From 3ea33b76f802b943a942070845d410a985f4235f Mon Sep 17 00:00:00 2001
From: Christopher Speller <crspeller@gmail.com>
Date: Thu, 20 Sep 2018 07:23:44 -0700
Subject: Improving token lookup. (#9436)

---
 app/authentication.go | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/app/authentication.go b/app/authentication.go
index 087a9b230..83552639e 100644
--- a/app/authentication.go
+++ b/app/authentication.go
@@ -213,6 +213,13 @@ func (a *App) authenticateUser(user *model.User, password, mfaToken string) (*mo
 
 func ParseAuthTokenFromRequest(r *http.Request) (string, TokenLocation) {
 	authHeader := r.Header.Get(model.HEADER_AUTH)
+
+	// Attempt to parse the token from the cookie
+	if cookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil {
+		return cookie.Value, TokenLocationCookie
+	}
+
+	// Parse the token from the header
 	if len(authHeader) > 6 && strings.ToUpper(authHeader[0:6]) == model.HEADER_BEARER {
 		// Default session token
 		return authHeader[7:], TokenLocationHeader
@@ -221,11 +228,6 @@ func ParseAuthTokenFromRequest(r *http.Request) (string, TokenLocation) {
 		return authHeader[6:], TokenLocationHeader
 	}
 
-	// Attempt to parse the token from the cookie
-	if cookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil {
-		return cookie.Value, TokenLocationCookie
-	}
-
 	// Attempt to parse token out of the query string
 	if token := r.URL.Query().Get("access_token"); token != "" {
 		return token, TokenLocationQueryString
-- 
cgit v1.2.3-1-g7c22