Merge pull request #2 from tflorac/master

Allow passwords containing colon(s)

CHANGES.txt

@@ -8,6 +8,9 @@ Changes
 - Refactored ``zope.pluggableauth.plugins.session.redirectWithComeFrom``
   into a reusable function.
 
+- Fixed: allow password containing colon(s) in HTTP basic authentication
+  credentials extraction plug-in, to conform with RFC2617
+
 
 2.0.0a1 (2013-02-21)
 --------------------

src/zope/pluggableauth/plugins/httpplugins.py

@@ -80,6 +80,14 @@ def extractCredentials(self, request):
           >>> print(plugin.extractCredentials(TestRequest('/')))
           None
 
+        According to RFC 2617, password can contain one or more colons;
+        user ID can't contain any colon.
+
+          >>> request = TextRequest(
+          ...     environ={'HTTP_AUTHORIZATION': u'Basic bWdyOm1ncnB3OndpdGg6Y29sb24='})
+          >>> pprint(plugin.extractCredentials(request))
+          {'login': u'mgr', 'password': u'mgrpw:with:colon'}
+
         """
         if not IHTTPRequest.providedBy(request):
             return None
@@ -90,7 +98,7 @@ def extractCredentials(self, request):
                 if isinstance(credentials, unicode):
                     # No encoding needed, should be base64 string anyways.
                     credentials = credentials.encode()
-                login, password = base64.b64decode(credentials).split(b':')
+                login, password = base64.b64decode(credentials).split(b':', 1)
                 return {'login': login.decode('utf-8'),
                         'password': password.decode('utf-8')}
         return None