Return 401 when getting an empty bearer token

For example: Authorization: Bearer The cause of the empty bearer also needs to be investigated
2016-07-20 17:27:44 +02:00
parent 14d462be41
commit ad0ea12059
2 changed files with 11 additions and 2 deletions
--- a/lib/remote_storage/swift.rb
+++ b/lib/remote_storage/swift.rb
@@ -24,7 +24,7 @@ module RemoteStorage
        return true if ["GET", "HEAD"].include?(request_method) && !listing
      end

-      server.halt 401, "Unauthorized" if token.empty?
+      server.halt 401, "Unauthorized" if token.nil? || token.empty?

      authorizations = redis.smembers("authorizations:#{user}:#{token}")
      permission = directory_permission(authorizations, directory)