Merge pull request #23920 from nextcloud/fix/match_bearer_front

Bearer must be in the start of the auth header
author: Morris Jobke <hey@morrisjobke.de> 2020-11-06 09:19:05 +0100
committer: GitHub <noreply@github.com> 2020-11-06 09:19:05 +0100
commit: 2c6bbe783a6ab0f75f9ad85d66d9b4511a7543be (patch)
tree: 862c3c00cb85b54179e057fe2b34060da295af46
parent: 9feaceebcfd6ac4dcc26b18024da46ea4bbedc8f (diff)
parent: e93823cba0ca67d3b321db53f51ab8776a224c94 (diff)
download: nextcloud-server-2c6bbe783a6ab0f75f9ad85d66d9b4511a7543be.tar.gz
nextcloud-server-2c6bbe783a6ab0f75f9ad85d66d9b4511a7543be.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 1f2eaadc12e..37d518b6123 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -814,15 +814,15 @@ class Session implements IUserSession, Emitter {
 	 */
 	public function tryTokenLogin(IRequest $request) {
 		$authHeader = $request->getHeader('Authorization');
-		if (strpos($authHeader, 'Bearer ') === false) {
+		if (strpos($authHeader, 'Bearer ') === 0) {
+			$token = substr($authHeader, 7);
+		} else {
 			// No auth header, let's try session id
 			try {
 				$token = $this->session->getId();
 			} catch (SessionNotAvailableException $ex) {
 				return false;
 			}
-		} else {
-			$token = substr($authHeader, 7);
 		}
 
 		if (!$this->loginWithToken($token)) {
author	Morris Jobke <hey@morrisjobke.de>	2020-11-06 09:19:05 +0100
committer	GitHub <noreply@github.com>	2020-11-06 09:19:05 +0100
commit	2c6bbe783a6ab0f75f9ad85d66d9b4511a7543be (patch)
tree	862c3c00cb85b54179e057fe2b34060da295af46
parent	9feaceebcfd6ac4dcc26b18024da46ea4bbedc8f (diff)
parent	e93823cba0ca67d3b321db53f51ab8776a224c94 (diff)
download	nextcloud-server-2c6bbe783a6ab0f75f9ad85d66d9b4511a7543be.tar.gz nextcloud-server-2c6bbe783a6ab0f75f9ad85d66d9b4511a7543be.zip