Allow colons in passwords for req.auth #1462

Merged
merged 1 commit into from Jan 9, 2013

Conversation

Projects
None yet
2 participants
@gmethvin
Contributor

gmethvin commented Jan 6, 2013

Passwords in basic auth can contain colons (as per RFC2617), while
usernames cannot, so assume everything after the colon is a password.
This makes req.auth return the correct value if the user uses a colon
in his password.

Allow colons in passwords for req.auth
Passwords in basic auth can contain colons (as per RFC2617), while
usernames cannot, so assume everything after the colon is a password.
This makes req.auth return the correct value if the user uses a colon
in his password.

tj added a commit that referenced this pull request Jan 9, 2013

Merge pull request #1462 from gmethvin/colon_auth
Allow colons in passwords for req.auth

@tj tj merged commit 480d006 into expressjs:master Jan 9, 2013

1 check passed

default The Travis build passed
Details
@@ -393,8 +393,9 @@ req.__defineGetter__('auth', function(){
auth = parts[1];
// credentials
- auth = new Buffer(auth, 'base64').toString().split(':');
- return { username: auth[0], password: auth[1] };

This comment has been minimized.

Show comment Hide comment
@tj

tj Jan 9, 2013

Member

might be more elegant to just do auth.shift() and auth.join(':') there

@tj

tj Jan 9, 2013

Member

might be more elegant to just do auth.shift() and auth.join(':') there

This comment has been minimized.

Show comment Hide comment
@tj

tj Jan 9, 2013

Member

meh whatever it's all good haha

@tj

tj Jan 9, 2013

Member

meh whatever it's all good haha

rlidwka pushed a commit to rlidwka/express that referenced this pull request Aug 6, 2014

Merge pull request #1462 from gmethvin/colon_auth
Allow colons in passwords for req.auth
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment