Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

improve basic auth credential parsing (to handle no password). add te…

…st case for colon in password
  • Loading branch information...
commit 9c8a852521de31c761c9afb5a1e4d6134fc8f9da 1 parent 1879717
@trentm authored
Showing with 15 additions and 4 deletions.
  1. +6 −2 lib/middleware/basicAuth.js
  2. +9 −2 test/basicAuth.test.js
View
8 lib/middleware/basicAuth.js
@@ -68,8 +68,12 @@ module.exports = function basicAuth(callback, realm) {
, scheme = parts[0]
, credentialsStr = new Buffer(parts[1], 'base64').toString()
, idx = credentialsStr.indexOf(':')
- , credentials = [credentialsStr.slice(0, idx), credentialsStr.slice(idx+1)];
- if (-1 === idx) throw new Error('invalid Authorization header');
+ , credentials;
+ if (idx === -1) {
+ credentials = [credentialsStr];
+ } else {
+ credentials = [credentialsStr.slice(0, idx), credentialsStr.slice(idx+1)];
+ }
if ('Basic' != scheme) return badRequest(res);
View
11 test/basicAuth.test.js
@@ -11,7 +11,8 @@ var connect = require('connect')
var app = connect(
connect.basicAuth(function(user, pass){
- return 'tj' == user && 'tobi' == pass;
+ return (('tj' == user && 'tobi' == pass)
+ || ('trent' == user && 'my:cat' == pass));
}),
function(req, res){
res.end('wahoo');
@@ -72,6 +73,12 @@ module.exports = {
{ url: '/', headers: { Authorization: 'Basic dGo6dG9iaQ==' }},
{ body: 'wahoo', status: 200 });
},
+
+ 'test authorized with colon in password': function(){
+ assert.response(app,
+ { url: '/', headers: { Authorization: 'Basic dHJlbnQ6bXk6Y2F0' }},
+ { body: 'wahoo', status: 200 });
+ },
'test unauthorized': function(){
assert.response(app,
@@ -102,4 +109,4 @@ module.exports = {
{ url: '/', headers: { Authorization: 'Foo asdfasdf' }},
{ body: 'Bad Request', status: 400 });
},
-};
+};
Please sign in to comment.
Something went wrong with that request. Please try again.