Template
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo synced 2024-11-22 09:54:24 +01:00

Fix panic in BasicAuthDecode (#14046)

* Fix panic in BasicAuthDecode

If the string does not contain ":" that function would run into an
`index out of range [1] with length 1` error. prevent that.

* Update BasicAuthDecode()

Co-authored-by: 6543 <6543@obermui.de>
This commit is contained in:
silverwind 2020-12-18 02:51:28 +01:00 committed by GitHub
parent e9cc613c24
commit 27edc1aa19
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 0 deletions

View file

@ -10,6 +10,7 @@ import (
"crypto/sha256"
"encoding/base64"
"encoding/hex"
"errors"
"fmt"
"net/http"
"os"
@ -63,6 +64,11 @@ func BasicAuthDecode(encoded string) (string, string, error) {
}
auth := strings.SplitN(string(s), ":", 2)
if len(auth) != 2 {
return "", "", errors.New("invalid basic authentication")
}
return auth[0], auth[1], nil
}

View file

@ -43,6 +43,12 @@ func TestBasicAuthDecode(t *testing.T) {
assert.NoError(t, err)
assert.Equal(t, "foo", user)
assert.Equal(t, "bar", pass)
_, _, err = BasicAuthDecode("aW52YWxpZA==")
assert.Error(t, err)
_, _, err = BasicAuthDecode("invalid")
assert.Error(t, err)
}
func TestBasicAuthEncode(t *testing.T) {