From c9bf32b454e3f00aec26d39eb3c7dde764711c1f Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Fri, 6 Nov 2020 08:32:50 +0100
Subject: [PATCH] Bearer must be in the start of the auth header

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 lib/private/User/Session.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 1f2eaadc12..37d518b612 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -814,15 +814,15 @@ class Session implements IUserSession, Emitter {
 	 */
 	public function tryTokenLogin(IRequest $request) {
 		$authHeader = $request->getHeader('Authorization');
-		if (strpos($authHeader, 'Bearer ') === false) {
+		if (strpos($authHeader, 'Bearer ') === 0) {
+			$token = substr($authHeader, 7);
+		} else {
 			// No auth header, let's try session id
 			try {
 				$token = $this->session->getId();
 			} catch (SessionNotAvailableException $ex) {
 				return false;
 			}
-		} else {
-			$token = substr($authHeader, 7);
 		}
 
 		if (!$this->loginWithToken($token)) {