From f83a9a7fa43dd2f81ddf5b86020523ff970a2034 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Wed, 26 Feb 2014 17:27:56 -0500 Subject: [PATCH] Support Authorization header passed as ENV var Some hosts (at this point I only know of Fortrabbit) require Authorization headers to be passed as an environment variable, which PHP will then shove into . See more: http://fortrabbit.com/docs/essentials/quirks-and-constraints\#authorization-header --- src/League/OAuth2/Server/Resource.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/League/OAuth2/Server/Resource.php b/src/League/OAuth2/Server/Resource.php index 55339567..3485315a 100644 --- a/src/League/OAuth2/Server/Resource.php +++ b/src/League/OAuth2/Server/Resource.php @@ -185,7 +185,7 @@ class Resource $result = $this->storages['session']->validateAccessToken($accessToken); - if ( ! $result) { + if (! $result) { throw new Exception\InvalidAccessTokenException('Access token is not valid'); } @@ -227,7 +227,7 @@ class Resource return false; } elseif (is_array($scopes)) { foreach ($scopes as $scope) { - if ( ! in_array($scope, $this->sessionScopes)) { + if (! in_array($scope, $this->sessionScopes)) { return false; } } @@ -246,7 +246,15 @@ class Resource */ public function determineAccessToken($headersOnly = false) { - if ($header = $this->getRequest()->header('Authorization')) { + // Try to get it directly from a header + if (! $header = $this->getRequest()->header('Authorization')) { + + // Failing that try getting it from a server variable + $header = $this->getRequest()->server('HTTP_AUTHORIZATION'); + } + + // One of them worked + if ($header) { // Check for special case, because cURL sometimes does an // internal second request and doubles the authorization header, // which always resulted in an error. @@ -271,5 +279,4 @@ class Resource return $accessToken; } - }