Fetch data from basic auth when one of the parameters is missing

author Michael <heluecht@pirati.ca>

Sun, 22 Jan 2023 14:44:57 +0000 (14:44 +0000)

committer Michael <heluecht@pirati.ca>

Sun, 22 Jan 2023 14:44:57 +0000 (14:44 +0000)
author Michael <heluecht@pirati.ca>
Sun, 22 Jan 2023 14:44:57 +0000 (14:44 +0000)
committer Michael <heluecht@pirati.ca>
Sun, 22 Jan 2023 14:44:57 +0000 (14:44 +0000)
diff --git a/src/Module/OAuth/Token.php b/src/Module/OAuth/Token.php

index 6f68215cc604619d3016eaa5d74731161bf62401..ecb65048d02303c7bb4c1bc7f349daddcf0d11f5 100644 (file)
--- a/src/Module/OAuth/Token.php
+++ b/src/Module/OAuth/Token.php
@@ -60,7 +60,7 @@ class Token extends BaseApi
                         $authorization = $_SERVER['REDIRECT_REMOTE_USER'] ?? '';
                 }
  
-               if (empty($request['client_id']) && substr($authorization, 0, 6) == 'Basic ') {
+               if ((empty($request['client_id']) || empty($request['client_secret'])) && substr($authorization, 0, 6) == 'Basic ') {
                         // Per RFC2617, usernames can't contain a colon but password can,
                         // so we cut on the first colon to obtain the username and the password
                         // @see https://www.rfc-editor.org/rfc/rfc2617#section-2
author	Michael <heluecht@pirati.ca>
	Sun, 22 Jan 2023 14:44:57 +0000 (14:44 +0000)
committer	Michael <heluecht@pirati.ca>
	Sun, 22 Jan 2023 14:44:57 +0000 (14:44 +0000)