# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1721053460 -7200
# Node ID 667ce80937fa28f8791d7ba2d0ccba1490d43cf0
# Parent  2739d3db591f81c75b46627c54cdcb578fd54ed6
mod_rest: Fix authentication

The :contains check failed because case normalization was applied after

diff -r 2739d3db591f -r 667ce80937fa mod_rest/mod_rest.lua
--- a/mod_rest/mod_rest.lua	Sun Jul 14 18:01:24 2024 +0200
+++ b/mod_rest/mod_rest.lua	Mon Jul 15 16:24:20 2024 +0200
@@ -53,10 +53,10 @@
 
 local function check_credentials(request) -- > session | boolean, error
 	local auth_type, auth_data = string.match(request.headers.authorization, "^(%S+)%s(.+)$");
+	auth_type = auth_type and auth_type:lower();
 	if not (auth_type and auth_data) or not auth_mechanisms:contains(auth_type) then
 		return nil, post_errors.new("noauthz", { request = request });
 	end
-	auth_type = auth_type:lower();
 
 	if auth_type == "basic" then
 		local creds = base64.decode(auth_data);