diff options
| author | Kim Alvefur <zash@zash.se> | 2021-01-27 18:26:24 +0100 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2021-01-27 18:26:24 +0100 |
| commit | 2cb87c6ffa199726e8f7cd4b35b00cb72491465d (patch) | |
| tree | 03333ca6ca950efa25eb229bca1402d3020a24a7 | |
| parent | ae4ad08b4a3db758681db0b857bdfea05e4fc0be (diff) | |
| download | prosody-2cb87c6ffa199726e8f7cd4b35b00cb72491465d.tar.gz prosody-2cb87c6ffa199726e8f7cd4b35b00cb72491465d.zip | |
mod_http_file_share: Strip authorization type prefix a bit earlier
| -rw-r--r-- | plugins/mod_http_file_share.lua | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/plugins/mod_http_file_share.lua b/plugins/mod_http_file_share.lua index 90005d5b..4daf38a9 100644 --- a/plugins/mod_http_file_share.lua +++ b/plugins/mod_http_file_share.lua @@ -152,11 +152,14 @@ end function handle_upload(event, path) -- PUT /upload/:slot local request = event.request; local authz = request.headers.authorization; - if not authz or not authz:find"^Bearer ." then + if authz then + authz = authz:match("^Bearer (.*)") + end + if not authz then module:log("debug", "Missing Authorization"); return 403; end - local authed, upload_info = jwt.verify(secret, authz:match("^Bearer (.*)")); + local authed, upload_info = jwt.verify(secret, authz); if not (authed and type(upload_info) == "table" and type(upload_info.exp) == "number") then module:log("debug", "Unauthorized or invalid token: %s, %q", authed, upload_info); return 401; |