Fix HttpAuthHeader

framework/CHANGELOG.md

@@ -4,8 +4,7 @@ Yii Framework 2 Change Log
 2.0.15 under development
 ------------------------
 
-- no changes in this release.
-
+- Bug #15693: Fixed Fix HttpAuthHeader when no pattern is present but not matched (bboure).
 
 2.0.14 February 18, 2018
 ------------------------

framework/filters/auth/HttpHeaderAuth.php

@@ -51,12 +51,16 @@ class HttpHeaderAuth extends AuthMethod
         $authHeader = $request->getHeaders()->get($this->header);
 
         if ($authHeader !== null) {
-            if ($this->pattern !== null && preg_match($this->pattern, $authHeader, $matches)) {
-                $authHeader = $matches[1];
+            if ($this->pattern !== null) {
+                if (preg_match($this->pattern, $authHeader, $matches)) {
+                    $authHeader = $matches[1];
+                } else {
+                    return null;
+                }
             }
+
             $identity = $user->loginByAccessToken($authHeader, get_class($this));
             if ($identity === null) {
-                $this->challenge($response);
                 $this->handleFailure($response);
             }