Fixed two probems in access token check

1) The method returned the wrong result in case when the access token itself contained the string "Bearer".

2) When using cURL, the request is sometimes send twice (in my case when the first request returned a 404 error), and the Authorization header of the second request is doubled, so that you get a "Authorization: Bearer XXX, Bearer XXX". This case is checked now. (BTW: Tested with the current PHP version 5.4.15 on Windows.)
This commit is contained in:
ziege 2013-05-10 20:00:01 +02:00
parent 3e5b4a1735
commit b88ef82563

View File

@ -243,7 +243,22 @@ class Resource
protected function determineAccessToken() protected function determineAccessToken()
{ {
if ($header = $this->getRequest()->header('Authorization')) { if ($header = $this->getRequest()->header('Authorization')) {
$accessToken = trim(str_replace('Bearer', '', $header)); // Check for special case, because cURL sometimes does an
// internal second request and doubles the authorization header,
// which always resulted in an error.
//
// 1st request: Authorization: Bearer XXX
// 2nd request: Authorization: Bearer XXX, Bearer XXX
if (strpos($header, ',') !== false) {
$accessTokens = array();
foreach (explode(',', $header) as $header_part) {
$accessTokens[] = trim(preg_replace('/^(?:\s+)?Bearer\s+/', '', $header_part));
}
// take always the first one
$accessToken = $accessTokens[0];
} else {
$accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s+/', '', $header));
}
} else { } else {
$method = $this->getRequest()->server('REQUEST_METHOD'); $method = $this->getRequest()->server('REQUEST_METHOD');
$accessToken = $this->getRequest()->{$method}($this->tokenKey); $accessToken = $this->getRequest()->{$method}($this->tokenKey);