Not throwing exception for missing header with custom name

[wallacio]

I'm using a custom header name, and I've set middleware options accordingly. I'd like the middleware to accept a token sent in a cookie if there's no header present, so I've defined a cookie with a custom name to check too.

        $app->add(new JwtAuthentication([
            "header"    => "X-OCA",
            "cookie"    => "X_OCA",
            "regexp"    => "/(.*)/"
        ]...

I've discovered that the cookie is never checked for a token if a header with a custom name isn't present. This block of code in fetchToken() in src/JwtAuthentication always returns true, even if the header isn't found when the regexp is also "/(.*)/"

        /* Check for token in header. */
        $headers = $request->getHeader($this->options["header"]);
        $header = isset($headers[0]) ? $headers[0] : "";
        if (preg_match($this->options["regexp"], $header, $matches)) {
            $this->log(LogLevel::DEBUG, $message);
            return $matches[1];
        }

Would it be more appropriate to check if there's anything in $header before even attempting a preg_match? Such a fix works great for my particular case:

        if ($header !== "" && preg_match($this->options["regexp"], $header, $matches)) {
            $this->log(LogLevel::DEBUG, $message);
            return $matches[1];
        }

[tuupola]

Seems you are correct. If the header does not exist the middleware should continue directly to checking if the cookie exists. Will fix.

[wallacio]

Appreciated - thank you!