From 9f6c2d2a1af5def06ba0b2c306c53bca0a422c13 Mon Sep 17 00:00:00 2001
From: James Stewart <jstewart101@gmail.com>
Date: Tue, 24 May 2016 00:21:32 +1000
Subject: [PATCH] Handle authorization bearer tokens

Add support for bearer tokens to auth module.
---
 eve/auth.py       |  5 +++--
 eve/tests/auth.py | 14 ++++++++++++++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/eve/auth.py b/eve/auth.py
index aeeb41c29..c15691fd6 100644
--- a/eve/auth.py
+++ b/eve/auth.py
@@ -268,11 +268,12 @@ def authorized(self, allowed_roles, resource, method):
 
         # Werkzeug parse_authorization does not handle
         # "Authorization: <token>" or
-        # "Authorization: Token <token>"
+        # "Authorization: Token <token>" or
+        # "Authorization: Bearer <token>"
         # headers, therefore they should be explicitly handled
         if not auth and request.headers.get('Authorization'):
             auth = request.headers.get('Authorization').strip()
-            if auth.lower().startswith('token'):
+            if auth.lower().startswith(('token', 'bearer')):
                 auth = auth.split(' ')[1]
 
         if auth:
diff --git a/eve/tests/auth.py b/eve/tests/auth.py
index 3bf0f6b1c..17b17741e 100644
--- a/eve/tests/auth.py
+++ b/eve/tests/auth.py
@@ -277,6 +277,20 @@ def test_custom_auth(self):
         self.assertTrue(isinstance(self.app.auth, ValidTokenAuth))
 
 
+class TestBearerTokenAuth(TestTokenAuth):
+    def setUp(self):
+        super(TestBearerTokenAuth, self).setUp()
+        self.valid_auth = [('Authorization', 'Token test_token'),
+                           self.content_type]
+
+    def test_bad_auth_class(self):
+        self.app = Eve(settings=self.settings_file, auth=BadTokenAuth)
+        self.test_client = self.app.test_client()
+        r = self.test_client.get('/', headers=self.valid_auth)
+        # will fail because check_auth() is not implemented in the custom class
+        self.assert500(r.status_code)
+
+
 class TestCustomTokenAuth(TestTokenAuth):
     def setUp(self):
         super(TestCustomTokenAuth, self).setUp()