From 54c8e8b709aeb034f7d71dd517451d1cf39cac42 Mon Sep 17 00:00:00 2001
From: Alex <alex@perimeterx.com>
Date: Thu, 15 Jun 2017 11:48:53 +0300
Subject: [PATCH] Fixed get user auth priority - first check cookie and then
 header for authenticationRequired route

---
 lib/middleware/get-user.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/middleware/get-user.js b/lib/middleware/get-user.js
index 65f4653d..e6d72849 100644
--- a/lib/middleware/get-user.js
+++ b/lib/middleware/get-user.js
@@ -62,7 +62,7 @@ module.exports = function (req, res, next) {
 
   var authorizationHeader = req.headers.Authorization || req.headers.authorization || '';
   var accessTokenFromHeader = authorizationHeader.match(/Bearer [^;]+/) ? authorizationHeader.split('Bearer ')[1] : null;
-  var resolvedAccessToken = accessTokenFromHeader || accessTokenFromCookie;
+  var resolvedAccessToken =  accessTokenFromCookie || accessTokenFromHeader;
 
   if (resolvedAccessToken) {
     accessTokenAuthenticator.authenticate(resolvedAccessToken, function (err, authenticationResult) {