# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1721066545 -7200
# Node ID 46394b327d171e0aed622e465f72d66a05274076
# Parent  667ce80937fa28f8791d7ba2d0ccba1490d43cf0
mod_http_oauth2: Guard against malformed authorization header

Prevent error on calling :lower() afterwards

diff -r 667ce80937fa -r 46394b327d17 mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Mon Jul 15 16:24:20 2024 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Mon Jul 15 20:02:25 2024 +0200
@@ -697,6 +697,7 @@
 	if not request.headers.authorization then return; end
 
 	local auth_type, auth_data = string.match(request.headers.authorization, "^(%S+)%s(.+)$");
+	if not auth_type then return nil; end
 
 	-- As described in Section 2.3 of [RFC5234], the string Bearer is case-insensitive.
 	-- https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-5.1.1