Don't alloq multiple auth methods

2023-02-18 22:42:30 +11:00
parent ca4fb14aea
commit 6ad4f75525
1 changed files with 3 additions and 0 deletions
--- a/app/action.rb
+++ b/app/action.rb
@@ -23,6 +23,9 @@ module Adamantium
      end

      # Pull out and verify the authorization header or access_token
+
+      halt 400 if req.env["HTTP_AUTHORIZATION"] && req.params["access_token"]
+
      if req.env["HTTP_AUTHORIZATION"]
        header = req.env["HTTP_AUTHORIZATION"].match(/Bearer (.*)$/)
        access_token = header[1] unless header.nil?