From ba5ffba4907c59dd08a3979c95d6b8f337a1939a Mon Sep 17 00:00:00 2001 From: ewilly Date: Thu, 12 Jan 2023 20:24:42 +0100 Subject: [PATCH] Fix auth_header If a colon is in the password, user and password are not well detected. For example if user="me" and password="pass:word" the function give user="me:pass" password="word" --- helpers.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helpers.lua b/helpers.lua index 23f0446..26d654b 100644 --- a/helpers.lua +++ b/helpers.lua @@ -276,7 +276,7 @@ function validate_or_clear_basic_auth_header_provided_by_client() -- Try to authenticate the user, -- or remove the Auth header if not valid - _, _, user, password = string.find(ngx.decode_base64(b64_cred), "^(.+):(.+)$") + _, _, user, password = string.find(ngx.decode_base64(b64_cred), "^([^:]+):(.+)$") user = authenticate(user, password) if user then logger.debug("User got authenticated through basic auth")