changeset 5934:667ce80937fa

mod_rest: Fix authentication The :contains check failed because case normalization was applied after
author Kim Alvefur <zash@zash.se>
date Mon, 15 Jul 2024 16:24:20 +0200
parents 2739d3db591f
children 46394b327d17
files mod_rest/mod_rest.lua
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mod_rest/mod_rest.lua	Sun Jul 14 18:01:24 2024 +0200
+++ b/mod_rest/mod_rest.lua	Mon Jul 15 16:24:20 2024 +0200
@@ -53,10 +53,10 @@
 
 local function check_credentials(request) -- > session | boolean, error
 	local auth_type, auth_data = string.match(request.headers.authorization, "^(%S+)%s(.+)$");
+	auth_type = auth_type and auth_type:lower();
 	if not (auth_type and auth_data) or not auth_mechanisms:contains(auth_type) then
 		return nil, post_errors.new("noauthz", { request = request });
 	end
-	auth_type = auth_type:lower();
 
 	if auth_type == "basic" then
 		local creds = base64.decode(auth_data);