From da89225c8da21443e5f1a0b09bb36f06bc851792 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt?= <benoit@bbwebconsult.com>
Date: Tue, 20 Feb 2018 13:45:52 +0100
Subject: [PATCH] Fix HttpAuthHeader

---
 framework/CHANGELOG.md                    |  3 +--
 framework/filters/auth/HttpHeaderAuth.php | 10 +++++++---
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md
index c1b1d2d7de..445409d9d0 100644
--- a/framework/CHANGELOG.md
+++ b/framework/CHANGELOG.md
@@ -4,8 +4,7 @@ Yii Framework 2 Change Log
 2.0.15 under development
 ------------------------
 
-- no changes in this release.
-
+- Bug #15693: Fixed Fix HttpAuthHeader when no pattern is present but not matched (bboure).
 
 2.0.14 February 18, 2018
 ------------------------
diff --git a/framework/filters/auth/HttpHeaderAuth.php b/framework/filters/auth/HttpHeaderAuth.php
index 4a484708bc..bf7fc8725c 100644
--- a/framework/filters/auth/HttpHeaderAuth.php
+++ b/framework/filters/auth/HttpHeaderAuth.php
@@ -51,12 +51,16 @@ class HttpHeaderAuth extends AuthMethod
         $authHeader = $request->getHeaders()->get($this->header);
 
         if ($authHeader !== null) {
-            if ($this->pattern !== null && preg_match($this->pattern, $authHeader, $matches)) {
-                $authHeader = $matches[1];
+            if ($this->pattern !== null) {
+                if (preg_match($this->pattern, $authHeader, $matches)) {
+                    $authHeader = $matches[1];
+                } else {
+                    return null;
+                }
             }
+
             $identity = $user->loginByAccessToken($authHeader, get_class($this));
             if ($identity === null) {
-                $this->challenge($response);
                 $this->handleFailure($response);
             }