Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unquote basic auth username and password #5

Merged
merged 1 commit into from
May 5, 2021
Merged

Unquote basic auth username and password #5

merged 1 commit into from
May 5, 2021

Conversation

jiahuili430
Copy link

@jiahuili430 jiahuili430 commented May 4, 2021
edited

Unquote username and password which were parsed by ibrowse_lib:parse_url/1 before inserting them in the basic auth header.

Previously if the user had characters like @ in their username or password, and they were percent-encoded, they were inserted encoded in the basic auth header which lead to authentication failure.

P.S.: To test this with the replicator, make sure to disable the session plugin in the "default.ini" file.

@@ -475,7 +475,7 @@ ssl_certificate_max_depth = 3
 ; falling back to the old basic authenticaion default:
 ;auth_plugins = couch_replicator_auth_session,couch_replicator_auth_noop
 ; To restore the old behaviour, use the following value:
-;auth_plugins = couch_replicator_auth_noop
+auth_plugins = couch_replicator_auth_noop

@jiahuili430
Unquote basic auth username and password
8ad40b4 
Unquote username and password which were parsed by ibrowse_lib:parse_url/1 before inserting them in the basic auth header.

Previously if the user had characters like @ in their username or password, and they were percent-encoded, they were inserted encoded in the basic auth header which lead to authentication failure.
bessbd
bessbd reviewed May 5, 2021
View reviewed changes
src/ibrowse_lib.erl
Comment on lines +478 to +479
?assertEqual("foo\r\n",
unquote(<<"foo%0D%0A">>)),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like the same as right above.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The difference is binary() vs string().

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @iilyak !

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @iilyak @bessbd

iilyak
iilyak approved these changes May 5, 2021
View reviewed changes
Copy link
Contributor

@iilyak iilyak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@bessbd
Copy link
Member

bessbd commented May 5, 2021

Thank you for the review, @iilyak ! I'm about to merge this.

@bessbd bessbd merged commit b96b0de into apache:master May 5, 2021
@bessbd
Copy link
Member

bessbd commented May 5, 2021

For posterity: I believe this is related to apache/couchdb#2892

nickva pushed a commit that referenced this pull request May 7, 2021
@jiahuili430 @nickva
Unquote basic auth username and password (#5)
4dd9bfe 
Unquote username and password which were parsed by ibrowse_lib:parse_url/1 before inserting them in the basic auth header.

Previously if the user had characters like @ in their username or password, and they were percent-encoded, they were inserted encoded in the basic auth header which lead to authentication failure.
nickva pushed a commit that referenced this pull request May 7, 2021
@jiahuili430 @nickva
Unquote basic auth username and password (#5)
e9f77d2 
Unquote username and password which were parsed by ibrowse_lib:parse_url/1 before inserting them in the basic auth header.

Previously if the user had characters like @ in their username or password, and they were percent-encoded, they were inserted encoded in the basic auth header which lead to authentication failure.
nickva pushed a commit that referenced this pull request May 8, 2021
@jiahuili430 @nickva
Unquote basic auth username and password (#5)
c573251 
Unquote username and password which were parsed by ibrowse_lib:parse_url/1 before inserting them in the basic auth header.

Previously if the user had characters like @ in their username or password, and they were percent-encoded, they were inserted encoded in the basic auth header which lead to authentication failure.
@jiahuili430 jiahuili430 deleted the fix-basic-auth-user-and-pass-quoting branch June 1, 2021 03:47
nickva pushed a commit that referenced this pull request Jun 7, 2021
@jiahuili430 @nickva
Unquote basic auth username and password (#5)
16e73e0 
Unquote username and password which were parsed by ibrowse_lib:parse_url/1 before inserting them in the basic auth header.

Previously if the user had characters like @ in their username or password, and they were percent-encoded, they were inserted encoded in the basic auth header which lead to authentication failure.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bessbd bessbd bessbd left review comments

@iilyak iilyak iilyak approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@jiahuili430 @bessbd @iilyak