Merge pull request #7377 from kenjis/refactor-getPostedToken

samsonasik · web-flow · commit a6a7b9b153c4 · 2023-03-30T20:16:05.000+07:00
refactor: Security::getPostedToken()
diff --git a/system/Security/Security.php b/system/Security/Security.php
@@ -342,20 +342,23 @@ private function getPostedToken(RequestInterface $request): ?string
         assert($request instanceof IncomingRequest);
 
         // Does the token exist in POST, HEADER or optionally php:://input - json data.
+
+        if ($tokenValue = $request->getPost($this->tokenName)) {
+            return $tokenValue;
+        }
+
         if ($request->hasHeader($this->headerName) && ! empty($request->header($this->headerName)->getValue())) {
-            $tokenName = $request->header($this->headerName)->getValue();
-        } else {
-            $body = (string) $request->getBody();
-            $json = json_decode($body);
+            return $request->header($this->headerName)->getValue();
+        }
 
-            if ($body !== '' && ! empty($json) && json_last_error() === JSON_ERROR_NONE) {
-                $tokenName = $json->{$this->tokenName} ?? null;
-            } else {
-                $tokenName = null;
-            }
+        $body = (string) $request->getBody();
+        $json = json_decode($body);
+
+        if ($body !== '' && ! empty($json) && json_last_error() === JSON_ERROR_NONE) {
+            return $json->{$this->tokenName} ?? null;
         }
 
-        return $request->getPost($this->tokenName) ?? $tokenName;
+        return null;
     }
 
     /**
