From 5ed4a8a2c4b255aa951418d9115a93e7641592c5 Mon Sep 17 00:00:00 2001
From: Alex Bilbie <alex@alexbilbie.com>
Date: Wed, 10 Oct 2012 09:32:50 +0100
Subject: [PATCH] Don't base64 decode the bearer token

Signed-off-by: Alex Bilbie <alex@alexbilbie.com>
---
 src/Oauth2/Resource/Server.php | 40 +++++++++++++++++-----------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/src/Oauth2/Resource/Server.php b/src/Oauth2/Resource/Server.php
index 3d7d7bb4..9aa8781b 100644
--- a/src/Oauth2/Resource/Server.php
+++ b/src/Oauth2/Resource/Server.php
@@ -54,9 +54,9 @@ class Server
 
     /**
      * Error codes.
-     * 
+     *
      * To provide i8ln errors just overwrite the keys
-     * 
+     *
      * @var array
      */
     public $errors = array(
@@ -68,7 +68,7 @@ class Server
 
     /**
      * Constructor
-     * 
+     *
      * @access public
      * @return void
      */
@@ -92,7 +92,7 @@ class Server
             if ($this->_type === strtolower(substr($method, 2))) {
                 return $this->_typeId;
             }
-            
+
             return false;
         }
 
@@ -101,7 +101,7 @@ class Server
 
     /**
      * Register a database abstrator class
-     * 
+     *
      * @access public
      * @param  object $db A class that implements OAuth2ServerDatabase
      * @return void
@@ -110,24 +110,24 @@ class Server
     {
         $this->_db = $db;
     }
-    
+
     /**
      * Init function
-     * 
+     *
      * @access public
      * @return void
      */
     public function init()
     {
         $accessToken = null;
-        
+
         $_SERVER['REQUEST_METHOD'] = isset($_SERVER['REQUEST_METHOD']) ?
                                                 $_SERVER['REQUEST_METHOD'] :
                                                 null;
 
         // Try and get the access token via an access_token or oauth_token parameter
         switch ($_SERVER['REQUEST_METHOD'])
-        {           
+        {
             case 'POST':
                 $accessToken = isset($_POST[$this->_config['token_key']]) ?
                                         $_POST[$this->_config['token_key']] :
@@ -145,17 +145,17 @@ class Server
         if (function_exists('getallheaders')) {
 
             $headers = getallheaders();
-            
+
             if (isset($headers['Authorization'])) {
 
                 $rawToken = trim(str_replace('Bearer', '', $headers['Authorization']));
 
                 if ( ! empty($rawToken)) {
-                    $accessToken = base64_decode($rawToken);
+                    $accessToken = $rawToken;
                 }
             }
         }
-        
+
         if ($accessToken) {
 
             $result = $this->_dbCall('validateAccessToken', $accessToken);
@@ -167,7 +167,7 @@ class Server
             } else {
 
                 if ( ! array_key_exists('id', $result) ||
-                     ! array_key_exists('owner_id', $result) || 
+                     ! array_key_exists('owner_id', $result) ||
                      ! array_key_exists('owner_type', $result)) {
                     throw new ServerException($this->errors['missing_access_token_details']);
                 }
@@ -193,12 +193,12 @@ class Server
 
         }
     }
-    
+
     /**
      * Test if the access token has a specific scope
-     * 
+     *
      * @param mixed $scopes Scope(s) to check
-     * 
+     *
      * @access public
      * @return string|bool
      */
@@ -209,7 +209,7 @@ class Server
             if (in_array($scopes, $this->_scopes)) {
                 return true;
             }
-            
+
             return false;
 
         } elseif (is_array($scopes)) {
@@ -221,16 +221,16 @@ class Server
                 }
 
             }
-            
+
             return true;
         }
-        
+
         return false;
     }
 
     /**
      * Call database methods from the abstractor
-     * 
+     *
      * @return mixed The query result
      */
     private function _dbCall()