improving identity key token authorization

zemit-cms · Feb 29, 2024 · 3a5a77e · 3a5a77e
1 parent 5a61042
commit 3a5a77e
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/src/Identity.php b/src/Identity.php
@@ -829,6 +829,7 @@ public function reset(array $params = null)
 
     /**
      * Get key / token fields to use for the session fetch & validation
+     * @throws ValidatorException
      */
     public function getKeyToken(string $jwt = null, string $key = null, string $token = null): array
     {
@@ -859,10 +860,14 @@ public function getKeyToken(string $jwt = null, string $key = null, string $toke
             elseif (!empty($authorization)) {
                 $authorizationType = $authorization[0] ?? 'Bearer';
                 $authorizationToken = $authorization[1] ?? null;
-                if (strtolower($authorizationType) === 'bearer') {
+                if ($authorizationToken && strtolower($authorizationType) === 'bearer') {
                     $sessionClaim = $this->getClaim($authorizationToken, $this->sessionKey);
                     $key = $sessionClaim['key'] ?? null;
                     $token = $sessionClaim['token'] ?? null;
+                } else {
+                    // missing token or unsupported authorization
+                    $key = null;
+                    $token = null;
                 }
             }
             elseif ($this->config->path('identity.sessionFallback', false) &&