diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/authentication.go | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/app/authentication.go b/app/authentication.go index 087a9b230..83552639e 100644 --- a/app/authentication.go +++ b/app/authentication.go @@ -213,6 +213,13 @@ func (a *App) authenticateUser(user *model.User, password, mfaToken string) (*mo func ParseAuthTokenFromRequest(r *http.Request) (string, TokenLocation) { authHeader := r.Header.Get(model.HEADER_AUTH) + + // Attempt to parse the token from the cookie + if cookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil { + return cookie.Value, TokenLocationCookie + } + + // Parse the token from the header if len(authHeader) > 6 && strings.ToUpper(authHeader[0:6]) == model.HEADER_BEARER { // Default session token return authHeader[7:], TokenLocationHeader @@ -221,11 +228,6 @@ func ParseAuthTokenFromRequest(r *http.Request) (string, TokenLocation) { return authHeader[6:], TokenLocationHeader } - // Attempt to parse the token from the cookie - if cookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil { - return cookie.Value, TokenLocationCookie - } - // Attempt to parse token out of the query string if token := r.URL.Query().Get("access_token"); token != "" { return token, TokenLocationQueryString |