aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2021-01-27 18:26:24 +0100
committerKim Alvefur <zash@zash.se>2021-01-27 18:26:24 +0100
commit6ce4972bf4b2cf8923af7d236558071083cbb17a (patch)
tree03333ca6ca950efa25eb229bca1402d3020a24a7
parent3abab1efc33cecec4fc6bfe4790994c983d8f980 (diff)
downloadprosody-6ce4972bf4b2cf8923af7d236558071083cbb17a.tar.gz
prosody-6ce4972bf4b2cf8923af7d236558071083cbb17a.zip
mod_http_file_share: Strip authorization type prefix a bit earlier
-rw-r--r--plugins/mod_http_file_share.lua7
1 files changed, 5 insertions, 2 deletions
diff --git a/plugins/mod_http_file_share.lua b/plugins/mod_http_file_share.lua
index 90005d5b..4daf38a9 100644
--- a/plugins/mod_http_file_share.lua
+++ b/plugins/mod_http_file_share.lua
@@ -152,11 +152,14 @@ end
function handle_upload(event, path) -- PUT /upload/:slot
local request = event.request;
local authz = request.headers.authorization;
- if not authz or not authz:find"^Bearer ." then
+ if authz then
+ authz = authz:match("^Bearer (.*)")
+ end
+ if not authz then
module:log("debug", "Missing Authorization");
return 403;
end
- local authed, upload_info = jwt.verify(secret, authz:match("^Bearer (.*)"));
+ local authed, upload_info = jwt.verify(secret, authz);
if not (authed and type(upload_info) == "table" and type(upload_info.exp) == "number") then
module:log("debug", "Unauthorized or invalid token: %s, %q", authed, upload_info);
return 401;