Skip to content

Commit 49f3723

Browse files
dereuromarkdereuromark
authored
Merge pull request #704 from cakephp/issue-688
Improve support for custom token prefixes.
2 parents 84dbb87 + 8597b11 commit 49f3723

File tree

2 files changed

+13
-6
lines changed

2 files changed

+13
-6
lines changed

src/Authenticator/TokenAuthenticator.php

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -43,13 +43,11 @@ class TokenAuthenticator extends AbstractAuthenticator implements StatelessInter
4343
*/
4444
protected function getToken(ServerRequestInterface $request): ?string
4545
{
46-
$token = $this->getTokenFromHeader($request, $this->getConfig('header'));
47-
if ($token === null) {
48-
$token = $this->getTokenFromQuery($request, $this->getConfig('queryParam'));
49-
}
46+
$token = $this->getTokenFromHeader($request, $this->getConfig('header'))
47+
?? $this->getTokenFromQuery($request, $this->getConfig('queryParam'));
5048

5149
$prefix = $this->getConfig('tokenPrefix');
52-
if ($prefix !== null && is_string($token)) {
50+
if ($prefix !== null && $token !== null) {
5351
return $this->stripTokenPrefix($token, $prefix);
5452
}
5553

@@ -65,7 +63,7 @@ protected function getToken(ServerRequestInterface $request): ?string
6563
*/
6664
protected function stripTokenPrefix(string $token, string $prefix): string
6765
{
68-
return str_ireplace($prefix . ' ', '', $token);
66+
return trim(str_ireplace($prefix, '', $token));
6967
}
7068

7169
/**

tests/TestCase/Authenticator/TokenAuthenticatorTest.php

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,15 @@ public function testTokenPrefix()
132132
$this->assertInstanceOf(Result::class, $result);
133133
$this->assertSame(Result::SUCCESS, $result->getStatus());
134134

135+
$requestWithHeaders = $this->request->withAddedHeader('X-Dipper-Auth', 'dipper_mariano');
136+
$tokenAuth = new TokenAuthenticator($this->identifiers, [
137+
'header' => 'X-Dipper-Auth',
138+
'tokenPrefix' => 'dipper_',
139+
]);
140+
$result = $tokenAuth->authenticate($requestWithHeaders);
141+
$this->assertInstanceOf(Result::class, $result);
142+
$this->assertSame(Result::SUCCESS, $result->getStatus());
143+
135144
//invalid prefix
136145
$requestWithHeaders = $this->request->withAddedHeader('Token', 'bearer mariano');
137146
$tokenAuth = new TokenAuthenticator($this->identifiers, [

0 commit comments

Comments
 (0)