUTHORIZATION' => $input]);
+
+        // When
+        $token = $extractor->extractAccessToken($request);
+
+        // Then
+        $this->assertEquals($expectedToken, $token);
+    }
+
+    public function provideAccessTokenHeaderRegex(): array
+    {
+        return [
+            ['Bearer token', 'token'],
+            ['Bearer mF_9.B5f-4.1JqM', 'mF_9.B5f-4.1JqM'],
+            ['Bearer d3JvbmdfcmVnZXhwX2V4bWFwbGU=', 'd3JvbmdfcmVnZXhwX2V4bWFwbGU='],
+            ['Bearer Not Valid', null],
+            ['Bearer (NotOK123)', null],
+        ];
+    }
 }