New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error in basic-auth authorization #2986
Comments
Hi @nico-acidtango ! Thank you for the report. We would welcome a PR to fix this, if you are willing to give it a stab! |
Hi @thibaultcha ! I think I can handle it, and I'm happy to help. I'll get to it as soon as possible. |
Nice work! user1 -> password1
user2 -> password2 now when enable the basic-auth for an API, since there is no options to specify username, |
@nico-acidtango |
@chenyukang you are right, I forgot to mention that the password containing '%' part was my mistake for not url encoding that part of the password when making the request, I found out writing the tests... I'll edit the issue |
Summary
Error creating and using credentials in basic-auth with passwords that contain ':' characters.
Assumptions and general info
Steps To Reproduce
Additional Details & Logs
The problem as far as I could see browsing the code is that the authorization header is being split using ':' and only the first two part are used (first part is considered user, and second part is the password) effectively discarding parts of the password.
kong/kong/plugins/basic-auth/access.lua
Line 42 in 777b667
The text was updated successfully, but these errors were encountered: