Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Fix parsing of basic auth credentials if the password includes ':'. #331

Closed
wants to merge 2 commits into
from
Jump to file or symbol
Failed to load files and symbols.
+17 −3
Split
@@ -66,7 +66,14 @@ module.exports = function basicAuth(callback, realm) {
var parts = authorization.split(' ')
, scheme = parts[0]
- , credentials = new Buffer(parts[1], 'base64').toString().split(':');
+ , credentialsStr = new Buffer(parts[1], 'base64').toString()
+ , idx = credentialsStr.indexOf(':')
+ , credentials;
+ if (idx === -1) {
+ credentials = [credentialsStr];
+ } else {
+ credentials = [credentialsStr.slice(0, idx), credentialsStr.slice(idx+1)];
+ }
if ('Basic' != scheme) return badRequest(res);
View
@@ -11,7 +11,8 @@ var connect = require('connect')
var app = connect(
connect.basicAuth(function(user, pass){
- return 'tj' == user && 'tobi' == pass;
+ return (('tj' == user && 'tobi' == pass)
+ || ('trent' == user && 'my:cat' == pass));
}),
function(req, res){
res.end('wahoo');
@@ -72,6 +73,12 @@ module.exports = {
{ url: '/', headers: { Authorization: 'Basic dGo6dG9iaQ==' }},
{ body: 'wahoo', status: 200 });
},
+
+ 'test authorized with colon in password': function(){
+ assert.response(app,
+ { url: '/', headers: { Authorization: 'Basic dHJlbnQ6bXk6Y2F0' }},
+ { body: 'wahoo', status: 200 });
+ },
'test unauthorized': function(){
assert.response(app,
@@ -102,4 +109,4 @@ module.exports = {
{ url: '/', headers: { Authorization: 'Foo asdfasdf' }},
{ body: 'Bad Request', status: 400 });
},
-};
+};