Bearer must be in the start of the auth header

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
author: Roeland Jago Douma <roeland@famdouma.nl> 2020-11-06 08:32:50 +0100
committer: backportbot[bot] <backportbot[bot]@users.noreply.github.com> 2020-11-06 08:23:52 +0000
commit: d24ca1716853e2c626268664e83e1668a088bbeb (patch)
tree: 049d63f2c4cdb14380e39f4d98c1871d000a8494 /lib
parent: ae99412cbaa3e151dad3129322a744c9ad3fa651 (diff)
download: nextcloud-server-d24ca1716853e2c626268664e83e1668a088bbeb.tar.gz
nextcloud-server-d24ca1716853e2c626268664e83e1668a088bbeb.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 817dcbf4c33..a107f5ce004 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -807,15 +807,15 @@ class Session implements IUserSession, Emitter {
 	 */
 	public function tryTokenLogin(IRequest $request) {
 		$authHeader = $request->getHeader('Authorization');
-		if (strpos($authHeader, 'Bearer ') === false) {
+		if (strpos($authHeader, 'Bearer ') === 0) {
+			$token = substr($authHeader, 7);
+		} else {
 			// No auth header, let's try session id
 			try {
 				$token = $this->session->getId();
 			} catch (SessionNotAvailableException $ex) {
 				return false;
 			}
-		} else {
-			$token = substr($authHeader, 7);
 		}
 
 		if (!$this->loginWithToken($token)) {
author	Roeland Jago Douma <roeland@famdouma.nl>	2020-11-06 08:32:50 +0100
committer	backportbot[bot] <backportbot[bot]@users.noreply.github.com>	2020-11-06 08:23:52 +0000
commit	d24ca1716853e2c626268664e83e1668a088bbeb (patch)
tree	049d63f2c4cdb14380e39f4d98c1871d000a8494 /lib
parent	ae99412cbaa3e151dad3129322a744c9ad3fa651 (diff)
download	nextcloud-server-d24ca1716853e2c626268664e83e1668a088bbeb.tar.gz nextcloud-server-d24ca1716853e2c626268664e83e1668a088bbeb.zip