From 0aa5cffe8144a7e0e8150b519dca17d336595140 Mon Sep 17 00:00:00 2001
From: Nova Adi Saputra <70581926+MrFrost-Nv27@users.noreply.github.com>
Date: Thu, 22 Feb 2024 12:28:05 +0700
Subject: [PATCH 1/2] Update JWT.php

---
 src/Authentication/Authenticators/JWT.php | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/src/Authentication/Authenticators/JWT.php b/src/Authentication/Authenticators/JWT.php
index 84efc2fb5..e811912a5 100644
--- a/src/Authentication/Authenticators/JWT.php
+++ b/src/Authentication/Authenticators/JWT.php
@@ -14,6 +14,7 @@
 namespace CodeIgniter\Shield\Authentication\Authenticators;
 
 use CodeIgniter\HTTP\IncomingRequest;
+use CodeIgniter\HTTP\RequestInterface;
 use CodeIgniter\I18n\Time;
 use CodeIgniter\Shield\Authentication\AuthenticationException;
 use CodeIgniter\Shield\Authentication\AuthenticatorInterface;
@@ -209,11 +210,31 @@ public function loggedIn(): bool
         /** @var AuthJWT $config */
         $config = config('AuthJWT');
 
+        $token = $this->getTokenFromHeader($request);
+
         return $this->attempt([
-            'token' => $request->getHeaderLine($config->authenticatorHeader),
+            'token' => $token,
         ])->isOK();
     }
 
+    private function getTokenFromHeader(RequestInterface $request): string
+    {
+        assert($request instanceof IncomingRequest);
+
+        /** @var AuthJWT $config */
+        $config = config('AuthJWT');
+
+        $tokenHeader = $request->getHeaderLine(
+            $config->authenticatorHeader ?? 'Authorization'
+        );
+
+        if (strpos($tokenHeader, 'Bearer') === 0) {
+            return trim(substr($tokenHeader, 6));
+        }
+
+        return $tokenHeader;
+    }
+
     /**
      * Logs the given user in by saving them to the class.
      */

From 088be7bed37ceca74fef39222d341683a4d6c1ec Mon Sep 17 00:00:00 2001
From: Nova Adi Saputra <70581926+MrFrost-Nv27@users.noreply.github.com>
Date: Sat, 24 Feb 2024 08:02:56 +0700
Subject: [PATCH 2/2] Update LoginModel.php

i want use uuid for user id, so let set the validation customable or change the behavior.

my opinion is for improve jwt token security auth at sub payload not integer id, but uuid
---
 src/Models/LoginModel.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Models/LoginModel.php b/src/Models/LoginModel.php
index 9c2ff0dca..6c9e5e203 100644
--- a/src/Models/LoginModel.php
+++ b/src/Models/LoginModel.php
@@ -39,7 +39,7 @@ class LoginModel extends BaseModel
         'id_type'    => 'required',
         'identifier' => 'permit_empty|string',
         'user_agent' => 'permit_empty|string',
-        'user_id'    => 'permit_empty|integer',
+        'user_id'    => 'permit_empty',
         'date'       => 'required|valid_date',
     ];
     protected $validationMessages = [];