Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5935:46394b327d17
mod_http_oauth2: Guard against malformed authorization header
Prevent error on calling :lower() afterwards
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 15 Jul 2024 20:02:25 +0200 |
| parents | ca3479c67e48 |
| children | 97375a78d2b5 |
comparison
equal
deleted
inserted
replaced
| 5934:667ce80937fa | 5935:46394b327d17 |
|---|---|
| 695 | 695 |
| 696 local function get_request_credentials(request) | 696 local function get_request_credentials(request) |
| 697 if not request.headers.authorization then return; end | 697 if not request.headers.authorization then return; end |
| 698 | 698 |
| 699 local auth_type, auth_data = string.match(request.headers.authorization, "^(%S+)%s(.+)$"); | 699 local auth_type, auth_data = string.match(request.headers.authorization, "^(%S+)%s(.+)$"); |
| 700 if not auth_type then return nil; end | |
| 700 | 701 |
| 701 -- As described in Section 2.3 of [RFC5234], the string Bearer is case-insensitive. | 702 -- As described in Section 2.3 of [RFC5234], the string Bearer is case-insensitive. |
| 702 -- https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-5.1.1 | 703 -- https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-5.1.1 |
| 703 auth_type = auth_type:lower(); | 704 auth_type = auth_type:lower(); |
| 704 | 705 |