Merge pull request #1525 from ArthurHoaro/feature/rest-api-bookmark-dates

[github/shaarli/Shaarli.git] / application / api / ApiMiddleware.php

diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php
index da730e0c48e739fbb382e86f86dbb15f4e9287e8..f5b53b01fcc5f5f16c5d477d054c9483d2e142d9 100644 (file)
--- a/application/api/ApiMiddleware.php
+++ b/application/api/ApiMiddleware.php
@@ -107,7 +107,9 @@ class ApiMiddleware
      */
     protected function checkToken($request)
     {
-        if (! $request->hasHeader('Authorization') && !isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
+        if (!$request->hasHeader('Authorization')
+            && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])
+        ) {
             throw new ApiAuthorizationException('JWT token not provided');
         }
 
@@ -115,11 +117,11 @@ class ApiMiddleware
             throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration');
         }
 
-       if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
-           $authorization = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
-       } else {
+        if (isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) {
+            $authorization = $this->container->environment['REDIRECT_HTTP_AUTHORIZATION'];
+        } else {
             $authorization = $request->getHeaderLine('Authorization');
-       }
+        }
 
         if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) {
             throw new ApiAuthorizationException('Invalid JWT header');