From 7934c7bb53da7d88c41b4283a6be68f6e1f03dbf Mon Sep 17 00:00:00 2001
From: Mengdi Gao <gaomdev@gmail.com>
Date: Mon, 1 Jun 2015 21:36:44 +0800
Subject: [PATCH] Fix #328, strict check Bearer token

---
 src/TokenType/Bearer.php | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/TokenType/Bearer.php b/src/TokenType/Bearer.php
index 797de3ac..950fce1a 100644
--- a/src/TokenType/Bearer.php
+++ b/src/TokenType/Bearer.php
@@ -38,9 +38,16 @@ class Bearer extends AbstractTokenType implements TokenTypeInterface
      */
     public function determineAccessTokenInHeader(Request $request)
     {
-        $header = $request->headers->get('Authorization');
-        $accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header));
+        if ($request->headers->has('Authorization') === false) {
+            return;
+        }
 
-        return ($accessToken === 'Bearer') ? '' : $accessToken;
+        $header = $request->headers->get('Authorization');
+
+        if (substr($header, 0, 7) !== 'Bearer ') {
+            return;
+        }
+
+        return trim(substr($header, 7));
     }
 }