From da25d3814bd089ee0c38dcc48bd4423fb5ec2c3f Mon Sep 17 00:00:00 2001
From: GareArc <chen4851@purdue.edu>
Date: Wed, 28 May 2025 18:50:29 +0800
Subject: [PATCH] fix: bad jwt decoding

---
 api/controllers/web/passport.py | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/api/controllers/web/passport.py b/api/controllers/web/passport.py
index 439caad6bf..501a19e704 100644
--- a/api/controllers/web/passport.py
+++ b/api/controllers/web/passport.py
@@ -77,23 +77,14 @@ class PassportResource(Resource):
 api.add_resource(PassportResource, "/passport")
 
 
-def decode_enterprise_webapp_user_id(auth_header: str | None):
+def decode_enterprise_webapp_user_id(jwt_token: str | None):
     """
     Decode the enterprise user session from the Authorization header.
     """
-    if not auth_header:
+    if not jwt_token:
         return None
 
-    if " " not in auth_header:
-        raise Unauthorized("Invalid Authorization header format. Expected 'Bearer <api-key>' format.")
-
-    auth_scheme, tk = auth_header.split(None, 1)
-    auth_scheme = auth_scheme.lower()
-
-    if auth_scheme != "bearer":
-        raise Unauthorized("Invalid Authorization header format. Expected 'Bearer <api-key>' format.")
-
-    decoded = PassportService().verify(tk)
+    decoded = PassportService().verify(jwt_token)
     source = decoded.get("token_source")
     if not source or source != "enterprise_login":
         raise Unauthorized("Invalid token source. Expected 'enterprise_login'.")