mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-23 05:29:52 +05:30
Fixed two probems in access token check
1) The method returned the wrong result in case when the access token itself contained the string "Bearer". 2) When using cURL, the request is sometimes send twice (in my case when the first request returned a 404 error), and the Authorization header of the second request is doubled, so that you get a "Authorization: Bearer XXX, Bearer XXX". This case is checked now. (BTW: Tested with the current PHP version 5.4.15 on Windows.)
This commit is contained in:
parent
3e5b4a1735
commit
b88ef82563
@ -243,7 +243,22 @@ class Resource
|
||||
protected function determineAccessToken()
|
||||
{
|
||||
if ($header = $this->getRequest()->header('Authorization')) {
|
||||
$accessToken = trim(str_replace('Bearer', '', $header));
|
||||
// Check for special case, because cURL sometimes does an
|
||||
// internal second request and doubles the authorization header,
|
||||
// which always resulted in an error.
|
||||
//
|
||||
// 1st request: Authorization: Bearer XXX
|
||||
// 2nd request: Authorization: Bearer XXX, Bearer XXX
|
||||
if (strpos($header, ',') !== false) {
|
||||
$accessTokens = array();
|
||||
foreach (explode(',', $header) as $header_part) {
|
||||
$accessTokens[] = trim(preg_replace('/^(?:\s+)?Bearer\s+/', '', $header_part));
|
||||
}
|
||||
// take always the first one
|
||||
$accessToken = $accessTokens[0];
|
||||
} else {
|
||||
$accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s+/', '', $header));
|
||||
}
|
||||
} else {
|
||||
$method = $this->getRequest()->server('REQUEST_METHOD');
|
||||
$accessToken = $this->getRequest()->{$method}($this->tokenKey);
|
||||
|
Loading…
Reference in New Issue
Block a user