-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unquote basic auth username and password #5
Unquote basic auth username and password #5
Conversation
Unquote username and password which were parsed by ibrowse_lib:parse_url/1 before inserting them in the basic auth header. Previously if the user had characters like @ in their username or password, and they were percent-encoded, they were inserted encoded in the basic auth header which lead to authentication failure.
?assertEqual("foo\r\n", | ||
unquote(<<"foo%0D%0A">>)), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks like the same as right above.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The difference is binary()
vs string()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, @iilyak !
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
Thank you for the review, @iilyak ! I'm about to merge this. |
For posterity: I believe this is related to apache/couchdb#2892 |
Unquote username and password which were parsed by ibrowse_lib:parse_url/1 before inserting them in the basic auth header. Previously if the user had characters like @ in their username or password, and they were percent-encoded, they were inserted encoded in the basic auth header which lead to authentication failure.
Unquote username and password which were parsed by ibrowse_lib:parse_url/1 before inserting them in the basic auth header. Previously if the user had characters like @ in their username or password, and they were percent-encoded, they were inserted encoded in the basic auth header which lead to authentication failure.
Unquote username and password which were parsed by ibrowse_lib:parse_url/1 before inserting them in the basic auth header. Previously if the user had characters like @ in their username or password, and they were percent-encoded, they were inserted encoded in the basic auth header which lead to authentication failure.
Unquote username and password which were parsed by ibrowse_lib:parse_url/1 before inserting them in the basic auth header. Previously if the user had characters like @ in their username or password, and they were percent-encoded, they were inserted encoded in the basic auth header which lead to authentication failure.
Unquote username and password which were parsed by ibrowse_lib:parse_url/1 before inserting them in the basic auth header.
Previously if the user had characters like @ in their username or password, and they were percent-encoded, they were inserted encoded in the basic auth header which lead to authentication failure.
P.S.: To test this with the replicator, make sure to disable the session plugin in the "default.ini" file.