deal with Authorization headers without blank

closes #473 Signed-off-by: Stefan Bodewig <stefan.bodewig@innoq.com>
zmartzone · Mar 10, 2023 · ae3bc54 · ae3bc54
1 parent 4ff4189
commit ae3bc54
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,4 +1,9 @@
-03/02/2023
+03/10/2023
+- when looking for a bearer token an exception occured if the
+  Authorization header didn't contain any space character;
+  see #473
+
+02/03/2023
 - release 1.7.6-3 of luarock pinning lua-resty-session dependency to
   not go beyond 3.1ß
 

diff --git a/lib/resty/openidc.lua b/lib/resty/openidc.lua
@@ -1651,7 +1651,7 @@ local function openidc_get_bearer_access_token(opts)
   end
 
   local divider = header:find(' ')
-  if divider == 0 or string.lower(header:sub(0, divider - 1)) ~= string.lower("Bearer") then
+  if divider == nil or divider == 0 or string.lower(header:sub(0, divider - 1)) ~= string.lower("Bearer") then
     err = "no Bearer authorization header value found"
     log(ERROR, err)
     return nil, err