From 3399f3e223a37f73693d3874e28d173197ef68d9 Mon Sep 17 00:00:00 2001
From: Adam Lavin <adam@lavoaster.co.uk>
Date: Fri, 1 Jan 2016 21:11:28 +0000
Subject: [PATCH] Added support for authorising oauth2 endpoints with the
 bearer header

---
 app/Http/Middleware/AuthenticateOAuth.php | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/app/Http/Middleware/AuthenticateOAuth.php b/app/Http/Middleware/AuthenticateOAuth.php
index e0afa8fd..aecde626 100644
--- a/app/Http/Middleware/AuthenticateOAuth.php
+++ b/app/Http/Middleware/AuthenticateOAuth.php
@@ -64,7 +64,7 @@ class AuthenticateOAuth
     public function handle(Request $request, Closure $next, $requiredScope)
     {
         // Ensure this is a valid OAuth client.
-        $accessToken = $request->get('access_token');
+        $accessToken = $this->determineAccessToken($request, false);
 
         // check that access token is valid at Poniverse.net
         $accessTokenInfo = $this->poniverse->getAccessTokenInfo($accessToken);
@@ -88,4 +88,20 @@ class AuthenticateOAuth
 
         return $next($request);
     }
+
+
+    private function determineAccessToken(Request $request, $headerOnly = true)
+    {
+        $header = $request->header('Authorization');
+
+        if ($header !== null && substr($header, 0, 7) === 'Bearer ') {
+            return trim(substr($header, 7));
+        }
+
+        if ($headerOnly) {
+            return null;
+        }
+
+        return $request->get('access_token');
+    }
 }