Bearer must be in the start of the auth header

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2020-11-06 08:32:50 +01:00 committed by backportbot[bot]
parent 43a80714a7
commit c9bf32b454
1 changed files with 3 additions and 3 deletions

View File

@ -814,15 +814,15 @@ class Session implements IUserSession, Emitter {
*/ */
public function tryTokenLogin(IRequest $request) { public function tryTokenLogin(IRequest $request) {
$authHeader = $request->getHeader('Authorization'); $authHeader = $request->getHeader('Authorization');
if (strpos($authHeader, 'Bearer ') === false) { if (strpos($authHeader, 'Bearer ') === 0) {
$token = substr($authHeader, 7);
} else {
// No auth header, let's try session id // No auth header, let's try session id
try { try {
$token = $this->session->getId(); $token = $this->session->getId();
} catch (SessionNotAvailableException $ex) { } catch (SessionNotAvailableException $ex) {
return false; return false;
} }
} else {
$token = substr($authHeader, 7);
} }
if (!$this->loginWithToken($token)) { if (!$this->loginWithToken($token)) {