Permalink
Browse files

improve basic auth credential parsing (to handle no password). add te…

…st case for colon in password
  • Loading branch information...
1 parent 1879717 commit 9c8a852521de31c761c9afb5a1e4d6134fc8f9da @trentm committed Jul 27, 2011
Showing with 15 additions and 4 deletions.
  1. +6 −2 lib/middleware/basicAuth.js
  2. +9 −2 test/basicAuth.test.js
@@ -68,8 +68,12 @@ module.exports = function basicAuth(callback, realm) {
, scheme = parts[0]
, credentialsStr = new Buffer(parts[1], 'base64').toString()
, idx = credentialsStr.indexOf(':')
- , credentials = [credentialsStr.slice(0, idx), credentialsStr.slice(idx+1)];
- if (-1 === idx) throw new Error('invalid Authorization header');
+ , credentials;
+ if (idx === -1) {
+ credentials = [credentialsStr];
+ } else {
+ credentials = [credentialsStr.slice(0, idx), credentialsStr.slice(idx+1)];
+ }
if ('Basic' != scheme) return badRequest(res);
View
@@ -11,7 +11,8 @@ var connect = require('connect')
var app = connect(
connect.basicAuth(function(user, pass){
- return 'tj' == user && 'tobi' == pass;
+ return (('tj' == user && 'tobi' == pass)
+ || ('trent' == user && 'my:cat' == pass));
}),
function(req, res){
res.end('wahoo');
@@ -72,6 +73,12 @@ module.exports = {
{ url: '/', headers: { Authorization: 'Basic dGo6dG9iaQ==' }},
{ body: 'wahoo', status: 200 });
},
+
+ 'test authorized with colon in password': function(){
+ assert.response(app,
+ { url: '/', headers: { Authorization: 'Basic dHJlbnQ6bXk6Y2F0' }},
+ { body: 'wahoo', status: 200 });
+ },
'test unauthorized': function(){
assert.response(app,
@@ -102,4 +109,4 @@ module.exports = {
{ url: '/', headers: { Authorization: 'Foo asdfasdf' }},
{ body: 'Bad Request', status: 400 });
},
-};
+};

0 comments on commit 9c8a852

Please sign in to comment.