Basic Auth Header with '\n' #2882

Closed
threez opened this Issue Sep 6, 2011 · 0 comments

Projects

None yet

2 participants

@threez
threez commented Sep 6, 2011

In our project we use the encode credentials method to encode basic auth credentials, that we than send using HTTP. While testing we found out, that the following method:

ActionController::HttpAuthentication::Basic.encode_credentials

Will produce an \n inside of the encoded string because of the length and the used encoding method.

def encode_credentials(user_name, password)
  "Basic #{ActiveSupport::Base64.encode64("#{user_name}:#{password}")}"
end

The method #encode64s should be used instead.

We tested and explored the bug with the password string: "t͡ʃdÍ¡Ê’t͡ʃdÍ¡Ê’t͡ʃdÍ¡Ê"

@tenderlove tenderlove closed this in 9959233 Sep 7, 2011
@arunagw arunagw pushed a commit to arunagw/rails that referenced this issue Sep 7, 2011
@tenderlove tenderlove Eliminate newlines in basic auth. fixes #2882 f6ced69
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment