[Login] Case insensitive comparison of Authentication header

The HTTP spec says the header name is case-insensitive. Some clients
send it as "authentication" (lowercase). This makes our check for
the header case-insensitive by lower-casing the headers before doing
the comparison.

php/libraries/SinglePointLogin.class.inc

@@ -178,8 +178,9 @@ class SinglePointLogin
         // First try JWT authentication, which is cheaper and
         // doesn't involve database calls
         $headers    = getallheaders();
-        $authHeader = isset($headers['Authorization'])
-                         ? $headers['Authorization']
+        $headers = array_change_key_case($headers, CASE_LOWER);
+        $authHeader = isset($headers['authorization'])
+                         ? $headers['authorization']
                          : '';
         if (!empty($authHeader)) {
             $token = explode(" ", $authHeader);