Skip to content

Commit 2aa104a

Browse files
julien-ncjulien-nc
committed
in the user backend: only try to validate the auth if the Authorization header's value starts with 'Bearer'
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
1 parent ab67334 commit 2aa104a

1 file changed

Lines changed: 4 additions & 0 deletions

File tree

lib/User/Backend.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -235,6 +235,10 @@ public function getCurrentUserId(): string {
235235

236236
// get the bearer token from headers
237237
$headerToken = $this->request->getHeader(Application::OIDC_API_REQ_HEADER);
238+
if (!str_starts_with($headerToken, 'bearer ') && !str_starts_with($headerToken, 'Bearer ')) {
239+
$this->logger->debug('No Bearer token');
240+
return '';
241+
}
238242
$headerToken = preg_replace('/^bearer\s+/i', '', $headerToken);
239243
if ($headerToken === '') {
240244
$this->logger->debug('No Bearer token');

0 commit comments

Comments
 (0)