You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In HTTP Basic Auth, although a username may not contain a colon, a password may. At this point, Kitura authentication fails when supplying a password containing a colon.
The password is set to be the second item in the components (after separating by colons), but actually, the password should be all items after the first, joined by colons. So...
user:pass:with:some:colons
User is item 0. Pass is 1...4 joined by : characters, namely pass:with:some:colons.
The text was updated successfully, but these errors were encountered:
drewmccormack
added a commit
to MomentaBV/Kitura-CredentialsHTTP
that referenced
this issue
Oct 30, 2018
The existing code was taking the first component of the colon-separated array as the user name,
and the second as the password. In fact, all components after the first must be treated as belonging
to the password, and joined together with a colon separator.
Fix for Kitura#54
In HTTP Basic Auth, although a username may not contain a colon, a password may. At this point, Kitura authentication fails when supplying a password containing a colon.
The lines in question seem to be here:
https://github.com/IBM-Swift/Kitura-CredentialsHTTP/blob/660c43cf11da63561e45dd14d805c34041bd73fa/Sources/CredentialsHTTP/CredentialsHTTPBasic.swift#L110-L117
The password is set to be the second item in the components (after separating by colons), but actually, the password should be all items after the first, joined by colons. So...
user:pass:with:some:colons
User is item 0. Pass is 1...4 joined by : characters, namely pass:with:some:colons.
The text was updated successfully, but these errors were encountered: