Merge pull request #7 from VP42/master

Adding custom header key
generationtux · Jul 14, 2016 · bbfc422 · bbfc422
2 parents 4438aff + 66ee7e4
commit bbfc422
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 1 deletion.
diff --git a/readme.md b/readme.md
@@ -59,6 +59,7 @@ for the available config options and their defaults.
 | `JWT_ALGO`   | *HS256* | The algorithm to use for sigining tokens.                        |
 | `JWT_LEEWAY` | *0*     | Seconds of leeway for validating timestamps to account for time differences between systems |
 | `JWT_INPUT`  | *token* | By default we will look for the token in the `Authorization` header. If it's not found there, then this value will be used to search the sent input from the request to find the token. |
+| `JWT_HEADER`  | *Authorization* | By default the `Authorization` header key is used. This can be overridden with this value. |
 
 If you're using the `JwtExceptionHandler` to handle exceptions, these environment variables can be set to customize the error messages.
 *(see below for information on using the exception handler)*

diff --git a/spec/Http/JwtMiddlewareSpec.php b/spec/Http/JwtMiddlewareSpec.php
@@ -28,6 +28,22 @@ public function it_validates_the_token_and_passes_onto_the_next_middleware(JwtTo
         $this->handle($request, $next)->shouldReturn('hello world');
     }
 
+    public function it_validates_the_token_with_custom_header_key_and_passes_onto_the_next_middleware(JwtToken $token, Request $request)
+    {
+        $customHeader = 'X-Test-AuthHeader';
+        putenv("JWT_HEADER=$customHeader");
+
+        $request->header($customHeader)->willReturn('Bearer foo_token');
+
+        $token->setToken('foo_token')->willReturn($token);
+        $token->validateOrFail()->shouldBeCalled()->willReturn(true);
+
+        $next = function() { return 'hello world'; };
+        $this->handle($request, $next)->shouldReturn('hello world');
+
+        putenv('JWT_HEADER=');
+    }
+
     public function it_throws_an_exception_if_the_token_is_invalid(JwtToken $token, Request $request)
     {
         $request->header('Authorization')->willReturn(null);

diff --git a/src/GetsJwtToken.php b/src/GetsJwtToken.php
@@ -27,7 +27,7 @@ public function getToken($request = null)
     {
         $request = $request ?: $this->makeRequest();
 
-        list($token) = sscanf($request->header('Authorization'), 'Bearer %s');
+        list($token) = sscanf($request->header($this->getAuthHeaderKey()), 'Bearer %s');
         if( ! $token) {
             $name = $this->getInputName();
             $token = $request->input($name);
@@ -85,6 +85,19 @@ private function getInputName()
         return getenv('JWT_INPUT') ?: 'token';
     }
 
+    /**
+     * Get the header key to search for the token
+     *
+     * This can be customized by setting the JWT_HEADER env variable.
+     * It will default to using `Authorization` if not defined.
+     *
+     * @return string
+     */
+    private function getAuthHeaderKey()
+    {
+        return getenv('JWT_HEADER') ?: 'Authorization';
+    }
+
     /**
      * Create a driver to use for the token from the IoC
      *