flashii/hanyuu
1
0
Fork 0
Code Pull requests Releases Activity

Made the method part case insensitive.

Browse source
This commit is contained in:
flash 2024-07-21 01:37:32 +00:00
parent 31c54b966a
commit 2eed4d170c
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/OAuth2/OAuth2Routes.php
View file

@ -402,7 +402,7 @@ final class OAuth2Routes extends RouteHandler {
$content = $request->getContent();
$authzHeader = explode(' ', (string)$request->getHeaderLine('Authorization'));
if($authzHeader[0] === 'Basic') {
if(strcasecmp($authzHeader[0], 'Basic') === 0) {
$authzHeader = explode(':', base64_decode($authzHeader[1] ?? ''));
$clientId = $authzHeader[0];
$clientSecret = $authzHeader[1] ?? '';
@ -504,7 +504,7 @@ final class OAuth2Routes extends RouteHandler {
// authz header should be the preferred method
$authzHeader = explode(' ', (string)$request->getHeaderLine('Authorization'));
if($authzHeader[0] === 'Basic') {
if(strcasecmp($authzHeader[0], 'Basic') === 0) {
$authzHeader = explode(':', base64_decode($authzHeader[1] ?? ''));
$clientId = $authzHeader[0];
$clientSecret = $authzHeader[1] ?? '';
@ -758,7 +758,7 @@ final class OAuth2Routes extends RouteHandler {
#[HttpGet('/oauth2/check_token_do_not_rely_on_this_existing_in_a_year')]
public function postIntrospect($response, $request) {
$authzHeader = explode(' ', (string)$request->getHeaderLine('Authorization'));
if($authzHeader[0] !== 'Bearer' || count($authzHeader) < 2) {
if(strcasecmp($authzHeader[0], 'Bearer') !== 0 || count($authzHeader) < 2) {
$response->setStatusCode(401);
$response->setHeader('WWW-Authenticate', 'Bearer');
return ['success' => false];