Bearer must be in the start of the auth header

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
author: Roeland Jago Douma <roeland@famdouma.nl> 2020-11-06 08:32:50 +0100
committer: Roeland Jago Douma <roeland@famdouma.nl> 2020-11-06 08:32:50 +0100
commit: e93823cba0ca67d3b321db53f51ab8776a224c94 (patch)
tree: 8455ba608c543045dbab62c6a33bd718a597b54b /lib/private/User
parent: 404785dd2bbddc644fd2064f83160904f770fc0d (diff)
download: nextcloud-server-e93823cba0ca67d3b321db53f51ab8776a224c94.tar.gz
nextcloud-server-e93823cba0ca67d3b321db53f51ab8776a224c94.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 1f2eaadc12e..37d518b6123 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -814,15 +814,15 @@ class Session implements IUserSession, Emitter {
 	 */
 	public function tryTokenLogin(IRequest $request) {
 		$authHeader = $request->getHeader('Authorization');
-		if (strpos($authHeader, 'Bearer ') === false) {
+		if (strpos($authHeader, 'Bearer ') === 0) {
+			$token = substr($authHeader, 7);
+		} else {
 			// No auth header, let's try session id
 			try {
 				$token = $this->session->getId();
 			} catch (SessionNotAvailableException $ex) {
 				return false;
 			}
-		} else {
-			$token = substr($authHeader, 7);
 		}
 
 		if (!$this->loginWithToken($token)) {
author	Roeland Jago Douma <roeland@famdouma.nl>	2020-11-06 08:32:50 +0100
committer	Roeland Jago Douma <roeland@famdouma.nl>	2020-11-06 08:32:50 +0100
commit	e93823cba0ca67d3b321db53f51ab8776a224c94 (patch)
tree	8455ba608c543045dbab62c6a33bd718a597b54b /lib/private/User
parent	404785dd2bbddc644fd2064f83160904f770fc0d (diff)
download	nextcloud-server-e93823cba0ca67d3b321db53f51ab8776a224c94.tar.gz nextcloud-server-e93823cba0ca67d3b321db53f51ab8776a224c94.zip