Incorrect handling of password containing colon in HTTP Basic Authentication. #54
Comments
drewmccormack
added a commit
to MomentaBV/Kitura-CredentialsHTTP
that referenced
this issue
Oct 30, 2018
The existing code was taking the first component of the colon-separated array as the user name, and the second as the password. In fact, all components after the first must be treated as belonging to the password, and joined together with a colon separator. Fix for Kitura#54
|
Fixed in https://github.com/IBM-Swift/Kitura-CredentialsHTTP/releases/tag/2.1.1 - thanks @drewmccormack ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In HTTP Basic Auth, although a username may not contain a colon, a password may. At this point, Kitura authentication fails when supplying a password containing a colon.
The lines in question seem to be here:
https://github.com/IBM-Swift/Kitura-CredentialsHTTP/blob/660c43cf11da63561e45dd14d805c34041bd73fa/Sources/CredentialsHTTP/CredentialsHTTPBasic.swift#L110-L117
The password is set to be the second item in the components (after separating by colons), but actually, the password should be all items after the first, joined by colons. So...
user:pass:with:some:colons
User is item 0. Pass is 1...4 joined by : characters, namely pass:with:some:colons.
The text was updated successfully, but these errors were encountered: