lib/rodauth/features/oauth_base.rb in rodauth-oauth-1.4.0 vs lib/rodauth/features/oauth_base.rb in rodauth-oauth-1.5.0

@@ -235,21 +235,27 @@
         if request.post? && !(request.content_type.start_with?("application/x-www-form-urlencoded") &&
                         request.params.size == 1)
           return
         end
       else
-        value = request.env["HTTP_AUTHORIZATION"]
+        token = fetch_access_token_from_authorization_header
+      end
 
-        return unless value && !value.empty?
+      return if token.nil? || token.empty?
 
-        scheme, token = value.split(" ", 2)
+      token
+    end
 
-        return unless scheme.downcase == oauth_token_type
-      end
+    def fetch_access_token_from_authorization_header(token_type = oauth_token_type)
+      value = request.env["HTTP_AUTHORIZATION"]
 
-      return if token.nil? || token.empty?
+      return unless value && !value.empty?
 
+      scheme, token = value.split(" ", 2)
+
+      return unless scheme.downcase == token_type
+
       token
     end
 
     def authorization_token
       return @authorization_token if defined?(@authorization_token)
@@ -351,11 +357,11 @@
     # to be used internally. Same semantics as require account, must:
     # fetch an authorization basic header
     # parse client id and secret
     #
     def require_oauth_application
-      @oauth_application = if (token = ((v = request.env["HTTP_AUTHORIZATION"]) && v[/\A *Basic (.*)\Z/, 1]))
+      @oauth_application = if (token = (v = request.env["HTTP_AUTHORIZATION"]) && v[/\A *Basic (.*)\Z/, 1])
                              # client_secret_basic
                              require_oauth_application_from_client_secret_basic(token)
                            elsif (client_id = param_or_nil("client_id"))
                              if (client_secret = param_or_nil("client_secret"))
                                # client_secret_post
@@ -817,11 +823,15 @@
     def throw_json_response_error(status, error_code, message = nil)
       set_response_error_status(status)
       payload = response_error_params(error_code, message)
       json_payload = _json_response_body(payload)
       response["Content-Type"] ||= json_response_content_type
-      response["WWW-Authenticate"] = oauth_token_type.upcase if status == 401
+      response["WWW-Authenticate"] = www_authenticate_header(payload) if status == 401
       return_response(json_payload)
+    end
+
+    def www_authenticate_header(*)
+      oauth_token_type.capitalize
     end
 
     def _json_response_body(hash)
       return super if features.include?(:json)