From f883c3cee70bfce8fdaa9dab959c5388783a21c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Jaussoin?=
 <timothee.jaussoin@belledonne-communications.com>
Date: Tue, 6 Jan 2026 15:23:41 +0100
Subject: [PATCH] Fix FLEXIAPI-430 Handle empty string in JWT_SIP_IDENTIFIER
 and fallback to sip_identity

---
 flexiapi/app/Http/Middleware/AuthenticateJWT.php   |  6 ++++--
 .../tests/Feature/AccountJWTAuthenticationTest.php | 14 ++++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/flexiapi/app/Http/Middleware/AuthenticateJWT.php b/flexiapi/app/Http/Middleware/AuthenticateJWT.php
index b1eb0fb..4981061 100644
--- a/flexiapi/app/Http/Middleware/AuthenticateJWT.php
+++ b/flexiapi/app/Http/Middleware/AuthenticateJWT.php
@@ -76,9 +76,11 @@ class AuthenticateJWT
             }
 
             $account = null;
+            $identifierKey = config('services.jwt.sip_identifier');
+            if ($identifierKey == '') $identifierKey = 'sip_identity';
 
-            if ($token->claims()->has(config('services.jwt.sip_identifier'))) {
-                list($username, $domain) = parseSIP($token->claims()->get(config('services.jwt.sip_identifier')));
+            if ($token->claims()->has($identifierKey)) {
+                list($username, $domain) = parseSIP($token->claims()->get($identifierKey));
 
                 $account = Account::withoutGlobalScopes()
                     ->where('username', $username)
diff --git a/flexiapi/tests/Feature/AccountJWTAuthenticationTest.php b/flexiapi/tests/Feature/AccountJWTAuthenticationTest.php
index 4d067ad..2ae4622 100644
--- a/flexiapi/tests/Feature/AccountJWTAuthenticationTest.php
+++ b/flexiapi/tests/Feature/AccountJWTAuthenticationTest.php
@@ -93,6 +93,20 @@ class AccountJWTAuthenticationTest extends TestCase
 
         $this->checkToken($token);
 
+        // Handle JWT_SIP_IDENTIFIER=
+        config()->set('services.jwt.sip_identifier', '');
+
+        $token = (new JwtFacade(null, $clock))->issue(
+            new Sha256(),
+            InMemory::plainText($this->serverPrivateKeyPem),
+            static fn (
+                Builder $builder,
+                DateTimeImmutable $issuedAt
+            ): Builder => $builder->withClaim('sip_identity', 'sip:' . $password->account->username . '@' . $password->account->domain)
+        );
+
+        $this->checkToken($token);
+
         // Custom SIP identifier
         $otherIdentifier = 'sip_other_identifier';
         config()->set('services.jwt.sip_identifier', $otherIdentifier);