Skip to content

Conversation

Tasteful
Copy link
Contributor

@Tasteful Tasteful commented Nov 4, 2014

UrlDecode username/password before converting them to base64-string, otherwise; the authentication will fail if you have special characters (example @) included in the password (@ is encoded as %40).

The encoded value will be included in the base64-characters string instead of the clear-text version (UrlDecoded).

Decode username/password before converting them to base64-string;
otherwise, the authentication will fail if you have example @ included
in the password (@ is encoded as %40)
@gmarz
Copy link
Contributor

gmarz commented Nov 4, 2014

@Tasteful excellent, excellent catch. Your timing is perfect as well since we just opened #1035 which introduces some improvements to the basic auth API. Unfortunately though, it doesn't make sense to merge this PR since the code has changed quite a bit in #1035.

I've incorporated your change in this commit: 20de56f

I'm confused though as to why you are un-escaping the username and password individually. Wouldn't just var userInfo = Uri.UnescapeDataString(uri.UserInfo) suffice?

@Tasteful
Copy link
Contributor Author

Tasteful commented Nov 4, 2014

I'm not sure if colon (:) can break the unescape of the string in some way/cases. If that is a 'safe' character everything can be unescaped in one place.

@gmarz
Copy link
Contributor

gmarz commented Nov 4, 2014

@Tasteful gotcha. In that case, I don't think : will break anything. We should be fine un-escaping the entire string together.

I'm going to close this in favor of #1035. Thanks again for this - we'll make sure to give you a shout in the release notes 👍.

@gmarz gmarz closed this Nov 4, 2014
@Tasteful Tasteful deleted the fix-urlencoded-username-password branch February 16, 2015 14:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants