From 6ad4f75525e387aefa1e4a40d3bc74636b5962eb Mon Sep 17 00:00:00 2001
From: Daniel Nitsikopoulos <daniel@dnitza.com>
Date: Sat, 18 Feb 2023 22:42:30 +1100
Subject: [PATCH] Don't alloq multiple auth methods

---
 app/action.rb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/action.rb b/app/action.rb
index 860ddda..725967f 100644
--- a/app/action.rb
+++ b/app/action.rb
@@ -23,6 +23,9 @@ module Adamantium
       end
 
       # Pull out and verify the authorization header or access_token
+
+      halt 400 if req.env["HTTP_AUTHORIZATION"] && req.params["access_token"]
+
       if req.env["HTTP_AUTHORIZATION"]
         header = req.env["HTTP_AUTHORIZATION"].match(/Bearer (.*)$/)
         access_token = header[1] unless header.nil?