gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libeufin] branch master updated: Fix HTTP basic auth parsing.

From: gnunet
Subject: [libeufin] branch master updated: Fix HTTP basic auth parsing.
Date: Sat, 18 Sep 2021 12:48:56 +0200 
This is an automated email from the git hooks/post-receive script.

ms pushed a commit to branch master
in repository libeufin.

The following commit(s) were added to refs/heads/master by this push:
     new 5df710e  Fix HTTP basic auth parsing.
5df710e is described below

commit 5df710ed9fe1c7352c59092ee16fc989c8a54c2f
Author: ms <ms@taler.net>
AuthorDate: Sat Sep 18 12:48:53 2021 +0200

    Fix HTTP basic auth parsing.
---
 .idea/misc.xml               | 2 +-
 util/src/main/kotlin/HTTP.kt | 8 ++++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/.idea/misc.xml b/.idea/misc.xml
index dd64e0b..3058817 100644
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -9,5 +9,5 @@
   <component name="FrameworkDetectionExcludesConfiguration">
     <file type="web" url="file://$PROJECT_DIR$" />
   </component>
-  <component name="ProjectRootManager" version="2" languageLevel="JDK_15" 
default="true" project-jdk-name="11" project-jdk-type="JavaSDK" />
+  <component name="ProjectRootManager" version="2" languageLevel="JDK_11" 
project-jdk-name="11" project-jdk-type="JavaSDK" />
 </project>
\ No newline at end of file
diff --git a/util/src/main/kotlin/HTTP.kt b/util/src/main/kotlin/HTTP.kt
index 491a6e9..c788342 100644
--- a/util/src/main/kotlin/HTTP.kt
+++ b/util/src/main/kotlin/HTTP.kt
@@ -31,11 +31,15 @@ fun extractUserAndPassword(authorizationHeader: String): 
Pair<String, String> {
     val (username, password) = try {
         val split = authorizationHeader.split(" ")
         val plainUserAndPass = String(base64ToBytes(split[1]), Charsets.UTF_8)
-        plainUserAndPass.split(":")
+        val ret = plainUserAndPass.split(":")
+        if (ret.size != 2) throw java.lang.Exception(
+            "HTTP Basic auth line does not contain username and (only) 
password"
+        )
+        ret
     } catch (e: Exception) {
         throw UtilError(
             HttpStatusCode.BadRequest,
-            "invalid Authorization:-header received",
+            "invalid Authorization:-header received: ${e.message}",
             LibeufinErrorCode.LIBEUFIN_EC_AUTHENTICATION_FAILED
         )
     }

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]