mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-11-15 17:56:14 +05:30
Fix #328, strict check Bearer token
This commit is contained in:
parent
c174b6fc65
commit
7934c7bb53
@ -38,9 +38,16 @@ class Bearer extends AbstractTokenType implements TokenTypeInterface
|
|||||||
*/
|
*/
|
||||||
public function determineAccessTokenInHeader(Request $request)
|
public function determineAccessTokenInHeader(Request $request)
|
||||||
{
|
{
|
||||||
$header = $request->headers->get('Authorization');
|
if ($request->headers->has('Authorization') === false) {
|
||||||
$accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header));
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
return ($accessToken === 'Bearer') ? '' : $accessToken;
|
$header = $request->headers->get('Authorization');
|
||||||
|
|
||||||
|
if (substr($header, 0, 7) !== 'Bearer ') {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
return trim(substr($header, 7));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user