Bearer must be in the start of the auth header

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 1f2eaadc12e69c317aad63855a7125cdebb7d612..37d518b61231d0e14e50956606d65d86864a2079 100644 (file)
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -814,15 +814,15 @@ class Session implements IUserSession, Emitter {
         */
        public function tryTokenLogin(IRequest $request) {
                $authHeader = $request->getHeader('Authorization');
-               if (strpos($authHeader, 'Bearer ') === false) {
+               if (strpos($authHeader, 'Bearer ') === 0) {
+                       $token = substr($authHeader, 7);
+               } else {
                        // No auth header, let's try session id
                        try {
                                $token = $this->session->getId();
                        } catch (SessionNotAvailableException $ex) {
                                return false;
                        }
-               } else {
-                       $token = substr($authHeader, 7);
                }
 
                if (!$this->loginWithToken($token)) {